Auditing and bank capital regulation.

Prescott, Edward Simpson

Capital regulations for banks are based on the idea that the riskier a bank's assets are, the more capital it should hold. The international 1988 Basel Accord among bank regulators set bank capital requirements to be a fixed percentage of the face value of assets. The only risk variation between assets was based on easily identifiable characteristics, such as whether it was a commercial loan or a government debt.

The proposed revision to the Accord, commonly called Basel II, is an attempt to improve upon the crude risk measures of the 1988 Accord. Under Basel II, banks use their internal information systems to determine the risk of an asset and report this number to regulators. (1) In an ideal sense, the proposal is eminently sensible. After all, who knows the risks of a bank's asset better than the bank itself? But a serious problem exists in implementation. What incentive does a bank have to report the true risks of its assets? Without adequate supervision and appropriate penalties, the answer is, "Not much."

Analysis of Basel II has been primarily focused on setting the capital requirements, commonly referred to as Pillar One of the proposal. But good capital requirements mean little if they cannot be enforced. For this reason, more attention needs to be focused on Pillar Two of the proposal, that is, supervisory review. (2) This pillar gives supervisors the authority to enforce compliance with the Pillar One capital requirements, and while not usually the focus of Basel II, it is fundamental to the success of the project.

These issues are examined in models where regulatory audits affect the incentives for banks to send accurate reports. By the term "audit" we mean the process of determining if the reported number is accurate. In practice, our use of the term "audit" refers more to a supervisory exam than to an external audit, though our models are broad enough to incorporate this activity, too.

The models have strong implications for how supervisors should deploy their limited resources when examining banks. We find that stochastic auditing strategies are more effective than deterministic ones. Furthermore, the frequency of an audit should depend on the amount of capital held. The less capital a bank holds, the more frequent the audits need to be, even though the safest banks hold the least amount of capital. The reason for this counterintuitive result is that audits prevent risky banks from declaring that they are safe banks. Therefore, the safer a bank claims to be, the more prevention is needed and the more frequently it is audited.

1. THE MODEL

Verifying the risk of a bank's investment requires a model that illustrates the role of examinations and monitoring. The simplest model sufficient for the purposes of this study is the costly state verification model of Townsend (1979). In his model, a firm's cash flow is the information to be verified. Here, it will be the risk of a bank's investment. We study capital regulations in four variants of the basic model: an idealized one where the regulator observes the bank's risk characteristics; one where the regulator does not observe the risk characteristics; another where the regulator can audit deterministically to find out the risk characteristics; and a final model where the regulator may randomly audit, that is, conduct an audit with a probability any where between zero and one.

The Basic Model

In the model, there is one regulator and many small banks. Each bank has one investment of size one. Investments either succeed or fail. All successful investments return the same amount, and all failed investments produce zero. Banks' investment projects differ only in their probability of failure. The probability of a bank's investment failing is p, which lies in the range, [[p.bar], [bar.p]], with 0 [less than or equal to] [p.bar] < [bar.p] [less than or equal to] 1. This probability is random to the bank and drawn from the density function, h (p). The cumulative distribution function is H (p). Shocks are independent across banks.

A bank's investment can be financed with either deposits or capital. Banks prefer less capital to more. For the moment, there is no need to be specific about the details of this preference. We only need banks to desire to hold less capital than the regulator wants them to. Such a desire by banks could come out of a model with a deposit insurance safety net or any model in which equity capital is costlier to raise than deposits. Let K (p) be the amount of capital held by a bank with investment opportunity, p. Because each bank is of size one, 1 - K (p) is the amount in deposits each bank holds as well as being its utility. (3)

The regulator cares about losses from failure and the cost of capital. We assume that the failure losses depend on the amount of deposits that the regulator needs to cover in case there is failure. This function is V (K (p)) with V increasing and concave (V' > 0 and V" < 0). Because V measures losses, we assume that V (K (p)) [less than or equal to] 0 for all values of capital, with V (1) = 0 (see Figure 1). The regulator suffers no losses from a failed bank if it has 100 percent capital. The purpose of this function is to generate a desire on the part of the regulator for banks with riskier portfolios to hold more capital.

