Federal Deposit
Insurance Corporation

October 31, 2003

RE: Comments on the Advance Notice of Proposed Rulemaking Related to the
       Implementation of the New Basel Accord, August 2003

Ladies and Gentlemen:

Northern Trust Corporation appreciates the opportunity to comment on the Advance Notice of Proposed Rulemaking (“ANPR”), and the companion documents, Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital (“AMA Guidance”) and Draft Supervisory Guidance on Internal Ratings-Based Systems for Corporate Credit (“Corporate IRB Guidance”), all published in August 2003.

Northern Trust Corporation (“Northern Trust”) is a multi-bank holding company with its headquarters in Chicago, Illinois. The corporation has a growing network of offices in 14 U.S. states, international offices in six countries, and over 8,000 employees worldwide. Northern Trust had assets totaling $40 billion and trust assets under administration totaling $1.9 trillion as of September 30, 2003. Northern Trust conducts its global activities through The Northern Trust Company, an Illinois-chartered bank, four national banks, a federal thrift institution, an Edge Act subsidiary, and a number of non-bank subsidiaries. Under the proposed U.S. regulatory approach to the implementation of the new Basel Capital Accord (“Basel II”), as reflected in the ANPR, Northern Trust would not under current circumstances be required to adopt Basel II. Northern Trust is nonetheless preparing to meet the requirements for calculating its regulatory capital under the Advanced Internal Ratings Based Approach (“A-IRB”) and the Advanced Measurement Approach (“AMA”).

Northern Trust supports the development and implementation of Basel II, the principles and components of the framework of the Accord, and the efforts of U.S. regulators to adapt the Accord for application within this country. Northern Trust also appreciates the enormous effort required to develop the ANPR documents. Providing the ANPR to the banking industry so early allows for an active dialogue between the U.S. regulators and the financial institutions they oversee that can help to produce an optimal plan for Basel II implementation. This letter describes a number of areas where we believe it is essential to make changes to either the Accord or the plan for its implementation in the United States. The fact that we have embraced the invitation to make constructive criticisms, however, should not mask our support for and appreciation of the process.

We have divided our comments into three sections. In the first section, we address general issues that apply to many areas or levels of the ANPR. In subsequent sections, we address issues specific to Credit Risk and the Corporate IRB Guidance, and then to Operational Risk and the AMA Guidance. In addition, we have included at the end of this letter a Technical Appendix to deal with specific language of the ANPR or Guidance documents. The Technical Appendix addresses matters that we view as less than critical, but still worthy of comment. Many requirements of the ANPR are based on aspects of the Third Consultative Document (CP3) with which we had concerns or disagreements, and on which provided comments to the Basel Committee on Banking Supervision. Where appropriate, we have repeated those comments in this letter as well.

Within the ANPR, the regulators requested comments on specific aspects of the framework and rules. We have elected not to respond to many of those requests, but rather to focus on issues of particular importance to our organization. We note that The Risk Management Association (RMA) has developed a formal response to the requested comments, and we are in broad agreement with the RMA.

Northern Trust offers its comments with the understanding that the Accord itself is still subject to revision, and we reserve the right to comment further on the Accord and the rules as they develop.

A. General Issues

Northern Trust supports the primary goals of the new regulatory framework, as stated in the Executive Summary of ANPR: “… to develop a new regulatory framework that recognizes new developments in financial products, incorporates advances in risk measurement and management practices, and more precisely assesses capital charges in relation to risk.” These goals are simple and general, but they provide standards by which to judge whether the Accord and the ANPR are serving their purpose.

Northern Trust recognizes that implementing a framework of this type must be done with rules that are well defined, rigorous, and enforceable. In the ANPR, the Agencies have sought to achieve these qualities by establishing standards that banks must meet in order to qualify to use Advanced Approaches in determining regulatory capital. Although Northern Trust accepts the need for a well-defined regulatory framework, the level of detail embodied in the standards alarms us. We are concerned that, rather than supporting the goals of the Accord, the standards micromanage the risk management programs at U.S. banks, with the unintended consequence of stifling further development. This overriding concern forms the backdrop for many of our general comments.

1. Consistency with SR 99-18

Large Complex Banking Organizations are subject to the requirements outlined in the Federal Reserve’s SR 99-18. Specifically, banks must develop enterprise-wide risk management programs, and calculate economic capital for all material forms of risk across the corporation. Northern Trust has noted an increased emphasis on SR 99-18 over the past two years.

It is reasonable to conclude that most of the Advanced Approach Banks (both mandatory and opt-in) are also subject to SR 99-18 requirements. There are potential conflicts between SR 99-18 and Basel II that need to be addressed in implementing Basel II.

Northern Trust is particularly concerned by the ANPR’s use requirements. The ANPR documents require banks to use the ANPR parameters, calculated risk measures and regulatory capital measures internally, for management of the institution. In contrast, SR 99-18 requires banks to develop economic capital based on the true risks of the institution. The two sets of requirements are not wholly compatible, in part because the ANPR – especially in the area of credit risk – imposes a regimented, rules-based approach that does not strictly follow risk management best practices, and does not allow much flexibility to account for unique business mixes and business cultures. In contrast, SR 99-18 imposes general requirements and allows banks to find the mix of risk management practices that are appropriate for their organization.

