Data aggregation and risk reporting move to center stage for financial firms

Photographer: REUTERS/John Gress

Banks must be prepared to start discussing their risk positions with regulators as early as next year, ahead of international requirements that go into effect in 2016, and some consultants have been alerting their banking clients about the requirements.

Leveraging off of a Basel Committee (BCBS) consultative paper published in June 2012, “Principles for Effective Risk Data Aggregation and Risk Reporting” and a recent white paper by Deloitte advises banks on ramping up their information technology and data architectures to help improve their financial risk management systems. 

The white paper offers a framework for banks to swiftly assess the readiness of their risk systems across business lines and focus on fixing high-priority issues. The company is also running a series of update meetings with banks’ senior managements to discuss the impact of these proposed regulations.

According to the Basel paper, globally systemically important banks will be required by 2014 to implement 14 standards for risk-management data. The banks, however, will need to start sharing their self-assessments with national regulators as early as 2013.

Key datasets include — but are not limited to — market data such as yield curves, foreign exchange, equities and commodities; credit risk such as counterparty exposure, positions, trades and collateral, and aggregation data by clients, geography, and industry.

Inadequate data aggregation, insufficient risk reporting and ineffective IT systems were seen as a significant contributor to the financial crisis.

The deficiencies casued regulators to misjudge the leverage and the interconnectedness of financial institutions, and maturity mismatches in their balance sheets. Partly due to the lack of information about the shadow banking system, regulators were also unable to track monetary activities.

Going forward, the aggregate risk data will also be useful in designing the wind-up of an insolvent bank.

The principles of the Basel paper cover four key areas, namely, governance and infrastructure, risk-data aggregation capabilities, risk-reporting practices, and supervisory review, tools and cooperation. Various industry groups, such as the Global Financial Markets Association and the Institute of International Finance have supported the Basel paper’s principles-based approach as preferable to a prescriptive series of requirements would create difficulty for banks with different business models.

The principles reflect three overarching strategies for treating risk-management data.

First, bank management must have an anticipatory approach and assume responsibility for risk data. For example, the paper states, “a bank’s board and senior management should take ownership of implementing all the risk-data aggregation and risk-reporting principles, and have a strategy to meet them within a time frame agreed with their supervisors.” The paper goes on to urge the board and senior management to review and approve the bank’s group-risk data aggregation and risk-reporting processes and ensure that adequate resources are deployed.

Second, banks’ top brass should envision a desired risk profile, aligning their responsibilities more closely with risk management. For instance, the paper states that the bank’s board and senior management are responsible for determining their own risk-reporting requirements. While a good risk profile may vary from bank to bank, banks should have a well-defined and controlled process for establishing measurable risk appetite and a capability to monitor risks against set tolerances.

Third, the paper advocates the aggregation of risk exposures and concentrations at the bank group level. “The group structure should not hinder risk-data aggregation capabilities at a consolidated level,” it says. This shows a view that a single source of data within a bank can help simplify its risk-related information technology architecture and make it more manageable. This holistic approach, in essence, would be a clear departure from the siloed approach that has hampered most banks’ past efforts to manage their risks. Extraction and aggregation of key data from multiple business units will present a challenge, however, especially for banks that have grown through mergers and acquisitions.

Risk data in Dodd-Frank

The importance of risk data aggregation and reporting has been recognized by the U.S. legislators as well, as they had established it as one of the centerpieces of the Dodd-Frank Act.

The Act, under Section 153(a), has specifically designated a new institution — the Office of Financial Research (OFR) – with the task of data collection and analysis to provide support to the Treasury, Federal Reserve, and the Federal Deposit Insurance Corporation through its parent institution, the Financial Stability Oversight Council in assessing emerging systemic risk. The Office is also charged with the task of utilizing the data to develop relevant risk measurement and monitoring tools.

In order to make it easier to manage the volumes of data, the research office has made efforts to streamline the process. It has, for instance, proposed a way to standardize how parties to financial contracts are identified, and established a Legal Entity Identifier for each legal unit in financial institutions, thus allowing regulators to assess market exposures at a more precise, or “granular” level.

The OFR will thereby help regulators see the critical linkages in the market in a timely fashion, and act as a “systemic risk detector.”

Enhancements in IT systems and risk-data and reporting processes of the banks will require years of significant investment in terms of financial and human resources, with the benefits to accrue only in the long term.

However, a bank-industry survey conducted jointly by Ernst & Young and big-bank trade group International Institute of Finance (IIF) in June 2012 shows that banks have already started making strides this year. Bank models in place before the financial crisis underestimated the size and risk of some of the exposures across business units. Recognizing this, 68 percent of survey respondents reported having revised their economic capital models by including stress testing and stress Value at Risk (VaR), adjusting the previously optimistic correlations, adding risks not captured by VaR, and consolidating risks across business units.

A separate report by the IIF , based on a survey of member banks, indicated that they will spend an average of $390 million over the next five years, representing an increase of spending in this area by 50 percent.

In view of these surveys and studies, it seems that banks now have a deeper understanding of risks, and are better equipped in managing them than they were prior to the crisis. However, the job is far from complete because new systems have not yet been implemented.

Given this, the discussions with regulators and self-assessments set to begin in 2013 will be a critical milestone in showing whether the progress achieved thus far will be sustained going forward.

 

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus (http://accelus.thomsonreuters.com/) . Compliance Complete (http://accelus.thomsonreuters.com/solutions/regulatory-intelligence/compliance-complete/) provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges. Follow Accelus compliance news on Twitter at: http://twitter.com/GRC_Accelus )