The regulator also cares about the cost of capital. Assuming that the per unit cost is q, this cost represents the foregone loss of liquidity services from a bank's use of capital rather than deposits. (4)

The problem for the regulator is to choose a risk-based capital requirement, K (p), that balances the regulatory benefit of reducing losses of failure with the costs to banks of issuing capital. This problem is the maximization problem:

[max.[K (p)[member of][0.1]]] [[integral].sub.[p.bar].sup.[bar.p]] (pV (K (p)) - q K (p))dH (p).

The term pV (K (p)) is the expected failure loss to the regulator from a bank with risk p, while q K (p) is the cost to the bank of raising capital.

It is straightforward to solve this problem. We assume that the solution is interior, so the first-order conditions are

[for all]p, p V' (K (p)) = q. (1)

The expected marginal benefit of capital is set equal to the marginal cost of capital. Equation (1) implies that K (p) increases with p. As the probability of failure grows, the regulator increases the capital requirement. For example, if V (K) = -(1 - K)[.sup.[alpha]] with [alpha] > 1, then (1) takes the simple form,

K (p) = 1 - (q/[[alpha]p])[.sup.1/([alpha]-1)],

assuming q and the range of p are such that 0 [less than or equal to] K (p) [less than or equal to] 1 (see Figure 2). The positive relationship between default probability, p, and capital, K, is the goal of both the Basel I and II regulations.

[FIGURE 1 OMITTED]

Private Information

The fundamental problem for Basel I and II is to determine the risk of a bank's assets. The premise of the Basel II reform is that a bank has the best information on its own assets so that by using its internal models and data, a regulator can get a better estimate of its risks than from the crude measures underlying Basel I. The problem for Basel II is that a bank has an incentive to understate the risk as long as it wants to save on capital costs.

For illustrative purposes, we start with the extreme assumption that the regulator knows almost nothing about the riskiness of a bank's investment opportunities except that the distribution of these risks is H (p). Each bank, however, knows its own risk; that is, it has private information. Now, how should the regulator set capital requirements? The regulator would like to use the capital requirements illustrated in Figure 2, but that would be a disaster. Each bank would say that it was the safest bank; that is, report [p.bar] to get the low capital of K ([p.bar]). All banks would do this, and there would be nothing the regulator could do afterwards. The result for the regulator would be huge losses.

[FIGURE 2 OMITTED]

Instead, the regulator should design a capital schedule that takes into account each bank's private information. The effect of private information is modeled with an incentive constraint that says a capital schedule is only feasible if it is in the interest of a bank to report its risk truthfully. (5) Formally, the incentive constraint is

[for all] p, [^.p], 1 - K (p) [greater than or equal to] 1 - K ([^.p]),

or, equivalently,

[for all] p, [^.p], K (p) [less than or equal to] K ([^.p]). (2)

This constraint says that the utility a bank with failure risk, p, receives from K (p) is at least as much as it would receive if it claimed to have any other failure risk, [^.p].

The 1988 Basel Accord

The incentive constraint, (2), is very stringent, eliminating most capital schedules. The only schedules that satisfy it are those where K (p) is a constant. If K (p) varies with p at all, a bank assigned a higher K (p) would simply claim that its assets are a risk that receives the lowest capital charge under the capital schedule. Consequently, all bank investments must face the same capital charge, regardless of how risky their portfolios are. Indeed, this lack of responsiveness of capital charges to risk looks exactly like the Basel Accord of 1988 as applied to assets within a particular risk class. For example, a commercial and industrial loan with a 10 percent chance of default is treated the same as one with a 2 percent chance of default.

It is precisely this equal treatment of different risks that has led to the development of Basel II. Basel II distinguishes between the riskiness of loans--the ps in the model--by allowing banks to report the risk characteristics of their loans. This is an admirable goal, as represented by (1), but in light of the incentive constraint (2), it is not attainable. That constraint says there can be no risk variation in capital requirements.

Something else is needed to make Basel II work. As will be discussed in the next section, that "something else" is audits and penalties. Unfortunately, these critical features are not usually discussed in the context of Basel II.

2. A ROLE FOR AUDITS

Risk-sensitive capital requirements could be implemented if the regulator could gather some information about the true risk of the investments. We assume that the regulator, devoting m units of resources, can observe a bank's risk characteristics. Other cost functions are possible. Indeed, some activities pose greater difficulty in gathering information than others do. Still, the fixed cost function is the simplest to study and illustrates the main points, so we will use it.

Audits are performed after the bank reports to the regulator on the risk characteristics of its investments. For the moment, we assume that auditing is deterministic; that is, in response to a particular report the regulator must either audit or not audit. Later, we will extend the model to allow the regulator to audit with some probability.

If an audit is performed and the bank is found to have misrepresented its asset risk, the regulator may impose a penalty. We model this penalty as a fixed utility amount, u. The utility of an audited bank found to have lied is 1 - K (p) - u.

The addition of audits requires a slight modification to the regulator's decision problem and to the incentive constraints. Now the regulator must decide which reports of p to verify with an audit and which not to. Let A be the region of [[p.bar], [bar.p]] for which the regulator audits and N the region for which it does not. There are two sets of incentive constraints. The first set concerns misrepresentations in the no-audit region. These incentive constraints are

[for all]p, 1 - K (p) [greater than or equal to] 1 - K ([^.p]), [for all] [^.p] [member of] N

or, equivalently,

[for all]p, K (p) [less than or equal to] K ([^.p]), [for all] [^.p] [member of] N. (3)

Incentive constraints (3) state that a bank's capital must be less than it would receive if it claimed to have a p in the no-audit region, N. Like the earlier incentive constraints (2), these incentive constraints strongly restrict feasible allocations. However, the restriction only applies to p in the non-auditing region, N, so capital must be a constant only over this region. We refer to this amount of capital as [K.sub.N].

The second set of incentive constraints prevents misrepresentations in the audit region. These incentive constraints are

[for all]p, 1 - K (p) [greater than or equal to] 1 - K ([^.p]) - u, [for all] [^.p] [member of] A,

or, equivalently,

[for all]p, K (p) [less than or equal to] K ([^.p]) + u, [for all] [^.p] [member of] A. (4)

These incentive constraints are usually less important than (3). As long as u is high enough, they will be automatically satisfied.

To summarize, the main difference between the earlier model and the deterministic auditing model is the severity of the incentive constraints. In the earlier model, (2) forces the capital requirement to be the same for all risks while in the deterministic auditing model, (3) forces the capital requirement to be the same only for risks in the non-auditing region.

Even before writing out the program, two properties of optimal capital requirements can be derived. The first follows from (3). Because banks can always claim that their failure probability is some p in the non-auditing region, we know that

Proposition 1 K (p) [less than or equal to] [K.sub.N].

The second proposition that we can prove is that the non-auditing region is convex and consists of the highest risk banks. This proposition will let us formalize the regulator's problem in a simple way.

Proposition 2 The non-auditing region, N, is convex and consists of the highest risk banks.

We do not provide a formal proof. Conceptually, the idea is simple. Assume that there is an audited bank that is riskier than some non-audited bank (and for simplicity both are equal fractions of the bank population). By Proposition 1, the non-audited bank holds more capital. Now, switching their regulatory requirements--switching the amount of capital each holds--and auditing the safe bank but not auditing the riskier bank satisfies the incentive constraints. It also increases the utility of the regulator since the capital is more effective when deployed against the risky bank rather than the safer bank.

These properties can be incorporated when formulating the regulator's problem. Let a be the cutoff between audited and non-audited banks. The regulator's program is:

Regulator's Program with Deterministic Auditing

[max.[a, [K.sub.N], K(p)]] [[integral].sub.[p.bar].sup.a] (pV (K(p))-m-qK(p))dH(p) + [[integral].sub.a.sup.[bar.p]] (pV([K.sub.N])-q[K.sub.N])dH(p),

subject to the incentive constraints

[for all]p < a, K(p) [less than or equal to] [K.sub.N] (5)

and (4).

