Optimal regulation of banking system ’ s advanced credit risk management by unified computational representation of business processes across the entire banking system

: The impetus for this paper came after the financial crisis of 2007 – 2008, its global consequences and specifically how incomplete information “ information asymmetry ” between local banks and regulators extremely affected the banking sector. Financial institutions and regulators are — from a technical point of view – not yet fully integrated and standardised. The inaccuracy in banks ’ data and the long (quarterly) intervals between reports to the regulators leads to delayed interventions by local supervisory regulators. Most regional banks use an internal ratings-based approach (IRB) that allows them to use their own methods to calculate credit risks, which makes it difficult for regulators to verify and validate the banks ’ data without a standardised procedure and the benefit of fully automated connectivity for the regulatory reporting system through sophisticated IT tools. The importance of this issue, for the central banks, motivates the researcher to investigate and seek technology solutions in the interests of maximising the technical efficiency of the regulatory banking system. This paper is focused on the banking regulatory reporting system that uses IRB approach to evaluate credit risk. Due to the importance and the sensitivity of IRB approach on the banking credit risk assessments, a case study is examined and a tailored regulatory reporting system framework is proposed. The proposed framework integrates a private cloud computing network with standardised, automated and integrated features that would provide regulators and practitioners with a new method to enhance the regulatory reporting system.

Abstract: The impetus for this paper came after the financial crisis of 2007-2008, its global consequences and specifically how incomplete information "information asymmetry" between local banks and regulators extremely affected the banking sector. Financial institutions and regulators are-from a technical point of view-not yet fully integrated and standardised. The inaccuracy in banks' data and the long (quarterly) intervals between reports to the regulators leads to delayed interventions by local supervisory regulators. Most regional banks use an internal ratingsbased approach (IRB) that allows them to use their own methods to calculate credit risks, which makes it difficult for regulators to verify and validate the banks' data without a standardised procedure and the benefit of fully automated connectivity for the regulatory reporting system through sophisticated IT tools. The importance of this issue, for the central banks, motivates the researcher to investigate and seek technology solutions in the interests of maximising the technical efficiency of the regulatory banking system. This paper is focused on the banking regulatory reporting system that uses IRB approach to evaluate credit risk. Due to the importance and the sensitivity of IRB approach on the banking credit risk assessments, a case study is examined and a tailored regulatory reporting system framework is proposed. The proposed framework integrates a private cloud computing network with standardised, automated and integrated features that would provide regulators and practitioners with a new method to enhance the regulatory reporting system. Abdulrahman Alrabiah ABOUT THE AUTHOR Abdulrahman Alrabiah is a PhD candidate in Information and Communication Technology School at Griffith University in Australia. He holds an MSc in Business Process Management from QUT and a B. Eng. in Industrial Electronics from KSA. His research interests are business process management, business process change, regulatory policy implementation including computational models and governance frameworks.

PUBLIC INTEREST STATEMENT
This research paper investigates the shortcomings in the regulatory reporting system between local banks and regulators, with the impetus being the global financial crisis of 2007-2008. The paper proposes a framework solution that uses an elastic banking assessment tool to evaluate credit risk, integrating a private cloud computing network with automated features. The solution reinforces the regulator's integrity and jurisdiction system with a consolidated platform suitable for all local banks. In short, this paper provides insights into one of the critical issues that led to the financial crisis and explains how it can be tackled.

Introduction
The last financial crisis (2007)(2008), which overwhelmed the entire world, completely changed the mindset of the regulators (Central Banks). This shift in mindset is mainly attributed to the intensity of the crisis, its great momentum from one country to another, and the ill-timed information acquired by the regulators regarding the health of the banks, as measured in terms of the three pillars of the Basel II accord: minimum capital requirements, supervisory review and market discipline. These impediments mainly arose because the regulators did not have the right information at the right time "information asymmetry" to optimise proactive intervention and deter the impact of the financial crisis. This was attributed to the bank regulator reporting period, which was mainly on a quarterly basis; the business processes of both the banks and the regulators were hardwired for this type of information exchange model. As such, even when regulators made a vain attempt to change the information exchange model, it was impeded by the disintegration of the business processes of both parties. To address this phenomenon, this paper firstly examined and evaluated the opinions of academics and experts by reviewing some of the major elements of internal ratings-based approach (IRB) data quality and timeliness that might restrict the realisation of Basel II/III. Such challenges include obstacles, impacts, efficiencies and integrations. Secondly, the business process value chain that includes bank procedures approval and the regulatory reporting system was redesigned as a to-be model and evaluated and compared with a new system that offers solutions for the existing system. Finally, the researcher proposed a full automation and integration of regulatory business processes between the Central Bank (SAMA, Saudi Arabian Monetary Agency) and the banks in Saudi Arabia, including framework and business rules systems.
The advanced credit risk management is an important issue for the central banks, because of the current use of credit risk approaches (standardised and foundation) are incapable to reflect impact on locals and banks' growth which motivates the researcher to investigate and seek technical solutions in the interests of maximising the technical efficiency of the banking system. Further, offering innovative banking products would support entrepreneurial activities, help firms to grow and provide a more sustainable economy.

Paper focus
To examine the situation of the regulatory reporting system, this paper concentrates on the following aspects: • review literature on the financial crisis (2007)(2008), the Basel II, III regulations; • review factors impeding the implementation of Basel II and III; • evaluate the current system and the proposed system in two workshops; • a framework solution that integrates a private cloud computing network with automated and integrated features.

Literature review
The Basel II accord (set of standards), announced in 2004, is aimed at managing banking supervision and the regulatory framework released by BCBS (Basel Committee on Banking Supervision) as an international banking standard (BCBS, 2006). This framework improved upon and replaced Basel I, providing standards to help regulate banks' capital adequacy supervision and to minimise risk failures in banking and financial institutions (Ozun, 2007). Many firms and regulators were struggling and in decline during the last financial crisis, primarily due to failure to comply with standardisations (Demirguc-Kunt, Detragiache, & Merrouche, 2013;Narain, Ötker, & Pazarbasioglu, 2012). This paper will focus on regulatory reporting mechanisms in relation to data quality and timeliness.
The last financial crisis disclosed various frailties in the banking regulation supervisory system (IMF, 2013a). It raised many important challenges, such as accuracy, data quality, validation, consistency and timeliness in fulfilling Basel II/III regulators' requirements (Rattaggi, 2017;Tarca & Rutkowski, 2016). These challenges, combined with other factors, resulted in a massive impact on the regulation system as well as the worldwide economy (Chen, Ribeiro, & Chen, 2016;Large, 2015). In this literature review, the paper will explore some relevant issues and elucidate this picture.

The financial crisis (2007-2008) and banks regulation
The last financial crisis originated from the US subprime mortgage market, when the Federal Reserve lowered the interest rate to supplement the economy to help it recover from recession after the terror attacks in 2001. Household lending for the subprime mortgage market was opened virtually without limitation, driving up house prices, fuelling credit growth and thereby igniting the crisis (Joseph, 2013). According to Naudé (2009), about US$1.3 trillion was loaned in subprime mortgages in a short period. Subsequently, home owners unable to repay, house prices plummeted, banks left with worthless properties, investors lost faith: liquidity crisis. The fast-growing economy and incentive salaries led executives to ignore the warning signals, as stated by Citigroup Chairman, Chuck Prince, after the crisis. Large (2015) claimed that many executives were just enjoying the show. Thus, the spark started with the mortgages, then spread to credit and local and interbank stock markets; the exposure to interbank loans worsened the case globally. Consequently, the global financial market rapidly spread the fear, causing recession and shrinking investments (Frankel & Saravelos, 2010;Joseph, 2013;Levine, 2012). Naudé (2009) summarised the reasons for the crisis as "easy credit, bad loans, weak regulation and supervision of complex financial instruments, debt defaulting, insolvency of key financial institutions, a loss of credibility and trust, and financial panic and mass selling-off of stocks and a hoarding of cash by banks and individuals". Hildebrand (2008) pointed out that using leverage excessively amplified the shock to the financial system and was the main participator in the last financial crisis. Therefore, it is necessary to revise leverage policies, reevaluate risk-weighted capital requirements and protect banks with a minimum capital buffer. Frankel and Saravelos (2010) examined and concluded in a valuable paper the most significant factors linked to the crisis. The global reserves and the overestimation of the actual exchange rate are recognised as the obvious indicators of the latest financial crisis, among other factors that have not yet been proved (Rey, 2015;Terazi & ŞEnel, 2011). In fact, the disaster appears to have affected all economic sectors due to inaccurate and backward information "information asymmetry" and lack of integration and standardisation among the banking systems worldwide (Boyle & MacCarthaigh, 2011;Resti, 2016a). According to Narain et al. (2012) the majority of big financial firms failed to ingest the impact and that due to regulators' support and tolerance, miscalculate of capital ratio, hesitate to send negative signs to the markets and wait for the regulator to inject money to the banking sector to recover the losses in a later stage.
The paper points out the impact on banking sectors and where the defects and the solutions should be. Shedding light on the problems, from a technical viewpoint, will give us the opportunity to control and avoid similar situations in the future. Since the crisis arose, banking sectors worldwide, from large to small banks, have been affected in various ways (Bekaert, Ehrmann, Fratzscher, & Mehl, 2014). Loan payments, SME and employment were deeply affected by banking investment during the crisis (Ivashina & Scharfstein, 2010). The bankruptcy of big names and interdependent global markets is shrinking the economy with low cash flow (Demirguc-Kunt et al., 2013), thus corporate loans for firms are heavily damaged and fall back more than those for households, where the problem originated, which indicates the dimension of the crisis and further aggravation to the economy (Cull & Peria, 2013). Therefore, asset quality and less corporate income will decrease bank capital (Resti, 2016a). The impact of the financial crisis went beyond loans and credits to loss of confidence in the worldwide market (Coglianese, 2012;Large, 2015;Maurer, Escaith, & Auboin, 2010).