It is possible to calculate economic capital under SR 99-18, and separately calculate a different regulatory minimum capital under Basel II. It is not possible to use both capital measures in the fundamental management of the institution. Northern Trust recommends that the rules explicitly recognize that SR 99-18 compliance supports the intent of the Accord in this area and is an effective approach to managing risk.

2. “Conservatism” in Details of Quantification

The language of the ANPR and the guidance require banks to develop risk measurement frameworks that produce regulatory capital numbers that are conservative. Northern Trust agrees with this goal, and has in fact managed its capital position for many years at a conservative level relative to its risks. However, we are concerned that the ANPR requirements for conservatism wrongly filter down into the details of the quantification process.

   Conservatism in quantification can be attained in many ways:

• by conservatively estimating parameters;

• by building conservative assumptions and methods into capital models;

• by choosing a conservative confidence level for capital; or

• by adding on conservative capital buffers.

Although each method by itself might make sense, being conservative in all aspects of the process – as the ANPR seems to suggest – compounds the effects and produces a capital estimate that greatly overstates the true risk.

In addition, the determination of where to apply conservatism should be based on the specific circumstances of the bank. Different issues require different solutions, and the ANPR does not make clear distinctions between issues such as data adequacy, materiality, degree of model risk, and external factors. One cannot make blanket assumptions that all of these areas require conservatism at all banks.

By forcing conservatism at the parameter level, regulators also risk corrupting banks’ internal risk measurement and economic capital estimation processes. If parameters overstate true risk, they might put advanced banks at a competitive disadvantage to general banks and non-banks that use more accurate parameters in their pricing decisions. If internal models are too conservative, advanced banks might make inappropriate strategic business decisions, such as choosing to exit profitable business lines or pricing out profitable customers. And more generally, if it is known throughout a bank that the risk parameters and models are overly conservative, the risk quantification effort might lose credibility within the bank. Under such circumstances, internal users of risk measures for management purposes might arbitrarily – and most likely inaccurately – adjust risk estimates downward to counter the perceived conservative bias.

Northern Trust recommends that, rather than requiring conservatism at all steps of the quantification process, the regulators should require best estimates of parameters, model assumptions and techniques. A general standard relating to an overall conservative approach to estimating risk and calculating capital would be simple, and could include a requirement of compensating for data weaknesses or model risk through Senior Management adjustment of calculated capital values. Such an approach calls for management familiarity with the quantification process, but this is already required by other standards.

3. U.S. Prompt Corrective Action Regime

The Agencies have proposed to implement the Basel II Accord while leaving unchanged the regulatory approach to the prompt corrective action (PCA) framework of the Federal Deposit Insurance Corporation Improvement Act. Northern Trust believes these two frameworks can co-exist, but only with modifications.

The PCA framework defines the capital categories of “well capitalized, ” “adequately capitalized, ” etc. based on the lowest level for a particular institution of three capital measures: a leverage limit and two risk-based capital ratios. In contrast, the Basel Accord and the ANPR establish formulae for calculating risk-weighted assets meant to provide reasonable assurance that capital will cover aggregate losses for credit, market and operational risks. In addition, the Accord and ANPR impose requirements for risk management practices that reflect industry best practices, and require banks to be conservative in their capital estimation approach. Given the high quantitative and qualitative standards of the Accord and ANPR, Northern Trust recommends that the Agencies modify the PCA framework by including a new definition of “well capitalized” for banks meeting the qualifying standards for Basel II Advanced Approaches, so that any such bank holding 8% Total Capital and 4% Tier 1 capital against risk-weighted assets would be deemed “well capitalized.”

We also believe that the leverage ratio should be dropped, or its application modified, for Advanced Approach banks. The leverage ratio is not risk-sensitive, and it imposes an arbitrary floor to minimum regulatory capital requirements. Such an approach provides a disincentive for low-risk banks to adopt the Accord, and it suggests that the Agencies do not have faith in the Accord’s ability to deliver general minimum capital requirements in line with the risk profiles of banks. The control of overall risk management processes, achieved through qualifying requirements and standards for capital determination, makes the leverage ratio redundant.

There is a competitive impact to the leverage ratio as well. Banks not subject to the leverage ratio will have far greater flexibility in managing their return on equity on the low-risk end of the balance sheet. Domestically, banks with extremely low-risk balance sheets will suffer from the leverage ratio relative to domestic high-risk banks and low-risk banks in countries without a leverage ratio. For example, banks constrained by the leverage ratio, but not by Risk Weighted Asset based ratios, have a strong economic incentive to shed low-risk assets and to increase holdings of higher risk assets that offer higher current income, without a marginal increase in capital requirements. Thus, by keeping the leverage ratio the regulators might inadvertently create a new form of regulatory arbitrage, as banks play the leverage ratio against the Tier 1 and Tier 2 Capital ratios.

