A regulatory trigger for risk transformation
The banking industry continues to face high change spend, low revenues and on-going regulatory demands. There have been plenty of bucks spent but for how much bang?
In reality, given the complex nature of regulatory demands, the overlapping timescales and constrained change capabilities, banks have continued to manage change on a point-to-point basis, say Pierre Pourquery & Richard Powell. The nature and speed of regulatory change to date has forced banks to stare at their feet with limited capacity to make out the wood for the trees.
Regulators are generally disappointed with the progress made across the banking industry, seeing little evidence to suggest that investments made over the last five years have yielded any material improvement to the effectiveness of risk management and decision-making processes. At a time when the imperative for change is reaching its peak, banks are suffering an extreme case of change fatigue. So, what next?
It is time for banks to focus and to optimise their resources. Banks should look to The Basel Committee on Banking Supervision Principles for improved risk governance, risk data management and risk reporting and dedicate significant chunks of their resource and investment to fix their data and improve the use of information. Banks of tomorrow need the right information in the right place at the right time to improve decision-making and develop more profitable relationships with their clients.
The BCBS Principles may be looked upon as just another regulatory demand to comply with. A number of organisations, both Global Systemically Important Banks (G-SIBs) and Domestic Systemically Important Banks (D-SIBs) have undertaken BCBS assessments and evaluated their risk capabilities based on the level of compliance against 11 Principles.
Thinking beyond compliance, BCBS can (and should) provide a long awaited trigger for transformation. Satisfying the BCBS Principles will demand comprehensive change across all lines of business and supporting functions, including bank governance structures, risk IT and data infrastructure, end-to-end risk processes, and control environments, as well as its people. Banks must now leverage this opportunity to align bank-wide priorities to design and deliver the right change.
BCBS assessment findings are starting to identify common themes and weaknesses across the industry. Banks expect to face major challenges with the adaptation of their Risk IT and data infrastructure. In addition, common weaknesses include gaps in the controlled sourcing and usage of data for risk reporting which can cause:
- Insufficient data accuracy integrity and completeness
- Fragmented risk capabilities across domains and regions
- Redundant and /or inefficient risk data aggregation capabilities, and
- The inability to measure and monitor the effectiveness of risk control environments
Change is expected to involve multi-year, technology intensive programmes with a significant commitment of resources and senior management time.
Forecast industry spend on managing regulatory change is staggering. For BCBS alone, whilst there is generally still a large degree of uncertainty over costs and benefits, the industry anticipates spend to be hundreds of millions of dollars and, for some, into the billion dollar plus range over the next few years.
On a positive note, there is growing consensus that continued point to point change and spending is not a realistic option. The scale of change needed requires banks to be joined up and to manage the change holistically across the organisation. BCBS remediation efforts are already underway at a number of institutions, but establishing the right risk ambitions and adopting the right design and implementation approach will be key. “Do nothing” is not an option and the stakes are high. Despite efforts, a number of banks are unlikely to achieve full compliance within the three-year timeline. Without the right level of coordinated sponsorship and senior management support, such change will not be delivered successfully.
Without doubt, organisations will be able to evaluate their BCBS gaps and identify opportunities to align horizontal efforts (cross regulatory and non-regulatory change agendas) that would drive more effective and efficient improvements to their risk management capabilities, while simultaneously achieving compliance.
With clear risk capability objectives, potential business benefits include:
- Real-time transaction or customer account level risk-based pricing taking into account all material sources of risks, funding, capital, and contingent exposures
- Optimisation of capital, liquidity and leverage requirements by elimination of conservative assumptions resulting from missing or poor data quality
- Significant reduction of the cost of the risk data and technology infrastructure; by reducing the need for manual transformation, reducing the universe of data to the core risk data elements and use of end user computing (EUCs), and
- Increased management responsiveness to deal with crisis scenarios by timely and accurate risk reporting, which will reduce potential losses through effective risk mitigation
Banks must seize the opportunity to leverage the BCBS Principles to build a fit-for-purpose risk management environment, while achieving regulatory compliance and delivering significant business benefits. Using scarce transformational resources wisely will be critical.
The BCBS Principles and supervisory expectations apply to a bank’s normal and stress/crisis risk management data across all risk types and all lines of business globally. The demand on data (and expectation of completeness and accuracy) will be significant and will include all data related to key internal risk management models, risk management processes, internal management and Board reporting, and regulatory reporting.
Common themes across the industry are emerging:
- Fragmented governance and policy frameworks
- IT systems and strategy do not satisfy the most basic BCBS Principles
- High dependency on manual processing
- Need to enhance timeliness in stress/crisis conditions
- Shortage of qualified resources
- Insufficient clarity from regulators
- Data quality issues with unclear data ownership and accountabilities, and
- Lack of maturity in the data models
Banks will have a number of capability gaps to bridge. BCBS should be used to trigger transformational programmes to develop the right governance, risk capabilities and supporting infrastructures. Banks need to leverage robust risk management capability frameworks to drive the prioritisation of requirements and architecture design.
- Strategy & Governance – banks need to set the right risk ambition and establish guiding principles across the capability framework with clear change programme objectives, execution plans and governance
- Risk Reporting – banks need to develop explicit capabilities for risk, regulatory, crisis reporting and quantitative modelling supported by a focused report delivery capability that should seek out efficacy opportunities across the data supply chain
- Operations & Controls – banks need to review the end-to-end process and control frameworks to assess the effectiveness of controls and impact of any manually intensive processing
- Data Aggregation – banks need to establish data sourcing strategies, data management mechanisms, architecture designs and taxonomies and consistent metadata management capabilities that align to the centralised or federated model utilised by the bank, and
- IT Strategy – banks need to align an overall technology strategy and roadmap to support risk data aggregation and risk reporting requirements globally
Banks continue to cite the on-going management of risks, overlapping and increasing regulatory interventions and a lack of IT flexibility as the top challenges they face today. The time is right to leverage regulatory steer (the BCBS Principles) to generate positive outcomes; who dares, wins. Admittedly, the stakes are high, but rewards can be increased and risks mitigated by joining (top-down) risk ambitions from the Board with a robust governance of the change capabilities (bottom-up) across the organisation. Banks have no choice. The regulators demand a strategy to ensure that they will be able to satisfy the principles by January 2016. Yes, there may be some room for negotiation, but this must not distract attention.
Changes to satisfy the BCBS Principles will cut across risk, finance, technology, operations and all lines of business. With the right approach, banks can address their hot topics (managing regulatory change, ensuring they are in full control, implementing effective risk governance and risk data management, and developing cost efficient operations), achieve compliance and generate benefits to the business. Banks need to invest senior management time across the business to shape the change and establish the strategy. Plans and commitments are no longer theoretical or nice to have, they represent a firm contract between a bank and its regulators. This, coupled with cohesive enterprise-wide delivery and programme governance oversight, will provide the ingredients for success:
- Define and prioritise foundational enterprise capabilities – recognise what a good risk organisation looks like
- Align existing business and operational objectives and programmes – categorise change components and align ownership and governance to expedite delivery
- Assess delivery options – build on existing, start from scratch, minimise/optimise existing
- Continuously measure and monitor benefit release – chart a clear trajectory, and
- Understand what the competition are doing and assess where industry collaboration can help – a problem shared is a problem halved
Banks must view their technology and data as assets to leverage and transformational spend as an investment and not as a cost to minimise. With steer from the top and organisation-wide BCBS programme alignment, banks have an opportunity to transform their risk organisations. In other words, they have an opportunity to maximise the bang for their buck