Moody’s says last Tuesday, the Basel Committee on Banking Supervision reported that most global systemically important banks (G-SIBs) have an unsatisfactory level of compliance with the Basel Committee’s principles for effective risk data aggregation and risk reporting.
This assessment is credit negative for G-SIBs because it signals that most still do not have the appropriate quality of risk management practices and decision-making processes that the Basel Committee identified as important following the 2007-09 global financial crisis. The Basel Committee indicated that it is critical for banks and their supervisors to make the full and timely implementation of its principles a priority.
The Basel Committee cited a wide range of examples in which G-SIBs failed to meet the principles. These examples include the following:
- A lack of structured policies and frameworks to consistently assess and report risk data aggregation and risk reporting implementation activities to the board and senior management.
- Risk data aggregation and risk reporting policies not approved or fully developed across the global organization.
- Incomplete IT infrastructure projects aimed at improving data quality and controls by unifying disparate or legacy IT systems
- Various data quality control deficiencies in areas such as reconciliation, validation checks and data quality standards.
- Treating implementation of the principles as a onetime compliance exercise rather than a dynamic and ongoing process.
- Incomplete integration and implementation of bank-wide data architecture and frameworks (e.g., data taxonomies, data dictionaries and risk data policies).
- An overreliance on manual processes and interventions to produce risk reports, which risk inhibiting a G-SIB’s ability to produce reports quickly in crisis situations.
- Difficulties in executing and managing complex and large-scale IT and data infrastructure projects, such as resources and funding issues and deficiencies in project management.
- Static risk management reporting frameworks that do not take full account of strategic planning decisions such as risks pertaining to merger and acquisition activities.
- An inability to monitor emerging trends through forward-looking forecasts and stress tests.
According to the Basel Committee, half of the G-SIBs were materially non-compliant with, or had not implemented, the principle for the design, building and maintenance of a data architecture and IT infrastructure that fully supports risk data aggregation capabilities and risk-reporting practices. More than half of the G-SIBs involved in the Basel Committee’s assessment were largely or fully compliant with each of the other principles. The report provides details of compliance among the G-SIBs but does not identify specific compliance details of each G-SIB.
The Basel Committee’s report focused on 30 global banks from around the world that were designated as G-SIBs in 2011 or 2012 and which were subject to a January 2016 implementation deadline.
The key challenges that G-SIBs faced when implementing the principles were technical issues and problems determining materiality thresholds. Only one G-SIB achieved full compliance with all principles by the January 2016 deadline, and the committee expected another to have achieved full compliance by the report’s publication date last Tuesday. The Basel Committee expects 24 G-SIBs to achieve full compliance by the end of 2018, while it does not expect four to be fully compliant until a later date.
Supervisors plan to communicate details of the assessment results to G-SIBs’ boards of directors and senior management by June 2017. Supervisory measures that are available include requests for specific remediation action plans and deadlines, independent reviews, increasing supervisory intensity, imposing capital add-ons and restricting business activities.