Two years after the January 2016 deadline for banks to introduce improved risk data aggregation and reporting (BCBS239), the latest report from the BCBS on implementation progress makes grim reading: only three out of thirty global systemically important banks (G-SIBs) are in full compliance, with implementation by most banks showing “at best, marginal progress”.
The Principles for effective risk data aggregation and risk reporting (BCBS239) were published in 2013 to address inadequacies in banks’ IT and data architectures highlighted by the financial crisis, in particular the lack of an up-to-date, group-wide view of risk across business lines and legal entities. Two key principles form the bedrock on which all others are built:
The remaining principles fall under three categories:
The BCBS did not define objective quantitative benchmarks to measure progress towards these goals, but the June 2018 progress report does attempt to quantify compliance to get a snapshot of the current state of play, as of 2017, and progress since 2016. The report shows that:
In spite of this negative outlook, the report strikes an optimistic note: all banks now have a clear implementation roadmap, assessed by their supervisor; enhancements to infrastructure tend to be multi-year projects so the benefits may not yet be apparent; some banks have increased resources and funding and introduced senior roles, such as Chief Data Officer (CDO), to take responsibility for firm-wide data and reporting. This seems like a very low bar for banks, over a year after the deadline and in areas that are simply risk management good practice, not esoteric rules mandated by the regulator.
The report does highlight key challenges faced by banks, including fundamental ones from the 2016 assessment which remain relevant:
And new ones that have come to light in the latest monitoring exercise:
In 2018 during a workshop for supervisors to exchange views on D-SIBs’ implementations of the Principles, it was summarised that they have made “some” progress. However, this was based on self-assessments by D-SIBs, which “could be overly optimistic”. The June 2018 progress report recommends that D-SIBs should not underestimate the efforts necessary to fully comply. They face the same challenges as G-SIBs (complex/legacy IT), and where there are subsidiary relationships between G-SIBs and D-SIBs, the poor implementation by a D-SIB will inevitably affect the G-SIB’s ability to comply as a banking group.
Under the current estimate, there are still 13 banks that will only attain compliance beyond the end of 2018, so there is still plenty of work for banks to do. Compliance with the principles will benefit other initiatives, such as FRTB, and may become more important if it leads to an increase in a bank’s Pillar II capital charge by the regulator.
At Percentile, we see a few key areas that banks can focus on to make significant headway with BCBS 239: