Another year of stress
Global banks are facing another year where there will be two regulatory stress testing exercises through the course of 2016 - namely the two big ones, US CCAR and EU stress tests.
These exercises have been executed over the past few years with great trepidation and strain. However, despite the progress made to date by institutions, regulatory standards continue to evolve towards “tests” becoming more difficult each year, with higher expectations around the process and its sub-components. The underlying paradigm is one of “looking under the hood” of the stress testing machinery to ensure that its underpinnings are sound. My latest report points to strategic considerations and recommendations for the future of stress testing operating models and the solutions. However, I would like to also point out a number of separate (but related) observations from another industry report. In the most recent BCBS progress report for the adoption of the Principles for effective risk data aggregation and risk reporting (BCBS239), the most significant challenges involves the following, where:
- 57% of banks surveyed in their compliance progress are materially non-compliant with Principle 2, which requires data architecture and IT infrastructure to fully support risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis.
- 50% of banks reported themselves to be materially non-compliant with Principle 3, which is in their ability to generate accurate and reliable risk data - aggregated on a largely automated basis so as to minimize the probability of errors - to meet normal and stress/crisis reporting accuracy requirements.
- 43%of the banks are materially non-compliant with Principle 6, to generate aggregate risk data to meet a broad range of on-demand, adhoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
The numbers above are telling and symptomatic of how the industry is coordinating various strands of regulation, and the architectural strategies that underpin the delivery of these initiatives. In our report, one of the points we underline is the need for stress testing data governance and management practices to be reconciled (better yet, commonly shared) with data/outputs from other related initiatives; for risk data aggregation and reporting (BCBS239), but also to cover emerging regulations like Fundamental Review of the Trading Book (FRTB) and accounting for loss provisions (IFRS9). Net net: If architecture around data and applications are not fundamentally (re)designed and IT change programmes are not executed to actively address interdependencies between various strands of regulations, banks will face an uphill battle for future regulatory compliance, and efforts to develop more sophisticated capabilities will yield diminishing returns. The 'what' and 'where' of these pain points are perhaps more straightforward to identify, but the 'how' of solving it is more elusive. That will be the focus on our upcoming studies e.g. stress testing vendor solutions, risk appetite management initiatives, and risk technology strategies. Watch this space.