The Basel Accord of 1988 is the principle regulation for the international banking sector, and proposed revisions represent some of the most significant changes to the sector in recent years. The new Accord incorporates operational risk to align regulatory capital with the underlying risks by encouraging systemic risk management practices. Optimal risk management practices would reduce capital charges and enable greater competitiveness. However, the impact of Basel II on the level of required capital is uncertain. Quantitative studies suggest large reductions in the minimum required capital, but uncertainty exists because banks historically have held capital above required minimums.
The new regulatory framework requires banks to identify, assess, and quantify risks for each business line and operation. They rely heavily on computer networks for their business operations, so banking organizations must develop economically feasible, integrated security systems. The specific risks arising from computer networks demand strategic management that includes a constant consideration of time, interactive flow, and an integrated network risk management strategy. Yet the identification of computer network risks suffers from a lack of historical data and persistent methods to manage such risks. Therefore, learning organizations that scan the environment might achieve the best positions. However, the mandates of Basel II and the potential for enhanced competitiveness may negate such benefits. If banks seek to optimize their risk management operations and strategies to benefit from reduced capital allocations, they should adopt and use best practices through environmental scanning; therefore, banking organizations that seek to qualify for Basel II advancement should exhibit heterogeneous approaches.
This thesis examines the impact of this new regulatory environment and risk management approaches in the banking sector. Research into strategic decision making, strategy, knowledge transfer, and computer network risk management supports the proposition that regulatory dominance does not determine risk management sophistication; environmental factors take precedence over regulatory mandates, and strategy perspectives are shifting toward an organic approach. Accordingly, this study gathers measures of standards compliance, the impact of regulation on relationships between sources and recipients of knowledge, environmental scanning, degrees of risk management sophistication, risk management strategy perspectives, and method heterogeneity from 82 banking organizations during August 2004–August 2005. It offers key implications for policy and an academic understanding of regulatory change.