With less than a year to go before the January 2016 deadline, the Basel Committee on Banking Supervision’s latest report reveals that banks are still struggling to comply with the Principles of the BCBS239 regulation.
The report published in January 2015 represents the capabilities and progress of the 31 G-SIBs (global systemically important banks), in their quest to meet the full set of requirements by the 1st January 2016 deadline. This is the second BCBS239 report to be published and comes a year after the first was released in December 2013.
The report, titled “Principles for effective risk data aggregation and risk reporting.” Sets out to provide guidelines on how banks can improve their ability to identify and manage bank-wide risk. What is clear from the latest report is that while much has already been achieved, there remains a great deal to be accomplished, with firms facing a number of obstacles to overcome if they are to comply with the 11 Principles directly relating to their capabilities.
Still much to do to achieve compliance
Attempts to establish strong data governance, aggregation, and architecture processes necessary for compliance have proven to be very difficult for the G-SIBs. To address this challenge, firms are implementing large-scale projects to improve governance, IT architecture and infrastructures. However, many are relying too heavily on manual work-arounds and tactical mitigants in their efforts towards compliance.
Manual work-arounds increasing technical debt
Manual work-arounds and tactical mitigants are typically major constraints on the flexibility, adaptability and operational robustness of a long-term BCBS239 solution. Manual work-arounds may achieve compliance on a superficial ‘box ticking’ level, but they do not go to the heart of addressing many of the deep seated challenges surrounding risk data aggregation and reporting that BCBS239 was introduced to address. Manual work-arounds and tactical mitigants cannot always be avoided; however they do increase ‘technical and process debt’ which carries a heavy penalty to be paid at some point in the future.
Can the D-SIBs learn from the experience of the G-SIBs?
Attention has now turned to the Domestically Significant Investment Banks (D-SIBs), of which there are many more around the globe, and how they intend to meet BCBS239 compliance. Under the guidelines, they are not required to comply with BCBS239 by the January 2016 deadline, however, the Bank for International Settlements (BIS) recommended that regional regulators apply a three year time frame, starting when each individual organisation is designated as a D-SIBs. Since the regulators’ recognition of D-SIBs is not a globally synchronised process, there is a blurring of timelines; but now D-SIBs are beginning to budget, plan and mobilise their BCBS239 programmes.
Starting from scratch and with three years to implement, D-SIBs should be able to take advantage of the experiences and lessons learned by the G-SIBs – many of which were learned the hard way! They can avoid the costly mistakes of many G-SIBs by using their time and budgets more efficiently and ensuring that appropriate tools, processes and other accelerators are utilised. D-SIBs can also reduce their overall project risk and aim for a quicker, and higher quality end result; with improved risk data aggregation and reporting that the regulation was designed to encourage.
Senior management need to take the lead
The key to success for firms tackling BCBS239 should begin with senior management taking the lead in highlighting the importance and value of risk data management. They should embrace the strategic opportunity to change how each of their institutions operates and implement robust governance structures that act as a foundation on which to build towards a full BCBS239 solution. The reliance on manual work-arounds and tactical mitigants needs to be reduced and firms must now identify where the shortcoming lay, and how they can make the transition towards a more strategic solution.
BCBS239 should be viewed as more than yet another form of regulation that requires compliance; it is an opportunity for banks to entirely re-evaluate their risk data aggregation, management and reporting, ultimately leading to better governance, better decision-making and improved operational efficiency.
This article is extracted from the full GFT paper: BCBS239 – the behemoth lumbers on. To read the full paper, click here
By John Barclay, Managing Principal, Risk Consulting, GFT