Internal ratings-based approach challenges
The new IRB approach in accord with the Basel Committee's purposes and achieves individual banks' and supervisors' requirements and aims, in terms of credit risk, to high-quality profiles and lower capital charges (Joseph, 2013;Saidenberg & Schuermann, 2003). The Committee designed IRB approach to expand banks' capabilities of credit risk management and to measure capital requirements (Alexander, 2012). The approach is subject to minimum conditions and need supervisory approval to quantify risk components to calculate capital requirements (BCBS, 2006). The IRB framework includes three key elements: risk components, risk-weight functions and minimum requirements. The risk components have four key parameters to measure credit risks: PD, the Probability of Default of a borrower in one year; LGD, the Loss Given Default to measure exposure at default (percentage); EAD, Exposure at Default (amount); and M, Maturity (Saidenberg & Schuermann, 2003;Tarca & Rutkowski, 2016). The IRB approach proposed to cover a wider range of borrowers in high assessment quality (EBA, 2016). The Committee expanded the credit risk to "Foundation" and "Advanced" approaches to encourage banks to continuously improve their risk management and measurement capacities (BCBS, 2006;Khlifa, 2017). However, individual financial institutions using the foundation-internal ratings-based (F-IRB) or the advanced internal ratings-based (A-IRB) model can decide which methods to apply to calculate the credit risk, and which gives faulty data and increases variability among the banks (Amorello, 2016;Blundell-Wignall & Atkinson, 2010;Khlifa, 2017). Thus, with the absence of a holistic approach to validate and verify banks data, as consequence, this gave the banks the chance to manipulate by using this defect to minimise their capital requirements. (Mariathasan & Merrouche, 2014). As a result, regulators were conned and the data were published as real information, deceiving the public users. In fact, regulatory systems in most countries all over the world were not sufficiently controlled to act equivalently in a heterogeneous banking environment and handle their supervision policies (Alessandrini, Fratianni, Papi, & Zazzaro, 2016;FSB, 2017;Resti, 2016b). Inadequacies in the international regulatory framework and the lack of standardisations led to the rapid propagation and development of a cross-border crisis (Ayadi, Ferri, & Pesic, 2016). In addition, there was an intensive growth in "shadow banking systems" just before the crisis, which presented more competitiveness to improve investments without monitoring or control from any government agency (FSB, 2017;IMF, 2017;United Nations, 2010). As a result, the effects of the crisis were felt worldwide and resulted in bankruptcy, recession and loss of trust.
Thus, the Basel Committee on Banking Supervision responded to the financial crisis by presenting key measurements to strengthen the regulation, supervision and risk management of the banking sector (BIS, 2010): • Raise the quality, consistency and transparency of the Tier 1 capital base.
• Introduce a leverage ratio as a supplementary measure to the Basel II risk-based framework with a view to migrating to a Pillar 1 treatment based on appropriate review and calibration.
• Introduce a minimum global standard for funding liquidity that includes a stressed liquidity coverage ratio requirement, underpinned by a longer term structural liquidity ratio.
• Introduce a framework for countercyclical capital buffers above the minimum requirement and review an appropriate set of indicators, such as earnings and credit-based variables.
• Issue recommendations to reduce the systemic risk associated with the resolution of crossborder banks.
However, Amorello (2016); Mariathasan and Merrouche (2014) argued that due to the complex requirements, Basel III created more problems instead of solving banks' misuses of IRB approaches. Therefore, financial institutions anticipated this rally by using the (A-IRB) approach excessively to reserve more liquidity without evaluating the risk and preparing for precaution arrangements.
The assessment of credit risk components, that is the Probability of Default, the Loss Given Default, Exposure at Default usually depends on the attributes of each situation which make the validation of banks A-IRB models more complicated with the current regulators' techniques (Engelmann & Rauhmeier, 2014;Miu & Ozdemir, 2017;Moges, Dejaeger, Lemahieu, & Baesens, 2013). Further, the A-IRB approach still faces challenges to comply with the international standards (Basel) and regulators' requirements (FSB, 2017). The regulators' validation processes undergo multi-layered validations, that is, initial validation, stress testing, on reporting model verification "component" and banking system-level validation (Engelmann & Rauhmeier, 2014;Kiff, Nowak, & Schumacher, 2012;Miu & Ozdemir, 2017). However, these steps are currently executed manually or partially disregarded due to the difficulty in obtaining the resources or adopting innovative technologies. Thus, the proposed framework optimally can help to automate the entire regulatory value chain that is required to implement the A-IRB approach.

Saudi Arabian banks and regulatory reporting problems
Currently, many supervisory(s) and banking regulatory reporters are non-integrated, which clearly identifies one of the causes behind the crisis (Boyle & MacCarthaigh, 2011;Petacchi, 2015). SAMA, Saudi Arabian Supervisory, and local banks are examples of non-integrated business processes within the regulatory reporting system where most of the transmissions, preparations and communications of regulatory reporting are lacking integration and standardisation (IMF, 2013b). Usually, acquiring banking information requires a great deal of time to be submitted to the supervisory regulator, thus delaying decision makers' ability to intervene to prevent worsening of individual cases (Khlifa, 2017). One reason for this is the lack of a common network and standardised format that offers exchange data and instant pull-push information or a standard framework for all banks to automate systems that can offer simultaneous access of information by both sides for interaction and updating of data (Kern, 2012). On the other hand, regulatory reporting system faces intra-organisational challenges that immobilise and prevent improvements to the system (Large, 2015). The different perspectives of each department involve the completion of tasks, and the absence of procedures and roles impels the overlap of competencies and responsibilities, which are factors in loss of professionalism in improving regulatory reporting system (Central Bank of Ireland, 2017;Papazoglou, Traverso, Dustdar, & Leymann, 2007). Another issue is the loss of productivity due to employees with insufficient skills being in responsible positions in organisational departments. For instance, in SAMA, our case study, the regulatory reporting system are monitored by different departments, that is Banking Supervision, Banking Policy, Monetary Policy and Financial Stability and the Information Technology, which usually results in interference and poor use of employees' expertise, leading to inefficient processing of daily tasks.
The advanced credit risk approaches and practices in the banking systems have great demands worldwide (Miu & Ozdemir, 2017), especially in Saudi Arabia (Ramady, 2015). Therefore, banks are under pressure to offer innovative products to their customers to capture the demands and stimulate the economic growth while complying with regulators' constraints (Ramady, 2015;Sagraves & Connors, 2017;Scannella, 2013). Currently, A-IRB practices aren't fully auto-validated nor real-time monitored via the regulatory verification processes (Engelmann & Rauhmeier, 2014). Therefore, regulators need to use advanced computing features to securely enable the banks to the use A-IRB approach.
The regulatory reporting system in SAMA is still not optimum and needs a technology solution to standardise and integrate all the required regulatory information in a central platform (Kern, 2012;Ramady, 2015). The regulatory reporting issues summarised in incomplete information "Asymmetric information", long analysis and validation process, delay in action and intervention, manual process coordination and others. The proposed framework it would help all the involved departments to view, validate, verify and share banks' reporting data internally and then compute and execute its policies externally to the local banks.

Factors affecting accuracy
The conflict of interest between local banks and the regulators is a common challenge in relation to statistical measurement in credit risk and adequate capital (BCBS, 2006;IMF, 2017). Specifically, prejudices and overstated calculations by financial institutions to minimise credit risk affect the reporting system (Amorello, 2016;Joseph, 2013). The last financial crisis reflected how financial institutions in the US behaved to attract borrowers, which finally led to the crisis. When corporations did not grasp the escalation in the market and tried to aggregate asset ratios and minimise risks, it created deceptive information and misperceptions (IMF, 2009). When banks intend to adjust the capital ratio (tier1 ≥ 6%) to be in the range of 6% to gain more liquidity, this behaviour affects the regulators' accuracy and surely reduces the quality of decision making in financial organisations (Tarca & Rutkowski, 2016). (2009); Resti (2016a) stated that allocating independent and competent people to validate the information was an important issue in completing the regulatory requirements of the authority. Particularly, allocating tasks to the appropriate staff was the solution to facilitating the work. Murphy and Westwood (2010) studied the last financial crisis and suggested that combined comprehensive information transmitted to the regulators and supported by a sophisticated system would be beneficial in mitigating the consequences of an economic disaster. SAS (2016) highlights that the most challenging factor in improving the reporting system would be placing standardisation first and then enhancing the implementation of technology to assist in the distribution of reports. A case study done by Fujitsu (n.d.) on the Bank of Spain indicates that using designated tools, such as XBRL or Web services, would accelerate the process of validation while decreasing human involvement, thereby providing flexibility to the process of communicating to regulators and other financial institutions. However, regulators struggle to validate banks' regulatory reporting and credit risk data due to heterogeneous banking environment, such having different objectives, strategies and systems (FSB, 2017).

Factors affecting timeliness
Consolidating and integrating the information throughout the system reduces the interruption of the processes and effectively validates the data (Murphy & Westwood, 2010;Resti, 2016a). The Bank of England (2014) considers: "Other things being equal, the sooner the data are published the more valuable for users, and in this sense, timeliness is a simple indicator of data quality. However, there will be a trade-off between the benefits of greater timeliness for users and of more time for reporters and compilers to ensure fuller coverage and more thorough plausibility checking".
The key factors to produce timely high-quality reports are through fixed interval reporting that interacts globally with different institutions and regulators and smooths the progress of knowledge transfer throughout the organisation (Large, 2015;Mohammad, 2007). Use of developed technology, such as XBRL, Web services and innovative technology, is a good solution to support the reporting process and reserve resources (Kotamarthi, Wang, Grossmann, Sheng, & Indrakanti, 2015;PWC, n.d.;Rattaggi, 2017). In addition, re-engineering the processes by changing the static forms and manual processes to offer dynamic applications that ensure proactive analysis and can accelerate the transmission of the report is recommended (Kotamarthi et al., 2015). According to IFC (2010), technology plays an important role in improving financial services, monitoring, standardisation, integration and more. However, if people use only technology to accommodate information then the information will be corrupted: standardised multipurpose software is the answer for a regulatory reporting system.

Using BPM techniques in Basel II/III
During the financial crisis, many of the banks' reporting regulatory systems provided inaccurate and "asymmetric information"; as well, they were unable to provide timely information due to lack of appropriate mechanisms (Boyle & MacCarthaigh, 2011;Large, 2015;Petacchi, 2015;Resti, 2016a). Therefore, regulators and supervisors were not able to intervene and share the same information to respond to the crisis (Rattaggi, 2017). As a contemporary tool, business process management (BPM) can solve some of the problems experienced in banks' reporting system and enhance automated processes to efficiently comply with Basel II/III regulatory policies and prevent any new crises that might occur. In fact, the business process approach can measure and distinguish the performances of the available processes, which provide management with a best practice tool to evaluate outcomes.
The BPM lifecycle offers process identification, modelling, analysis, improvement, implementation, execution and monitoring/controlling (Brocke & Rosemann, 2014). The BPM approach helps organisations to build and choose their organisational strategy, manage processes and continually improve in a contemporary and effective way (Dumas, La Rosa, Mendling, & Reijers, 2013). The phases improve the automation of regulatory reporting system in such a way that enhances the accuracy of the quality of the information that will be delivered. For example, during the analysis stage, firms can identify the best and most efficient processes and eliminate any waste (Van Der Aalst, 2013). Even during the implementation and execution stages, it is still easy to redesign and evaluate the entire process, which gives the organisation full control to include or omit processes at any time. Another important feature is the flexibility and dynamics of the business process framework, which offers the ability to work on or change any phase without affecting the other processes (Harmon, 2015). The main problem between regulators (supervisors) and regulatory reporters is that the traditional methods for transmission of data are disintegrated and inefficient in accommodating the reports (Barth, Caprio, & Levine, 2012). The lack of fully automated platforms to handle the transmission of information leads to inaccuracy and delay (EBA, 2016;Wharmby, 2001). Therefore, proposing a sufficient methodology or framework to integrate the two parties is important in preventing any misunderstandings or faulty interpretation of the data and, at the same time, to consolidate all reporters into one system.
Banks provide services to their customers on business-to-business networks, which is known as e-business in the public sector (Turban et al., 2018). On the other hand, regulators use private internal networks for their internal banking services to ensure efficient management and control of the economy, such as placing and updating rules and monitoring the business activities contained in e-business; this is known as e-government (Bessis, 2015). The merging of these two frameworks to automate and improve the regulatory reporting system would be beneficial for both regulators and banks.

Business rule engine solution
Business Rule Engines (BRE) are the pluggable software components that execute business rules that have been externalised from application code as part of a business rules approach (Kotamarthi et al., 2015). This externalisation of business rules allows business users to modify the rules frequently without IT intervention (Kholkar, Sunkle, & Kulkarni, 2017;Sadiq & Governatori, 2015). Therefore, BRE can play a key role in controlling and managing bank data, and verifying and validating in a multiple data model fully integrated with the bank's system (Gong & Janssen, 2013). Business rule engines can be applied specifically in the banking/financial sector for applications such as Basel II/III credit risk management (Schumm, Leymann, Ma, Scheibler, & Strauch, 2010). Any bank or financial institution can model its business rules based on Basel II credit risk management policies and processes. Business rules can be designed to define probabilities of default, credit rating, loss given default and internal credit history (Weigand, van den Heuvel, & Hiel, 2011). Credit risk business rules can further be enhanced using neutral network and artificial intelligence authoring techniques, thus guaranteeing accurate business rules and the identification of the best possible decisions with total compliance to Basel II principles (Rattaggi, 2017;Spies, 2010). BRE's robust architecture would allow banks to do credit risk calculations on the customer's native data, consolidation of data from multiple data models and categorisation of data by prescribed Basel II categories. This architecture would be easy to integrate with the current legacy banking systems, thus enabling efficiency in operation.

Enterprise service bus role in regulatory systems
As the focus of this paper is to identify solutions and technologies for improving the banking regulatory reporting system, the enterprise service bus (ESB) features are worthy of mention. The ESB is a middleware infrastructure product that works as an abstraction layer to facilitate communications between services and help to reduce complex IT infrastructures in an organisation (Davidsen, 2007;Keen et al., 2004). It has the flexibility and functionality to be integrated into multiple areas, such as architecture, connection, mediation, orchestration and change and control (Chappell, 2004). The open-source supports web service communication types including Services Business Process Execution Language (BPEL) to process orchestration and other multi protocols (Sarkar, 2015). In addition, ESB can serve as integrated routing for messaging secure content, work as an adapter for applications and control process execution (Menge, 2007). ESB facilitates the connectivity and interface that is required for the regulatory reporting system to link applications or services and enable faster transmission of the data (Sarkar, 2015).

Research methodology
The research has conducted mixed methods of data collection to explore and identify the issues in the regulatory reporting system between SAMA and the local banks. The methods consist of three instruments: surveys, interviews and workshops. The surveys involve all local banks and SAMA's departments, i.e. Banking Supervision, Banking Policy, Monetary Policy and Financial Stability and Information Technology. The interview phase aimed to justify and confirm the answers from the surveys. Since Basel II was introduced in 2006, continuous amendments have been made by the Basel Committee to meet dynamic changes in the banking sector that need innovative products to capture the market trends, boost profits and satisfy customers. These constraints led SAMA to rely on experts and consulting firms due to the absence of documenting credit risk issues and solutions to capture these changes and comply with Basel regulations. The workshop evaluation technique was designed to choose participants, from banks and different departments in SAMA, who have been dealing closely with the regulatory system. Therefore, the selected people had practiced in this field for more than ten years. The selected people are categorised as department managers, senior staff, analysts and consultants. The two workshops' activities consisted of evaluating the current system and the proposed solutions. Fifteen criteria (see Appendix 7.2) were extracted and formularised from the surveys and interviews and used to evaluate the proposed solution. The purpose of the evaluation of the current regulatory reporting system and the proposed solution is to measure the outcomes from the suggested solution and to determine whether they meet expectations.

Analysis and solutions
The source of problems in the regulatory reporting system is non-value adding activities (waste). Waste stems from activities that are not utilised properly and from process variations that lack control. The sources of waste in the banking systems can be classified and summarised as: 1) data entry operator jobs that due to manual data entry, insufficient knowledge and outliers due to the lack of comparison historic data. 2) organisational and managerial issues on the regulators side and the banks due to lack of activating and auditing the Service Level Agreement, and loss of effective SAMA's staff who are required to travel away to solve banks' problems and cover for shortages. The knowledge gap between seniors, analysts and technical staffs leads to misunderstandings and delays processes, while inappropriate staff structuring leads to loss of skilled staff and increases turnover. The source of variation can be summarised as: absence of sophisticated controls to monitor the auto-validation of the data, high employment turnover affecting performance and productivity, nonexistence of plan and knowledge management procedures, the distribution of roles and responsibilities among different departments resulting in a lack of capacity, less productivity and delayed processes, absence of a fully automated and integrated system that offers standardisation and consolidation for all banks in one platform, and the absence of a rigorous inter-and intra-organisational Service Level Agreement that clearly defines and controls the operation of the business process.
The main constraints that were identified as affecting and aggravating the domain were: firstly, the general business rules validations were incapable of handling all the various rules sufficiently, in particular, the F-IRB and the A-IRB banks' procedures approval process was problematic due to the flexibility that allowed the banks to create their own method of calculating capital requirements, thereby complicating the validations of the process by the supervisory and inspection processes. The second issue was data quality problems, including accuracy, consistency and believability of the information available. Thirdly, there was a lack of integration in the system which delayed the verification and conciliation of banks' data and thus distressed the banking activity. Consequently, to solve the regulatory reporting impediments, the research proposed the regulatory reporting business process value chain outlined in the next section.

