BCBS-239 initiative –Challenges and Opportunity for Risk and IT transformation
During the financial crisis of 2008 banks and their regulators have faced challenges to measure financial risks. Many banks lacked the ability to measure aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. Some banks were unable to manage their risks properly due to weak risk data aggregation capabilities and risk reporting practice. This has resulted in consequences for both banks and the whole financial system.
Basel committee has provided guidance (BCBS 239) in 2013 to enhance the bank risk data aggregation and reporting process so that banks can identify and manage bank wide risks effectively. This initiative has its impact across all of the groups and functions in the bank. Some of these include Risk, finance, Treasury, Technology, operations and Business functions involving sizeable investments.
BCBS 239 guidance includes a set of principles covering areas of Governance & Infrastructure, Risk data aggregation capabilities and Risk reporting practices with in a bank. Some banks have already started and some are in the process of making investments to implement these guidelines. Recent survey by Basel has found many banks will be fully compliant by January 2016.
Financial institutions affected by BCBS 239
There are three groups of banks that are being affected. 30 G-SIB – Global systemically important banks, 20 D-SIB- domestic systematically important banks and few SII- systemically important insurers are impacted by the BCBS 239 initiative. All these institutions need to work towards complying with the regulation as per the regulatory compliance dates.
Cost of compliance to BCBS 239 ( $$$$$$$ - Expensive initiative)
Senior management at most banks has already understood the need and urgency to invest in the risk data aggregation and reporting infrastructure. At the same time they are facing the headwinds of diminishing revenues. This situation is putting them in bind. Sungard research has estimated a price of $ 8 Bn as implementation costs for institutions globally. I have no basis to refute or accept these numbers. But one thing is for sure, implementation costs will be high as this involves large scale IT and data architecture transformation. Typically projects at this scale run into multimillion dollar budgets.
Industry Current state:
Ok, so far so good, regulatory guidance is available and financial institutions have understood the gravity of the situation and corresponding budgets to be managed. Now let us focus where we are today since the guidance has been issued in 2013.
In response to Basel guidance G-SIB banks have invested and started working towards implementing various principles. Below is the snapshot of banks expected date of compliance from Basel progress report.
Above graph clearly highlights about 10 banks will not be compliant with principle (2, 3, 4, 5 and 6) before the deadline.
Principle 2 requires banks to have Data architecture and IT infrastructure to support data flow across the systems. Obviously this is the most challenging principle that banks are dealing with. Banks with existing IT infrastructure that includes disparate systems, databases, spreadsheets and manual overrides etc need to create a seamless infrastructure. Some banks have also highlighted with respect to Data architecture and IT infrastructure that
1. Heavy reliance on manual adjustments and processes during the creation of risk reports. This creates problems in the ability of the banks to produce reports timely during the time of crisis.
2. Documentation problems for the aggregation of the data processes at group level. There is a need for developing data dictionaries.
3. Lack of harmonization across jurisdictions is creating difficulties in aggregation of collateral-related data for derivative transactions.
4. Accounting, Risk and regulatory reporting data resides in disparate systems. This creates challenges around automatic reconciliations.
5. Finally, legal restrictions in some regions and countries hinder producing granular level risk data
How to Respond
BCBS-239 initiative with its attributes of Data governance, aggregation and reporting shares similar challenges faced with in industry by many firms. Here we can draw upon lessons learned from those experiences. For instance, Banks are dealing with large amounts of data, both structured (Trading, market variables) and unstructured (confirmations, counterparty signatures). Aggregating this kind of disparate data sets create potential problems.
Already some experts have started arguing that banks should focus on aggregating Risk and (Finance) accounting data with a accounting approach. Some others are ready to sell their expensive systems.
Banks should think twice before they decide on an approach. They have to first take look at how this problem has been solved elsewhere. Fortunately, plenty of technology firms Amazon, google, Twitter, Facebook have solved the problem of handling different types of data sets both in scale and size using big data techniques and cloud infrastructure. Banks can now leverage these techniques and work towards compliance of BCBS - 239.
Banks can create a centralized Data platform with appropriate data governance. All Business applications and systems can utilize from this unified source. This centralization will remove silos and barriers that existed across the lines of the business. Consequently data transparency will help indirectly help to create a better risk culture.
Banks need to create a Data PMO (project management office), develop a data strategy and craft a plan for data management, data governance and data life cycle processes. Additionally Technology strategy for designing the Risk infrastructure to implement the data strategy is required.
Advantages of Big data and Cloud based solutions
1) Banks will see their operation efficiency improvements significantly
2) Banks will need fewer personnel in Finance\Controls groups spending time on analyzing the data instead of reconciling the data globally.
3) Banks IT budgets will taper down over 3-5 year periods as there will be lesser need of manual processes and spreadsheet applications
4) Banks will need to keep lesser capital aside as they can identify, measure and aggregate risks accurately hence estimating the exposures and Risk weighted assets
5) Risk and finance groups will mutate into a hybrid group
6) Regulatory reporting for CCAR and DFAST stress testing, Volcker metrics, Trade repository reporting will become less error prone and save banks from making costly mistakes and getting slapped by regulators.
7) Banks will become information companies that can react to market situations more nimbly.
8) Board and senior management can obtain real time reports on the health of the bank.
Above graph clearly highlights about 10 banks will not be compliant with principle (2, 3, 4, 5 and 6) before the deadline.
- Improving IT infrastructure – increase automation around aggregation and reporting
- Streamline data flows across departments, legal entities
- Ensure consistent data taxonomies
Principle 3-6 requires bank to have proper data aggregation process. Furthermore, data should be complete and accurate. Banks are facing five key challenges in the data aggregations.
Conclusion:
Face of the financial institutions has been changed in the wake of financial crisis. Leadership with in these organizations should understand this and seize the opportunity and transform their firms into vanguards of Technology transformation and grow profitability.