The FDIC Improvement Act allows the Agencies to eliminate the leverage ratio from the prompt corrective action framework. Northern Trust believes it would be appropriate to do so for Basel II Advanced Approach banks. Alternatively, the leverage ratio could be reframed for Basel II Advanced Approach banks so that it would become a third test for identifying banks with capital below the “adequately capitalized” level.

4. Disclosure Requirements

As we did in our CP3 comment letter, Northern Trust strongly supports the notion that disclosure of risk to the public is an essential component of good risk management, and that disclosure under Pillar 3 is critical for the success of Basel II. However, we find the common framework to be overly complex and convoluted, likely to result in a blizzard of information that few investors will read or understand.

Northern Trust believes that any disclosure should be designed with consideration for the following concepts and principles. First, the message and the medium depend on the audience. Second, the hallmarks of effective communication are clarity, simplicity and brevity. Third, risk reports should be complete and free of material omission regarding risk.

Northern Trust believes that the industry, guided by principles of the sort outlined above, can and will disclose all important risk profiles and sensitivities clearly and fully, driven by the increasing demands of the marketplace and subject to approval by examiners. Northern Trust recommends that the Agencies replace the onerous and prescriptive disclosure details with basic and more general guidance based on the principles outlined above.

5. Stress Tests, Scenario Analysis, Buffers

In our CP3 comment letter, we argued that the language of the Accord with regard to the use of stress tests, scenario analyses, and capital buffers was inconsistent and ran counter to well-accepted risk management concepts and practices. We further argued that although we saw stress testing and scenario analysis as valuable tools for risk management, we did not feel they should be required components of minimum regulatory capital calculation requirements.

Northern Trust welcomes the more flexible language of the ANPR in the area of stress testing and scenario analysis (ANPR, p. 71). The requirement that banks must “have in place sound stress testing processes for use in the assessment of capital adequacy” for A-IRB models is flexible enough that banks can focus on the factors that impact them most. But at the same time, this requirement is clear in its purpose, restricted by the requirement that the method must be “meaningful and reasonably conservative.” The details of such a requirement will be specific to each institution, and therefore should allow a high degree of flexibility.

Northern Trust strongly supports this approach to including stress testing in the U.S. implementation of the Accord. We further encourage regulators not to develop further rules around this requirement, but rather to work individually with banks to ensure stress tests address institution-specific risks.

B. Credit Risk Issues

1. Prescriptiveness

Northern Trust finds the level of prescriptiveness in the A-IRB Guidance excessive. In our CP3 comment letter, we noted that the Accord was too prescriptive. The A-IRB Guidance has matched the detailed requirements of CP3, and in some areas has imposed an additional level of specific requirements on banks. Although these requirements might have been intended to clarify aspects of the Accord, they have done so by specifying additional rules rather than by revealing underlying principles.

   Northern Trust opposes this prescriptive approach for several reasons:

• Compliance with every detailed standard is not necessarily appropriate at an individual bank. The standards do not adequately consider issues of materiality, redundancy of controls, costs vs. benefits, or the specific business mix and culture of a particular bank. While a particular requirement might make sense for some banks, it might not make sense for others. For many banks, meeting all the standards would be redundant and costly, with little benefit in terms of improved risk management.

• Many of the rules assume a world in line with theoretical assumptions. In practice, the application of such rules will be fraught with problems such as a lack of data, inconsistent results, or divergence between market practices and regulatory requirements based exclusively on theory.

• Most disturbingly, the rules based approach stifles innovation. When banks know divergence from the rules has a high price (e.g., regulatory penalties), they will be disinclined to explore new approaches. This would largely confine risk management practices to the currently accepted approaches, a good result only if one assumes that any other approaches are and always will be of little benefit.

The A-IRB Guidance is notable in its contrast to the AMA Guidance, which is far less rules-based and prescriptive. The AMA Guidance contains 33 standards that, for the most part, are based on sound risk management principles, and can be implemented in a manner best suited to the character of each institution. In contrast, the 71 A-IRB standards are detailed and highly prescriptive. Northern Trust strongly supports the regulatory approach to operational risk, and encourages regulators to revise the A-IRB Guidance with a similar thought process.

Northern Trust recommends that the A-IRB standards focus on sound principles and key elements, and establish rules and requirements phrased in terms of general goals rather than detailed specification of process and methodology. The standards should recognize that alternative approaches that meet the intent of the standards are acceptable, perhaps subject to approval of regulators. And finally, the standards should consider issues of materiality and compensating practices or controls, and focus on whether the overall risk framework is appropriate for the level of risk.

2. Loss Given Default (A-IRB Guidance, pp. 18-19)

The A-IRB Guidance notes the nascent stage of development of LGD modeling, the scarcity of data, and the expectation that methods will evolve over time. Yet regulators expect banks to have empirical support for their LGD rating systems, calibrate LGDs to stress conditions, and have sufficient granularity in their grading scale. The regulatory expectations are inconsistent with the observations on the state of LGD knowledge and research.

Northern Trust recommends that the regulators impose standards more in line with the reality of available data and research. This would mean that banks would be allowed to use methodologies that are intuitive and logical, but might not be verifiable or even supported by existing research or empirical data. By allowing banks to use basic, intuitive approaches that can be modified and verified over time (which could mean many years), the regulators will foster development of better methodologies for estimating and rating LGDs of obligations. In turn, standards can be strengthened over time, commensurate with the evolution of methodologies.

Northern Trust notes further that calibration of LGD grades and the requirement that the grading system “avoid grouping facilities with widely varying LGDs together” will be problematic for the industry. In particular, loss rates on uncollateralized facilities routinely range from 0% to over 100%, and are often bi-modal or multi-modal. Even collateralized facilities exhibit widely varying and non-normal realized loss data. Yet such data can still provide valid estimates of average severity values (LGDs) that can be used to generate reliable distributions of aggregate credit losses.

Northern Trust recommends that regulators focus on the logic behind the LGD distinctions and the resulting average LGDs, rather than expecting empirical data to show well behaved realized loss rates.

3. Collateral Effects in PD Estimation and Ratings (A-IRB Guidance, p. 15)

The ANPR requires banks to assign the same obligor rating to all exposures to the same borrower. Throughout the A-IRB Guidance, the rules support a theoretical framework that separates default factors from loss-given-default (LGD) factors. Towards this goal, the Basel Accord and ANPR have codified standards that ensure a strict exclusion of collateral considerations in determining probability of default (PD).

In reality there is overlap in the two effects. This is seen quite clearly in commercial lending, where borrowing companies may establish and capitalize special purpose entities (SPEs) to obtain favorable funding terms from banks and other lenders. Such SPEs are legally distinct from the parent corporation, and exhibit credit independence to the point that they are often regarded as better credits than their parents. The credit enhancements are generally in the form of over-collateralization and higher levels of capitalization that ensure the ability to perform on debt obligations.

A similar form of credit independence can exist for bank borrowers, but the ANPR does not recognize it. Particularly in Private Banking, borrowers might support loans by over-collateralization with cash or highly liquid securities. In some cases, loans might be fully defeased with such protections, meaning there is no chance of default for the loan. In essence, such loans are akin to the SPEs seen in the corporate lending sector. However, the Accord and ANPR do not recognize the effective elimination of default risk for such facilities.

While this distinction will have little impact on calculated expected loss or capital amounts, it is important for the estimation of PD from internal data. Northern Trust’s experience with these types of facilities indicates that they are virtually default free. Should the counterparty have financial distress, the facility is liquidated with no loss, often at the request of the counterparty. In our experience we have never seen a loss on this class of facilities.

By preventing such facilities from having an obligor rating that differs from the borrower’s rating on unsecured facilities, the ANPR may introduce inconsistency in the default experience of banks with protected facility structures. Specifically, default rates for lower rated obligors will see an undeserved improvement (i.e., lower default rates) due to the lack of default in these over-collateralized facilities. Admittedly for many banks this effect will be negligible, but Northern Trust has enough of these facilities that it will impact our results. We feel we are caught between conflicting requirements, on the one hand that “collateral and other facility characteristics should not influence the obligor rating”, and on the other hand that the “obligor-rating system must result in a ranking of obligors by likelihood of default.” If we ignore collateral in setting PDs and obligor ratings, then perceived risks are not captured accurately in our modeling, and our default experience might distort the pattern of default rates across grades. If we wanted to measure probability of default accurately and ensure a reasonable ranking of facilities, we would have to include collateral and would thus depart from the approach required in the ANPR guidance.

Northern Trust recommends that regulators allow banks to consider the collateral impacts in assigning borrower grades for these specific facility structures, and allow banks to assign to the same borrower a grade different from its other facilities. While on the surface this approach might seem to blur the distinction between PD and LGD effects, in fact it clarifies that distinction by noting that only in specific circumstances – over-collateralized or defeased loans – does collateral play a role in probability of default.

4. Validation Requirements (A-IRB Guidance, pp. 20-25)

A-IRB standards require validation of parameters and overall risk estimates. Although Northern Trust agrees with the general need to review, backtest, and validate quantification approaches, we are concerned that the A-IRB Guidance has imposed unachievable requirements on banks.

Any robust validation effort will require years, possibly decades, worth of data. In credit risk (and also in operational risk), the parameters and modeled loss values are based on long run expectations, and actual values in any particular period can be expected to vary significantly from these long-term averages. Further, banks are likely to modify their systems over time, as more and better data becomes available. The changes in methodologies will result in a “horizon effect,” where validation is always a future goal that moves away as banks enhance their approaches. To require true validation would force banks to freeze development of risk measurement and management frameworks until enough data can be gathered to support the validation efforts. Since the Accord seeks ongoing improvement of risk management approaches, validation should always be an ideal rather than a rigid requirement.

Three specific standards are of particular concern (A-IRB Guidance, p. 24). These standards require banks to:

• backtest actual results versus expectations,

• establish internal tolerance limits on deviation of results vs. expectations, and

• have policies that specify remedial actions to be taken if tolerance limits are exceeded.

To revise an estimation approach because of a single period or short-term deviation from expectations risks over-reacting to normal statistical variation. Given the random nature of single-period actual values, a reasonable policy for dealing with such deviations would have to be highly flexible. Validation expectations should be realistic, and therefore should not include anything remotely close to a true statistical measure of validity.

The most sensible course of action for dealing with deviations is to review the quantitative processes to ensure their integrity, and modify the approach if there are weaknesses. Since such actions are already required under other standards, Northern Trust recommends that regulators eliminate more detailed validation requirements.

5. Definition of Default (A-IRB Guidance, p.14)

Northern Trust generally agrees with the ANPR definition of default. However, in two areas we believe the definition should be modified.

First, there should be exceptions to the 90-day-past-due criterion for facilities that are well collateralized, and are past due for purely technical, administrative reasons. Many banks have a category of loans described as “90 days past due, still accruing.” This category of loans is not considered at high risk for loss, and the banks expect full repayment of all principal and accrued interest. A significant number of those facilities are matured loans pending renewal, but their renewal has simply been delayed by administrative factors (such as a delay in the documentation of a renewal) and does not in any way reflect an inability of the borrower to repay the loan. Northern Trust requests that the regulators recognize such circumstances as exceptions to this criterion for default. The loans included in this category could be subject to examiner approval, with the requirement that banks show that such loans are not impaired or at risk of default due to their technical “past-due” status.

Second, we question the requirement that banks include sales of credit obligations at a material, credit-related economic loss as defaults. Such a requirement mixes the credit-risk concepts of migration risk and default risk, and provides a disincentive for proactive management of credit portfolios. For example, if a borrower declines from an AA rating to a BBB rating, the bank might sell the credit obligations, but risk of default is still quite remote. Alternately, banks might sell an obligation that might have declined in credit quality, but the sale is due to non-credit factors, such as industry-concentration issues. To force banks to track such obligors as defaults imposes a cost to such actions, and turns prudent portfolio management actions into indications of credit weakness. Northern Trust recommends the regulators modify the language to exclude from the default definition sales of obligations that do not meet any other default criteria.

6. Treatment of Expected Loss for Credit Risk (ANPR, pp. 23-24)

The ANPR proposes to include expected loss (EL) in the calibration of the risk weight functions. Since the publication of the ANPR, the Basel Committee has concluded that “the measurement of risk-weighted assets … would be based solely on the unexpected loss portion of the IRB calculations” (Basel Committee press release, October 11, 2003). Given the expectation that the Accord will change significantly on this issue, we do not comment on this very important point.

The Basel Committee has requested comments on the proposed approach by December 31, 2003. We plan to offer comments to the Committee, and will forward our comments to the U.S. regulatory agencies at the same time.

C. Operational Risk Issues

1. Pillar 1 Treatment

As noted in our CP3 comment letter, Northern Trust supports the Pillar 1 treatment of minimum regulatory capital requirements for operational risk. We base our view on the flexible nature of the AMA approach and on our perception that U.S. regulators will allow banks to develop methods appropriate to their institutions. Northern Trust encourages the regulators to maintain a focus on principles rather than rules, and allow the industry to develop the best approach for operational risk modeling.

2. Insurance: Qualifying Requirements and Capital Mitigation Limit

As noted in our CP3 comment letter, we find certain aspects of the treatment of insurance and risk mitigants for operational risk to be too restrictive, and not consistent with market practices. In particular, Northern Trust is concerned with both the qualifying requirements for inclusion of insurance coverage, and the limits on the adjustment to capital requirements for such coverage.

The ANPR prescribes haircuts for insurance coverage less than one year. Although multi-year coverage was available in the past, events of the past few years have led to the disappearance of such long-term coverage. Thus, most banks would be applying haircuts to all of their insurance coverage. In addition, Northern Trust views its approach to insurance coverage as an ongoing, continuous process. We maintain frequent communication with our insurers regarding our coverage needs and the terms offered by the insurance market for various mixes of coverage, deductibles, limits and terms. The goal is to manage the ongoing insurance needs of the organization, rather than to manage each particular piece of coverage. Thus, the specific residual maturity of each piece of insurance coverage has little correlation with the permanence of the coverage. Rather, it is the ongoing relationship that determines the strength of the risk mitigation effect.

The ANPR contains other qualifying requirements for insurance coverage, to ensure that the coverage is sufficiently capital-like. Northern Trust feels that these requirements exclude specific elements of coverage that are part of an integrated approach to risk mitigation. Whether a particular piece of insurance coverage or risk mitigation meets the specific, listed requirements should be evaluated within the context of other coverage options, overlaps in coverage, and the planning and relationship management of the insurance program.

Northern Trust recommends that the regulators replace the specific qualifying requirements with more general requirements related to the overall quality of the insurance programs. The specific requirements could be factored into the determination of the quality of the programs, but in the context of the overall program rather than on an item-by-item basis.