For the purpose of our analysis, we are going to assume that the penalty u is high enough so that (4) does not bind. Furthermore, when we take the first-order conditions, we are going to ignore the incentive constraint (5) and show that the solution to the program without it still satisfies it. This property does not mean that the private information does not matter in this problem. Instead, it means that setting up the problem with a cutoff between the auditing and non-auditing regions and with constant capital in the non-auditing region is enough for incentive compatibility to hold.

The derivative with respect to [K.sub.N] is

V'([K.sub.N]) [[integral].sub.a.sup.[bar.p]] pdH(p) = q [[integral].sub.a.sup.[bar.p]] dH(p). (6)

The first-order conditions with respect to K(p) are

[for all]p < a, pV'(K(p)) = q. (7)

Again, we assume that the solutions are interior.

Two properties of a solution follow from these two constraints. First, from (7), we know that K(p) is increasing in p for p [member of] A. Second, there is a discontinuity in K(p) at the cutoff a. Let [~.K](a) = [lim.sub.p[right arrow]a] K(p). Taking the limit of (7) at p = a and substituting for q in (6) delivers

V'([K.sub.N])E(p|p [greater than or equal to] a) = aV' ([~.K](a)), (8)

[FIGURE 3 OMITTED]

where

E(p|p [greater than or equal to] a) = [[[integral].sub.a.sup.[bar.p]] pdH(p)]/[[[integral].sub.a.sup.[bar.p]] dH(p)].

Because a is less than the average probability of failure in N, that is, over the range a to [bar.p], (8) implies that V'([~.K](a)) > V'([K.sub.N]), which, in turn, implies that [~.K](a) < [K.sub.N]. Thus, K(p) is discontinuous at a. Furthermore, this result proves that constraint (5) is redundant.

The intuition for the discontinuity is that for p [member of] A, K(p) is set as in the full-information problem, where (7) is satisfied when the marginal benefit of capital equals its marginal cost. But for p [member of] N, K(p) is a constant, so [K.sub.N] is set to equalize the expected marginal benefit of capital with its marginal cost. Figure 3 illustrates what a capital schedule might look like.

The final first-order condition is taken with respect to the cutoff point, a. It is

(aV([K.sub.N]) - (aV(K(a)) - m)) - q(a[K.sub.N] - aK(a)) = 0.

Canceling terms and rearranging gives

aV([K.sub.N]) + qK(a) + m = aV(K(a)) + q[K.sub.N]. (9)

The left-hand side of equation (9) is the marginal cost of increasing the cutoff point, and the right-hand side is the marginal benefit.

Back to Basel

The model's implications for capital regulation are very strong and, at first glance, counterintuitive. The highest risk banks do not need to be audited. Only banks that want to hold less capital than the maximal amount are audited. This result, however, should not be surprising since, for incentive reasons, there is no need to audit a bank willing to hold the maximal amount of capital. Indeed, if regulators have a maximum amount of risk, p, they are willing to allow banks to take, and assuming they have the power to shut down banks, they would have to audit every bank in operation.

The model demonstrates just how fundamental auditing and the penalties are to regulatory policy. Risk-sensitive regulation requires auditing of any bank holding less than the largest amount of capital. Presumably, this result would include most banks and likely would cause high auditing costs, which seems problematic. Fortunately, other regulatory policies may still implement risk-sensitive capital requirements at a lower cost. In the next section, we consider such policies in a model with stochastic auditing.

Still, the point remains that auditing and penalties cannot be avoided. Basel II contains many details on how a bank should justify its capital ratio, but these procedures can never be perfect. If they were, we could turn over investment decisions to regulators. Basel II is premised on the belief that banks know their risks better than regulators, and while regulators can gather some information on these risks, they can never know as much as the bank. For this reason, the incentive concerns detailed above are unavoidable.

3. STOCHASTIC AUDITING

In this section, we modify the model so that the decision to audit by the regulators can be stochastic. By stochastic we mean that in response to a bank's risk report, the regulator may audit with some probability. As we will see, this policy saves on supervisory resources. As before, we will assume that these audits fully reveal the information. Alternatives can be studied. For example, the regulator could observe only a signal correlated with the true risk, or the quality of the signal could depend on the intensity of the audit.

Stochastic auditing requires making a few changes to the model. First, we drop the distinction between the auditing and non-auditing regions. Let [pi](p) be the probability of an audit, given that p is reported. As before, m is the cost of an audit, and u is the utility penalty that is imposed if a bank is found to have lied. The regulator's program is:

Regulator's Program with Stochastic Auditing

[max.[K(p)[member of][0, 1],[pi](p)[greater than or equal to]0]][[integral].sub.[p.bar].sup.[bar.p]](pV(K(p)) - [pi](p)m - qK(p))dH(p)

subject to the incentive constraint

1 - K(p) [greater than or equal to] 1 - K([^.p]) - [pi]([^.p])u, [for all]p, [^.p]. (10)

Incentive constraint (10) differs from the deterministic case incentive constraints (3) and (4) in that [pi](p) can take on any value from zero to one.

There are many incentive constraints in (10), but, fortunately, most of them are redundant. Notice that utility is decreasing in K(p), and utility from reporting the wrong p does not depend on a bank's risk type. Therefore, if the incentive constraint holds for the type with the highest capital charge--for now, assume that it is the highest risk bank [bar.p]--then the incentive constraint holds for all other risk types. Formally, (10) can be replaced by

K([bar.p]) [less than or equal to] K(p) + [pi](p)u, [for all]p. (11)

Another simplification is possible. Audits are a deadweight cost, so it is best to minimize their probability. For a given capital schedule, the audit probabilities are minimized when (11) holds at equality. Therefore,

[pi](p) = [K([bar.p]) - K(p)]/u. (12)

We hinted above that the highest risk bank would be the type to hold the greatest amount of capital. This is intuitive, but it can be proven. Imagine that the bank assigned the highest amount of capital is not the highest risk one. For simplicity, assume that all types of banks occur with equal probability. Then, simply switch the capital requirement faced by the highest risk bank and the one holding the most capital. Incentive compatibility still holds and the regulator's objective function is higher since the highest risk bank holds more capital.

We could substitute (12) directly into the objective function, but for optimization purposes it is more convenient to consider

[pi](p) = [[bar.K] - K(p)]/u (13)

and require that K(p) [less than or equal to] [bar.K], for all value of p. Equation (13) will be substituted into the objective function, and we will make [bar.K] a choice variable. As long as the solution has K(p) [less than or equal to] K([bar.p]), auditing probabilities will be nonnegative. Furthermore, because auditing is a deadweight cost, any solution will necessarily set [bar.K] = K([bar.p]). With these changes, the program is:

Simplified Regulator's Program with Stochastic Auditing

[max.[K(p)[member of][0, 1], [bar.K]]] [[integral].sub.[p.bar].sup.[bar.p]] (pV(K(p)) - [[[bar.K] - K(p)]/u]m - qK(p))dH(p)

subject to

[for all]p, K(p) [less than or equal to] [bar.K]. (14)

Even before studying the first-order condition, the solution has the following properties from (13) and the desire to lower [bar.K]. First, the probability of an audit is zero for any bank that holds the highest amount of capital. Second, the audit probability increases as capital declines.

The first set of first-order conditions for this problem is

[for all]p, (pV'(K(p)) + m/u - q) = [lambda](p), (15)

where [lambda](p)h(p) [greater than or equal to] 0 is the Lagrangian multiplier on (14) for p. The remaining first-order condition is

m/u = [[integral].sub.[p.bar].sup.[bar.p]] [lambda](p)dH(p). (16)

We already demonstrated that only the highest risk banks hold the greatest amount of capital. Therefore, K(p) [less than or equal to] K([bar.p]). For any bank with K(p) < K([bar.p]), [lambda](p) = 0, so (15) implies that capital is increasing in risk in this range.

The first-order conditions can be used to derive two additional properties of a solution:

Proposition 3 A range of banks at the upper tail of the distribution (more formally a range with positive measure) holds K([bar.p]).

This proposition is equivalent to showing that there is a range of p for which constraint (14) binds. A proof is contained in the Appendix.

The second result is differs from that of the deterministic auditing case.

Proposition 4 The capital schedule K(p) is continuous.

This proof is also in the Appendix.

The properties of the stochastic auditing model are illustrated with an example. We also calculated the optimal deterministic auditing contract to compare the two. The example used the following parameter values: h(p) is a uniform distribution over the range [p.bar] = 0.1, and [bar.p] = 0.5, V(K) = -1.5(1 - K)[.sup.2], m = 0.01, u = 1.0, and q = 0.5.

Figure 4 illustrates optimal capital requirements under deterministic and stochastic auditing. The schedule for the deterministic case has a discrete jump at the non-audit point. The schedule for the stochastic case is continuous. In the deterministic case, there is a much bigger range of p for which capital is flat. Capital requirements are, necessarily, less finely tuned in this case. Also, for p in the audit range (roughly between 1.0 and 1.5), K (p) is slightly smaller under deterministic auditing than under stochastic auditing. This difference comes from comparing the two problems' first-order conditions. Condition (15) has an additional term m/u that is not in (7). This term makes K (p) higher in this range.

Figure 5 illustrates the audit probabilities for both models. Of course, the deterministic case probabilities are either zero or one. Probabilities for the stochastic case move smoothly and hit zero for the risk types that hold the highest amount of capital. As capital declines, audit probabilities increase. Finally, the stochastic auditing case saves on auditing resources. In the deterministic case, banks are audited 15.5 percent of the time and 13.7 percent of the time in the stochastic case.

The differences in the two types of arrangement are evident in the figures. Stochastic auditing is, of course, more efficient. Here it allows for more finely tuned capital requirements and uses less auditing resources.

4. CONCLUSION

Banks know their own risks better than regulators. Basel II is based on the premise that these risks can be communicated by banks to regulators and then used to determine regulatory capital. But with this informational advantage, banks can control precisely what is communicated. For this reason, it is necessary to consider the incentives banks have for truthfully reporting their risks. This article argues that the penalties or sanctions imposed for noncompliance are critical for determining these incentives. Basel II is, unfortunately, relatively silent on this issue. As Basel II is adopted and implemented, these issues will have to be addressed.

The models developed in this article not only illustrate the role of penalties, but also illustrate various supervisory strategies for gathering information and imposing sanctions. Supervisory resources are scarce and costly. Therefore, finding the best way to deploy them is valuable. The stochastic auditing model demonstrates that randomized audits, or exams, could improve upon regularly planned audits. (6)

[FIGURE 4 OMITTED]

In the models, audit frequencies and capital requirements are inversely related. Less capital requires more frequent auditing for incentive reasons, implying, counterintuitively, that the safest banks are audited the most. The reason for this regulatory behavior is that the role of audits is to prevent risky banks from claiming to be safer than they really are. Because no one wants to claim to be riskier than they actually are, auditing a bank that claims it is the highest risk is unnecessary. This bank has agreed to hold more capital, and that is all the regulators desire.

The precise relationship between audit frequencies and capital requirements depends on parameters such as available penalties, auditing costs, the costs of capital, and the distribution of bank risk types. If these parameters differ between countries, then there should be different capital schedules in each country. Harmonization of regulations is not without its costs.

[FIGURE 5 OMITTED]

The models developed in this article omit other relevant dimensions to the problem. For example, audits are not perfect. Sometimes the information gathered is incorrect. One way to incorporate these important factors is to allow regulators to observe only a signal correlated with the true state. Other possibilities include making it costly for banks to hide information, e.g., Lacker and Weinberg (1989). Another important extension is to consider dynamic capital schedules. Supervisors interact over time with banks and may have latitude to generate the equivalent of penalties through their future treatment of the bank. The literature on dynamic costly state verification models should be relevant here and includes Chang (1990), Smith and Wang (1998), Monnet and Quintin (2003), and Wang (2003).

APPENDIX

Proposition 3 There is a range of banks at the upper tail of the distribution (more formally a range with positive measure) that hold K ([bar.p]).

