The ripple effects of the 2007-2008 global financial crisis – when a number of large, global financial institutions went into bankruptcy due to over investment in the collapsing US housing market – lead to the global economic recession, tax payer bail outs of organisations deemed “too big to fail”, and even, more recently, the Eurozone debt crisis and the current global stock market turmoil.
The Financial Services industry has always been highly regulated. The crisis, however, demonstrated that existing regulations were not adequate to prevent a global crisis. In response, we have seen a significant increase in legislation designed to lessen the chance of a recurrence.
Existing regulations, such as the Basel Accords, which regulate (largely) liquidity – the amount of cash that a bank must hold to cover its reasonable risk – were extended and strengthened. Not only are banks required to quantify additional risks, they are also required to be more rigorous in their approach to measuring risk. The insurance industry must comply with the similar Solvency and Assessment Management (SAM) regime – which regulates the amount of cash that a company must have available to cover its potential insured risk.
The crisis also drove the introduction of stress testing regulations, such as Dodd’s-Frank. Stress testing forces the bank to make worse case assumptions and to test the ability of the institution to survive those scenarios.
Not all regulations are risk related, for example, the Foreign Account Tax Compliance Act (FATCA) is a US law requiring that foreign banks and insurance companies report on the earnings of US citizens that have investments with them. Other countries are moving towards similar legislation in order to close tax loopholes.
Financial institutions seeking to comply with these, and other regulations, must draw together data from a multitude of sources before applying models that test the bank’s resilience to change and unexpected circumstances.
Driven by data
A data driven culture helps to do this cost effectively. Historically, each regulation has been treated on its own merits, and combined IT and Risk projects have been established to meet regulatory needs. A Bank may have had, for example, a Basel II project and a FATCA project running concurrently, with different teams.
The increased regulatory burden requires more regulations to be met, more quickly. Risk professionals are faced with a large number of month end reports that must be delivered to tight external deadlines and with provable reliability and quality. For stress testing, many reports are once off, or require ad hoc changes in order to test specific new hypotheses.
Define risks carefully
The risk environment must be clearly defined – terms, calculations, the sources of data and the process used to derive risk reports must be clearly documented and signed off by senior managers. For the typical bank, these terms and definitions can run in tens, and even hundreds, of thousands of items. The biggest challenge is not the volume – although this is certainly intimidating. The challenge is in ensuring the correct stakeholders, from business and IT, are all engaged and able to share their knowledge, and to ensure that all parties are working with the correct versions of a definition.
Data assurance capabilities help banks to examine the quality of information extracted for the stress testing and regulatory reporting processes and to monitor and prove its ongoing accuracy through the compliance process. Risk teams need to reduce their dependency on scarce technical resources in order to meet regulatory deadlines, but need to do so in a way that maintains necessary levels of oversight and control.
An investment in a business friendly data assurance capability – data governance and data quality – may need support from more than one risk or compliance project. The benefits of improved productivity and more accurate risk reports, are combining to make this option a viable proposition.
The current trend is towards more, not less, regulation. The combined costs of tactical risk projects far exceed the investment that may need to be made in an enterprise data governance capability.
This post was originally published by Business Brief Image sourced from http://imgarcade.com/1/compliance-images/