With regard to adjustment of the operational risk exposure, Northern Trust feels the 20% limit is unduly constricting in several respects. First, if the goal of a cap is to avoid abuse, it strikes Northern Trust as redundant. Process audits and supervisor discretion, provided for elsewhere in Basel II, can flag any bank’s excessive or incorrect application of insurance mitigation in its risk and capital formulas. Second, even if it is assumed that a limit should exist, Northern Trust’s experience over a long period of time has been that in several areas of operational risk its effective insurance coverage can be significantly above 20%. In an industry of this complexity, and with banks managing the seven different operational risk “loss event types” in so many varied ways, one size simply cannot fit all. Finally, a cap would clearly create a disincentive for banks to purchase insurance, since maintaining both insurance and operational risk capital would amount to double-coverage of the risk – at unnecessary expense.

Northern Trust understands the goal of a cap is to allow a buffer for the uncertainty of loss coverage under insurance practices and rules. If a cap is needed, we recommend that the cap be raised to 75%.

3. Treatment of Expected Loss for Operational Risk (AMA Guidance, pp. 88-89)

Northern Trust appreciates the ANPR’s recognition that the U.S. GAAP treatment of reserves for operational losses is based on an incurred-loss model, and that such an approach does not allow for forward looking reserving based on long term average losses. The flexibility provided by ANPR – to allow budgeting of losses as a sufficient rationale to exclude expected losses from operational risk capital – clarifies the language of CP3 that a bank must “demonstrate … that it has measured and accounted for its EL exposure” to allow exclusion from the capital calculation.

The ANPR requires that banks “demonstrate that budgeted funds are sufficiently capital-like and remain available to cover EL over the next year.” (AMA Guidance, p. 91) In Northern Trust’s experience, net income has always provided a wide margin to cover operational losses, both on a consolidated basis and within major business lines. Such a stable record of earnings in excess of operational losses gives what may be the best assurance the earnings will be available to cover budgeted losses, and we believe that rules implementing Basel II should specifically acknowledge this method of demonstrating that budgeted loss figures meet the standard for EL coverage.

Conclusion

We have not addressed in this letter some other issues, including how capital should be allocated among bank holding company subsidiaries and what roles the "home" and "host" country regulators should play in the review of capital for members of consolidated groups that cross national boundaries. We recognize that these issues are better and more completely addressed through discussions involving the various national supervisors than they are in a comment process with respect to one country's implementing regulations. We note, however, that the proper resolution of these issues is very important to institutions like Northern Trust that conduct significant international business and to the success of Basel II. We urge that their resolution be given – as we believe it is being given – a high priority.

Northern Trust Corporation appreciates the opportunity to comment on its major concerns with the Advance Notice of Proposed Rulemaking in this letter. We trust that these comments will be useful as the U.S. Regulators develop an implementation approach that is practical for financial institutions while achieving our common risk management goals. Northern Trust appreciates the patience and diligence of the national supervisors in their efforts to consider and address the many important issues raised by all interested parties in this complex project.

Respectfully Submitted,

Peter L. Rossiter
Executive Vice President
Corporate Risk Management

In addition to the major points outlined in the main body of our letter, Northern Trust has concerns about issues that have less of an impact for our organization.

General Issues

1. Materiality Standards

The ANPR prescribes “materiality standards” on p. 18. Northern Trust supports the use of a materiality standard for determining whether a bank must apply advanced approaches to risk exposures. Further, we accept the use of the Basel I rules for immaterial exposures, where banks choose not to apply advanced approaches.

Determining whether particular exposures are material is quite complex, however. Northern Trust recommends that regulators, instead of establishing specific rules, work with banks individually to determine which exposures are immaterial.

Credit Risk

1. Trust Overdrafts

Northern Trust has expressed its concerns in the past that the custody business may be unnecessarily burdened by the A-IRB rules concerning credit extensions. Certain settlement arrangements create short-term credit extensions related to trust custody accounts. These “trust overdrafts” occur when a custodian accepts delivery of securities into a trust account and covers the funds required to settle the delivery of the securities until the trust account is made whole by the arrival of funds. In general, the trust purchases securities in anticipation of a receipt of funds from the pending settlement of an earlier sale of securities, a scheduled interest or dividend payment, or a scheduled infusion of funds from the plan sponsor.

These extensions of credit differ from most other forms of bank lending in several respects:

• Unlike loans or revolving lines of credit, trust overdrafts are not pre-arranged extensions of credit, but rather a feature of the settlement process.

• They are very short-term in nature, often lasting a single day.

• Trust accounts by law cannot be levered, and the custodian is generally in possession of all of the funds’ assets (which are generally a multiple of the settlement amount).

In Northern Trust’s experience, trust overdrafts have never generated a default, let alone a credit loss. Any incidental extensions of credit resulting from the process appear less like loans and more like components of the custody service. Thus they could be viewed as bearing operational risk rather than credit risk.

Each major custodian has its own processes for monitoring and controlling trust overdrafts from a prudential perspective. Northern Trust believes that many aspects of the A-IRB requirements for wholesale exposures are inappropriate. In particular, we recommend an exemption from the requirement that each counterparty receive a borrower grade and that each separate facility receive a facility grade (Page 7, “Ratings Assessment”). Trust overdrafts behave as a coherent and consistent pool of homogeneous loans, even more so than a retail pool. Banks should be free to apply pre-determined PD and LGD grades to all trust overdrafts, reflecting the general nature of such transactions.

2. Retail Exposure Limit And Private Banking Mortgages

The ANPR (p. 38) proposes that retail exposures should not exceed $1 million in aggregate exposure to any individual counterparty. Although that is a generous limit for most retail lending areas, we oppose this limit for the line of business commonly referred to as private banking or wealth management. Wealth Management clients are very high net worth individuals, and credit exposures to such individuals for otherwise standard retail products such as mortgages can be in excess of $1 million. Northern Trust views such exposures as retail in nature, and all processes and policies associated with such exposures match the general retail lending framework (albeit with a higher degree of vigilance).

Northern Trust recommends that the regulators allow exceptions to the exposure limit for this area of retail lending, either through an explicit exception or through flexible enforcement of the limit in the examination process.

3. Minimum Requirements for Experience with Risk Management Systems

The ANPR (p. 40) requires that “banking organizations would have to have a minimum of three years experience with their portfolio segmentation and risk management systems.” Although Northern Trust agrees that risk management systems must be well established and have a reasonable expectation of reliability, we recommend that regulators allow banks to modify their risk management systems within that period without risking disqualification.

Banks should be expected to modify their risk management systems on an ongoing basis. The systems will be tested and made more effective not only through enhancements, but also by eliminating components which provide no value and adding components made possible by improved technology or data. If banks fear they will disqualify themselves from using the A-IRB approach by modifying their risk management system, they may be inclined to maintain their risk management systems without further development, regardless of recognized deficiencies.

Northern Trust recommends that the regulators explicitly allow banks to develop their risk management systems without risk of disqualification. The language in the ANPR seems to support this assumption, but explicit language indicating that regulators will not view modifications as an entirely new system would encourage banks to improve their approaches.

4. Searching for PD and LGD Drivers

Supervisory Standard 36 (pp. 34-35) requires statistical tests to determine specific drivers for PDs and LGDs. We are concerned about the degree of data mining prescribed by the ANPR.

It is one thing to ask A-IRB banks to compute PDs and LGDs from internal data and augment that with external data. It is quite another thing to force banks into the business of data mining – i.e., searching for default and loss drivers and creating regression formulas to predict PDs and LGDs. In effect, banks are being asked to re-create modeling approaches offered by vendors such as KMV Moody’s and Fitch. In a certain sense banks are being prodded either to buy these products or to create their own competing products.

For many banks, this degree of sophistication would provide little benefit. For banks with low risk credit portfolios, the sample set of defaulted facilities might be too small to identify PD and LGD drivers. In addition, conservative banks with low risk portfolios would have little use for whatever credit risk drivers these efforts produced.

Northern Trust recommends the requirement be omitted, or at least based on the complexity and risk of the credit portfolio.

5. Discount Rate for Economic Loss

Supervisory Standard 43 (p. 40) specifies criteria for the rates used to discount losses to present (economic) value. We have a number of comments on the criteria:

• First, we find the specific requirements excessively prescriptive, and possibly in conflict with FAS 114.

• Second, the requirements ignore the fact that other discount rates, such as the contractual lending rate, are commonly used and preferred by many within the banking industry.

• Third, the contractual lending rate is much easier to obtain than “the interest rate on new originations of a type similar to the transaction in question, for the lowest quality grade in which a bank originates such transactions.”

• Finally, since recovery periods are generally short (less than two years), the effect of discount-rate choice on LGDs is minimal.

We recommend the requirement be omitted. Instead, banks should be allowed the flexibility to develop discount rates appropriate for their institution.

6. Ratings Philosophy and Approach

Supervisory Standard 9 (p. 15) states that “obligor ratings must reflect the impact of financial distress.” Yet Supervisory Standard 10 (p. 16) requires that a bank choose a ratings philosophy as either “point in time” or “through the cycle.” These two standards might be incompatible. If a bank chooses the point-in-time philosophy, financial distress will be a factor only in times when it is present. If there is no anticipated financial distress within the one year horizon, it will not be factored into the point in time obligor rating.

We recommend revising the standards to avoid this potential contradiction.

In addition, we find Standard 10 and its supporting text confusing and prescriptive. Though Standard 9 asks banks to adopt a ratings philosophy, with a focus on potential for ratings migration through economic cycles, the supporting text suggests banks must decide between two specific philosophies – point-in-time or through-the-cycle. Later text recognizes that many banks combine aspects of both approaches, but the section concludes with the implication that banks must choose one of the two listed approaches. We see no value in forcing banks to adopt a particular philosophy. A better approach would be a general requirement that banks must understand the ratings migration and the associated capital volatility implications of their ratings approach.

Northern Trust recommends that regulators simplify Standard 10 and the supporting text. Standard 10 should focus on banks being able to articulate their ratings approaches and the implications of those approaches for ratings migrations through economic cycles.

7. Number of Obligor Grades

Supervisory Standard 12 (p. 17) specifies a minimum number of obligor grades. Even if all banks adopted the same number of grades (for example, eight), there is no basis for presuming that they will be used by every firm in the same way. There is no reason even to presume that the grades will afford the national supervisors or the public any consistent scale by which to provide comparability across firms. Some firms would manage their unique risks better with fewer grades, others with more.