Basel reporting value chain business process
The business process value chain has two phases: The Bank Procedures Approval and the Regulatory Reporting System. The processes of the regulatory reporting system consist of three stages that allow the banks to comply with the Basel Committee on Banking Supervision (BCBS) regulations and SAMA rules for banking operations and reporting data. As the scope of the research project is limited to propose a technical solution to improve the banks' credit risks reporting, the process phases outlined below will deal with the following:

IRB bank procedures approval (BPA)
This is considered the initial stage for a bank to get approval of a business rule that requires developing a method to calculate the credit risk, using the bank requirements that were elicited from the Bank Procedures Approval Modelling as in Figure 1.
The as to-be process model (Figure 1) illustrates the bank's business rules approval procedures and explains the related process specifications, roles and responsibilities.

Package generation (PG)
The package generation process is the source of the business rules that each bank is obligated to act upon for the regulatory reporting system. Once they decide to implement new business rules or to change an existing one, SAMA initiates the package. The processes involved in the package generation are depicted on the Package Generation Process modelling (See Figure 3).
The as to-be process model (Figure 3) illustrates the package generation and explains process specifications, roles and responsibilities.

Package Generation
Bank Package Processing Pakage Verification and Reconciliation

Bank package processing (BPP)
This stage allows the bank to process the package by completing the required data and the process steps as in Figure 4.
The as to-be process model (Figure 4) illustrates the bank package processing and explains process specifications, roles and responsibilities.

Evaluation of the current system and the proposed solution
The results of the evaluation of the current system overall were below the acceptable level which was previously set at "manageable = 3". That result was due to the various obstacles and problems that exist in the current system. To examine the results of the evaluation and point out the causes of the impediments in the current system, the researcher studied the answers given for each criterion and explicated the outcomes briefly. The researcher then compared these with the answers given for the evaluation of the proposed solution, with a view to ascertain the best solutions. Figure 5 shows the result of the comparison between the current system and the proposed solution. Figure 6 shows the proposed framework solution that extended the model of (Adem, 2010) used in the banking international regulatory system to solve the issues with the Basel II and III Regulatory Reporting System. The model is implemented as follows:

Framework architecture of the basel II & III regulatory system
• The architecture framework encompasses the solution components.
• Models two BPM processes engineering for IRB Procedure approval, and Basel Reporting Value Chain to standardise the banks' processes. It also offers agility and improvement to the reporting system.
• Proposes a Data Quality Regulator that can check and validate the accuracy of the data and believability in the new reporting system.  • Offers Business Rule Engine that facilitates the transmission of the package by allowing the banks to validate their embedded data in the BRE and enables SAMA (Central Bank) to verify the data using the banks' procedures that are stored in the BRE.
• Offers Knowledge Management system that interacts with the Business Process Management System and handles the variations that occur due to the execution of processes by different people. High turnover rate problems are handled by using closed loop organisational automated learning as well as by supporting the banks and SAMA staff with the standardised information.
• Suggests SLA Lifecycle Manager that communicates with the BPM system to enforce the operational policies and to intervene quickly in a case of any anomalies. Ensures that there is a consolidated automated auditing system for all banks on a standardised platform.
• Proposes Enterprise Service Bus solution to enable the banks to enter the initial data from their core IT infrastructure, thereby decreasing data entry errors and decreasing data entry time.