If only the highest risk bank, [bar.p], holds the greatest amount of capital, then [lambda](p) = 0 for all p < [bar.p]. But then [[integral].sub.[p.bar].sup.[bar.p]] [lambda](p)h(p) = 0, which contradicts (16). Therefore, [lambda](p) > 0 for a range of p with positive measure. These values of p have to be the highest risk values. If not, consider [p.sub.1] < [p.sub.2] with K ([p.sub.1]) = K ([bar.p]) and K ([p.sub.2]) < K ([bar.p]). We know that [lambda] ([p.sub.1]) [greater than or equal to] 0 and [lambda] ([p.sub.2]) = 0. Using (15), we have

[p.sub.1] V' (K ([bar.p])) + m/u - q = [lambda] ([p.sub.1]) [greater than or equal to] [lambda] ([p.sub.2]) = [p.sub.2] V' (K ([p.sub.2])) + m/u - q, which implies that [p.sub.1] V' (K ([bar.p])) [greater than or equal to] [p.sub.2] V' (K([p.sub.2])). But V' (K ([bar.p])) < V' (K ([p.sub.2])), so [p.sub.1] > [p.sub.2], which is a contradiction.

Proposition 4 The capital schedule K (p) is continuous.

Let [^.p] be the lowest value of p at which K (p) = K ([bar.p]). The capital schedule is clearly continuous above and below this point. Take the limit of K (p) as p approaches [^.p] from below. Call this limit [~.K] ([^.p]). Evaluating (15) at the limit gives

([^.p]V' ([~.K]([^.p])) + m/u - q) = 0.

If K (p) is not continuous at [^.p], then K ([^.p]) = K ([bar.p]) > [~.K] ([^.p]), which implies that

[lambda] ([^.p]) = ([^.p] V' (K ([bar.p])) + m/u - q) < 0.

But [lambda] ([^.p]) < 0 is a contradiction, so K (p) is continuous at [^.p] as well.

I would like to thank Rafael Repullo, Pierre Sarte, Javier Suarez, John Walter, John Weinberg, and seminar participants at CEMFI for helpful comments. This article was prepared while I was visiting CEMFI. The views expressed in this article do not necessarily represent the views of the Federal Reserve Bank of Richmond or the Federal Reserve System.

(1) Technically, in the proposed U.S. implementation, banks will use their internal systems to estimate several key numbers--like the probability of default and the loss given default. Banks then enter these numbers into a regulatory formula to determine capital requirements.

(2) The third and final pillar of Basel II is concerned with market supervision.

(3) A bank's preferences over K are independent of its risk, p. Banks always prefer less capital to more. This assumption is strong, but it simplifies the analysis in several advantageous ways.

(4) We decided to model bank's preferences over capital by 1 - K rather than formally including the cost of capital because it simplifies the algebra. This modeling decision has no impact on the article's results because the important feature is that the bank prefers less capital to more.

(5) The Revelation Principle is being used here.

(6) Audits may be made to depend on other signals. Marshall and Prescott (2001) analyze a model where regulatory sanctions depend on the realization of bank returns.

REFERENCES

Chang, Chun. 1990. "The Dynamic Structure of Optimal Debt Contracts." Journal of Economic Theory 52 (October): 68-86.

Lacker, Jeffrey M., and John A. Weinberg. 1989. "Optimal Contracts Under Costly State Falsification." Journal of Political Economy 97 (December): 1345-63.

Marshall, David A., and Edward Simpson Prescott. 2001. "Bank Capital Regulation with and without State-Contingent Penalties." Carnegie-Rochester Conference on Public Policy 54 (June): 139-84.

Monnet, Cyril, and Erwan Quintin. 2003. "Optimal Contracts in a Dynamic Costly State Verification Model." Manuscript, July.

Mookherjee, Dilip, and Ivan Png. 1989. "Optimal Auditing, Insurance, and Redistribution." Quarterly Journal of Economics 104 (May): 399-415.

Rochet, Jean-Charles. 1999. "Solvency Regulations and the Management of Banking Risks." European Economic Review 43 (April): 981-90.

Smith, Bruce D., and Cheng Wang. 1998. "Repeated Insurance Relationships in a Costly State Verification Model: With an Application to Deposit Insurance." Journal of Monetary Economics 42 (July): 207-40.

Townsend, Robert M. 1979. "Optimal Contracts and Competitive Markets with Costly State Verification." Journal of Economic Theory 21 (October): 265-93.

Wang, Cheng. 2005. "Dynamic Costly State Verification." Economic Theory 25 (June): 887-916.