Saturday, 1 April 2017

BIS: GSIBs Risk IT Systems Weak

Unnamed GSIB Data Scientist /Risk Manager Demonstrates New Techology

In January 2013, the Basel Committee published the Principles for effective risk data aggregation and risk reporting (the “Principles”) to remedy deficiencies in risk management disclosed by the 2008 “Great Financial Crisis” (first euphemism of the post).  G-SIBS (Globally Systematically Important Banks) identified in 2011 and 2012 were required to fully implement the Principles by January 2016.

The BIS explained its action as follows:
“One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices. This had severe consequences to the banks themselves and to the stability of the financial system as a whole.”
In March this year, the BIS issued a progress report on implementation of the Principles.  Italics courtesy of AA.
“The latest assessments by supervisors show that banks’ level of compliance is unsatisfactory and the overall implementation progress remains a source of concern to supervisors. Based on supervisors’ assessments, only one bank fully complied with the Principles, even though the implementation deadline for global systemically important banks (G-SIBs) identified in 2011 and 2012 had lapsed in January 2016. In view of the unsatisfactory assessment results, banks are urged to step up efforts to comply with the Principles. Supervisors are expected to monitor progress and call on banks to address observed weaknesses.” 

There were some 28 G-SIBS as of November 2012. 

One out of 28 is roughly 3.6% compliance.

Not a very impressive performance from these megabanks who tout their capacity to provide state-of-the-art banking services based not only on their self-proclaimed profound intelligence but also their ability to perform complex mathematical analyses and calculations. These are also the same banks that have convinced their regulators that their internal risk models are sufficiently robust so that they should be used to determine their “true” exposure to various risks and, thus, their required capital under the Basel Framework.

The BIS progress report indicates that these self-assessments may be “overly optimistic” (second euphemism of the post). 

What’s even more disturbing is the BIS assessment of the reasons for the failure to reach compliance. You can read that in detail in Appendix 2.  Here’s the BIS’s take on “technical shortcomings”.

“Difficulties in execution and management of complex and large-scale IT and data infrastructure projects, such as resources and funding issues, deficiencies in project management, and coordination with other ongoing strategic programmes.

Overreliance on manual processes and interventions to produce risk reports, although some manual processes are unavoidable.

Incomplete integration and implementation of bank -wide data architecture and frameworks (eg data taxonomies, data dictionaries, risk data policies).

Weaknesses in data quality controls (eg reconciliation, validation checks, data quality standards).”

On a positive note, the BIS may have just supported US corporation and banks’ contention that they are incapable of determining the ratio of their CEO’s pay to the average for all other employees.

If we accept that as a working hypothesis, would you buy a product or place a deposit with a bank unable to measure its risk exposure or perform simple math (Dodd Frank)?

No comments: