The Permanence of Supervisory Data Needs

A call to arms on banks has resounded from the supervisory, technology and consulting community alike. A call that banks patchwork and complex IT development on top of legacy systems is no longer sustainable. Boston Consulting Group estimates that of European banks sizable IT expenditures of over 10% of revenues, approximately 70% is spent on IT requirements for simply running the bank¹. Banks must invest to replace legacy and ensure their technology can support changing banking business models.

But this call to arms is not enough. It is only part of the story. Without a thorough development of data architecture, banks will continue to drown under wave after wave of regulatory demands for new data submissions. Supervisors are fed up with banks' inability to provide a clear picture of their businesses and are understandably fearful of missing the next trigger, sliding a nation back into the economic fiasco of recent years. It is clear from the stream of communications and regulatory initiatives from supervisors globally that the increased scrutiny and demands on data are not temporary... they are permanent.

The Senior Supervisors Group expressed its concern in its December 2010 report² where it said that "while most firms have made progress in developing risk appetite frameworks" and begun multi-year projects to improve IT infrastructure, financial institutions have considerably more work to do... In particular risk data remains a challenge for institutions, despite its criticality to strategic planning, decision making, and risk management.-

Frustration was echoed in the FSB's October 2011 progress report³ on the SIE report⁴ (a report on "Intensity and Effectiveness of SIFI Supervision") where it stated that the foremost factors hampering supervisors from addressing issues identified in the SIE report "are inadequate information systems (IT) and data architectures at SIFIs which are hampering risk management practices such as stress testing and implementation of effective risk appetite frameworks, and also hamper supervisory oversight. One of the most significant lessons learned from the global financial crisis was that firm management failed to require sufficient IT systems and data to support the broad management of financial risks.

The SIE progress report goes on to say that "many of the global initiatives underway will be challenged by weaknesses in firms" IT systems, in particular the resolvability of SIFIs. Improved IT capability will also be needed to implement other global initiatives that have been endorsed or requested by G20 Leaders. These include identifying domestic and international network connections (FSB Data Gaps Working Group); shadow banking monitoring frameworks (FSB Shadow Banking Task Force); improving data on OTC derivatives and complex structured products.(FSB OTC Derivatives Working Group); and the recent FSB initiative on creating a global 'legal entity identifier' system."

The issue of resolvability is particularly highlighted in the related July 2011 FSB report⁵. It identifies the inability of financial institutions to quickly provide comprehensive data on each of their legal entities as a key problem to resolving a SIFI when a crisis occurs.

Global banks are feeling the strain of data demands from all directions due to supervisors' fears of stress / crisis. For example:

• European Central Bank stress test
• Basel Committee's COREP / FINREP
• The Fed Comprehensive Capital Analysis and Review
• Dodd-Frank Act Stress Test
• The Fed Form 14-Q for market risk stress analysis
• The Fed Comprehensive Liquidity Analysis and Review and related Form 4-G

The Basel Committee has even stipulated the need for supervisors to examine banks' data aggregation and reporting capabilities with the final publication of the "Principles for Effective Risk Data Aggregation and Risk Reporting" in January 2013⁶, for which the SIE progress report was a driving factor.

From this we can see that problems with IT and data at SIFIs (and financial institutions in general) are key risks underlying three high priority issues for global supervisors:

• Reducing the risk of financial system stability posed by these financial institutions;
• Addressing their resolvability
• Ensuring financial institutions can be effectively supervised.

For example, in the United Kingdom, the first two issues are at the heart of the PRA's statutory objective to "promote the safety and soundness of firms and seeking to minimise adverse effects resulting from disruption to the continuity of financial services that can be caused by the way firms run their business or upon their failure"⁷ and the PRA statutory threshold condition 5D for business to be conducted in a prudent manner. Similarly, though statutory threshold condition 5F on effective supervision focuses on corporate and business complexity of a firm, the third priority issue above also identifies data problems as critical to effective supervision.

These three priorities are key examples of why data will continue to be a top priority for national supervisors over the coming years. They are also why this topic is not just an issue for the Chief Information Officer and Chief Risk Officer of financial institutions but should also sit high on the agenda of their boards and executive management, including the CEO. As the SIE progress report states, "these projects will require significant sponsorship, capital and commitment from the board and senior management to ensure that progress continues to be made through the economic cycle".

---

¹ "IT Benchmarking in European Banks: Aiming for a Leaner, More Business-Oriented IT Function", https://www.bcgperspectives.com/content/articles/financial_services_information_technology_organization_it_benchmarking_in_european_banks/ , December 2010.

² "Observations on Developments in Risk Appetite Frameworks and IT Infrastructure", http://www.newyorkfed.org/newsevents/news/banking/2010/an101223.html, December 2010.

³ "Intensity and Effectiveness of SIFI Supervision: Progress Report on Implementing the Recommendations on Enhanced Supervision", http://www.financialstabilityboard.org/publications/r_111104ee.pdf, October 2011.

⁴ "Intensity and Effectiveness of SIFI Supervision", http://www.financialstabilityboard.org/publications/r_101101.pdf, November 2010.

⁵ "Consultative Document: Effective Resolution of Systemically Important Financial Institutions", http://www.financialstabilityboard.org/publications/r_110719.pdf, July 2011.

⁶ "Principles for Effective Risk Data Aggregation and Risk Reporting", http://www.bankofengland.co.uk/publications/Documents/other/pra/bankingappr1210.pdfhttp://www.bis.org/publ/bcbs239.pdf , January 2013.

⁷ "The PRA's Approach to Banking Supervision", http://www.bankofengland.co.uk/publications/Documents/other/pra/bankingappr1210.pdf , October 2012.