As we perceive no net benefit to our bank or the banking system, we feel this requirement should be omitted.

8. Statistical Validation and Sample Significance

Supervisory Standard 22 (p. 21) prescribes periodic statistical validation of credit ratings. For some banks such an approach might provide value, and they would find it in their own interest to do it. For others, like Northern Trust, the requirement would usually be a wasteful exercise. Our bank experiences so few defaults (under most any definition) that any such “statistical validation” would have virtually no data with which to work. Our loan losses simply lack statistically significant sample size to merit such formal, quantitative reviews.

The regulators should allow exemptions where sample data are too sparse, or else simply omit this requirement.

9. Frequency of Parameter Validations

Supervisory Standard 50 (p. 50) requires frequent re-evaluations of credit risk parameters, as often as quarterly in the case of “high-default” periods. That requirement is excessive and overly prescriptive. Worse, in high-default periods, any re-evaluation could be misleading, likely succumbing to the well known “recency effect” in which observers tend to assign inordinately-high risks to recent high-severity, low-probability events. We believe banks require the flexibility and the competitive freedom to reassess their parameters on a frequency appropriate to their needs, and to determine on their own whether and when such reassessment is the best marginal use of resources.

We recommend the requirement be omitted.

10. Backtesting and Multipliers for Repo-Style Transactions

The ANPR (pp. 55-57) requires the bank to back-test its VaR model for repo-style transactions, including securities lending transactions, and to apply exposure multipliers if there are excessive instances where actual results exceed model estimates.

The exposure multipliers seem extreme and arbitrary. The smallest multiplier in the ‘yellow zone’ doubles the credit risk exposure for these transactions. We think this is a harsh penalty.

Northern Trust believes these multipliers should be reduced.

11. Capital Charge on Defaulted Exposures

The ANPR (pp. 49-50) proposes a new capital charge on the carrying value from a partially charged-off loan. The charge “should be calculated as the sum of (a) EAD*LGD less any charge-offs and (b) 8 percent of the carrying value of the loan (that is, the gross exposure amount (EAD) less any charge-offs).” This formula is problematic insofar as it seems to lead to a negative capital charge in certain situations when the charge-off exceeds the EAD*LGD amount.

We ask the regulators to verify the accuracy of this formula.

Operational Risk

1. External Data, Scenarios, and Sufficiency of Internal Data

Supervisory Standard 21 (p. 86) states that "external data may serve a number of different purposes." Also, "Where internal loss data is limited, external data may be a useful input...."

Northern Trust supports the more flexible language of the ANPR, relative to CP3. CP3 contained language suggesting that external data and scenario analysis were requirements, whereas ANPR recognizes that these elements should be incorporated where internal data is insufficient. The ANPR language is far more reasonable.

We find that incorporating external data into our data set is fraught with challenges that call for increasingly complicated processes which might be difficult to explain to auditors, examiners, and board members. Simulated capital values are extremely sensitive to the inclusion of even a few large losses, and the models require either elaborate "attenuator" variables or arbitrary loss-size cutoffs to control their effect. We have had some success building models that incorporate external loss data, but remain unconvinced as to the actual marginal value of doing so.

Northern Trust interprets this standard as meaning that, where data are not limited in any way, and where a bank has performed adequate testing of external data incorporation, there would be no requirement that it incorporate external data in its aggregate loss distribution simulations. Because of the significance of this issue, we recommend that the implementation rules specifically address and confirm this point.

We also view this interpretation as fully consistent with the related language under Supervisory Standard 28 (p. 89), which implies that external data -- as well as scenario analyses -- should be incorporated only to the extent that they make up for limitations or inadequacy of internal loss data.

2. Event Dates

Supervisory Standard 19 (pp. 84-85) requires that the institution collect information about "the date of the [loss] event" in its internal loss database.

The definition of "date" becomes a practical issue of no small significance. As risk practitioners agree, it can be very difficult to identify specific dates for loss-database purposes. Setting aside the accounting rules and focusing instead on the real economics of the matter, risk practitioners cannot even agree whether the loss should be recognized when the event happens, when the event is paid for or settled (which can be years later, especially if insurance or courts are involved), or somewhere in between.

It should be sufficient to identify losses by quarter. Although in an ideal world risk managers would prefer to have to loss event data broken out by day or week or month, this very difficult as a practical matter.

Northern Trust recommends that "date" be changed to "date or representative period."

3. Certification of Operational Risk Models

The supporting text of Standard 33 (p. 94) states that verification of the firm's operational risk measurement system must "provide certification of operational risk models used and their underlying assumptions."

"Certification" can be read as a much more formal and focused process than testing and verifying, particularly as the language states that both the models and the underlying assumptions be certified. Northern Trust is not aware of any bodies or organizations that "certify" models. Certification would place a demand on auditors to be well-trained and well-versed in modern risk measurement and statistical techniques.

Northern recommends that the rules replace “certification” with “verification”, or at least specify exactly what "certification" entails.