Conclusion
The economic crisis of 2007-2008 was an overwhelming catastrophe that led to the revaluation of many financial regulations throughout the world. The Basel II and III regulations are among the most important banking regulations in effect, due to the high number of financial institutions working with Basel II. In fact, most of the literature on credit risk management or on deliberated solutions has come from researchers with an economic background. Although the Basel Committee on Banking Supervision strives to amend and enhance credit risk assessments, the heterogeneity and complexity of the banking environment diminishes their efforts (Amorello, 2016;Resti, 2016b;Scannella, 2013). The literature reviewed here attests to the paucity of innovative technological solutions.
Consequently, there is a demand to implement new credit rating models based on the A-IRB to provide innovative financial products that are constrained by the dynamic economic trends and  Figure 6. Framework architecture of the Basel II & III regulatory system, extended from (Adem, 2010).
growths. Banks need to capture the demand and offer competitive products to satisfy customers and gain profit. Regulators need initially to validate and conduct multiple validations to proof the A-IRB models through the banks' reports. Currently, regulators cannot optimally validate banks' credit risk approaches, and they do not have the resources and time to perform these tasks using their existing operational model. Accordingly, automating the proposed framework will resolve the regulatory bottlenecks, thereby enabling the banks by providing innovative products. Further, these innovative financial products will help to create and develop new businesses and sustain existing businesses.
Hence, the paper proposed an operational framework ( Figure 6) with a high degree of process standardisation and integration. The proposed framework consolidates the regulatory reporting system to that effect and provides a standardised and integrated system for all banks to deal efficiently with the heterogeneous banking environment. The researcher found that the reasons for the current problems with timely availability of data (timeliness) were rooted in the concepts of waste, and performance variation. Mainly banks use different credit risk methods (F-IRB and A-IRB) to aggregate data, which complicates the validation of the process by the regulators and probably serves to distort information and affect decision making. Use of insufficient resources, involvement of different departments, inexperience, staff turnover and lack of automated systems are examples of these problems. Furthermore, the inaccuracy of the available data mostly stems from human mistakes and the absence of standardised and automated auditing systems that verify the data instantly. These defects can be addressed by using the proposed framework to standardise and integrate these processes. This paper described a single case study to present a technical solution for a regulatory reporting system where standardisation and integration was inefficient (Resti, 2016a). Since many regulators share a similar lack of full standardisation and integration, there is potential to apply the technology solution to a broader sphere.
The proposed framework solution in Figure 6 aims to solve the credit risk problems that are inherent in regulatory reporting systems. By thoroughly investigating the root causes of the sources of performance variation and waste, the proposed Basel II and III Regulatory system model can be extended to accommodate the constraints imposed by other Basel II and III pillars. Strict information security measures should be implemented, entailing authentication, authorisation, non-repudiation, data integrity, privacy and accountability of the regulatory system. These measures will maintain sustainability, creditability and productivity of the system. The proposed solution is tailored for the explored case study, SAMA; therefore, the applicability of this solution awaits further evaluation and testing to narrow the literature gap in this field. This research paper investigates the shortcomings in the regulatory reporting system between local banks and regulators, with the motive being the global financial crisis of 2007-2008. The paper proposes a framework solution that uses a new banking assessment tool to evaluate credit risk, integrating a private cloud computing network with automated features. The solution strengthens the regulator's integrity and jurisdiction system with a consolidated platform suitable for all local banks. In short, this paper provides insights into one of the critical issues that led to the financial crisis and explains how it can be tackled.

Note
An earlier version of this article was originally published in another journal on 15th March 2016, without peer review, without consent from the authors, and without the completion of an author publishing agreement.
The authors and their institution requested for the article to be taken down. However, the article is still available online.
The full citation of the original publication is: Al Saghier, H, & Alrabiah, A. (2016.) Cross organizational standardized business process integration and its application in Saudi Arabian banking system regulation: A case study of advanced IRB regulation. Global Journal of Information Technology: Emerging Technologies, 6(1). doi: 10.18844/gjit.v6i1.388 In 2017 the article was submitted to Cogent Economics & Finance. It was then peer reviewed and was accepted for publication on 31 st May 2018.

Funding
The author received no direct funding for this research. The extent to which information is regarded as true and credible.

DQ-03 Reputation
The extent to which information is highly regarded in terms of its source or content.

DQ-04
Objectivity The extent to which information is unbiased, unprejudiced and impartial.

DQ-05
Free-of-Error The extent to which information is correct and reliable.

DQ-06 Value Added
The extent to which information is beneficial and provides advantages from its use.

DQ-07
Relevance The extent to which information is applicable and helpful for the task at hand.

DQ-08 Completeness
The extent to which information is not missing and is of sufficient breadth and depth for the task at hand.

DQ-09 Timeliness
The extent to which information is sufficiently up-to-date for the task at hand.

DQ-10 Appropriate Amount
The extent to which the volume of information is appropriate for the task at hand.

DQ-11 Understandability
The extent to which information is easily comprehended.

DQ-12 Interpretability
The extent to which information is appropriate languages, symbols, and units and the definitions are clear.

DQ-13 Concise Representation
The extent to which information is compactly represented.

DQ-14 Consistent representation
The extent to which information is firmly represented