- 57% of banks surveyed in their compliance progress are materially non-compliant with Principle 2, which requires data architecture and IT infrastructure to fully support risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis.
- 50% of banks reported themselves to be materially non-compliant with Principle 3, which is in their ability to generate accurate and reliable risk data – aggregated on a largely automated basis so as to minimize the probability of errors – to meet normal and stress/crisis reporting accuracy requirements.
- 43% of the banks are materially non-compliant with Principle 6, to generate aggregate risk data to meet a broad range of on-demand, adhoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
Uh Oh #1: More granular regulatory reporting and requirements around the level of “free” assets on an institution’s balance sheet look to be coming. There are profound implications for how financial firms manage and inventorize the components of their assets, liabilities and shareholders’ equity at any given time (including collateral).2) Risk-sensitive deposit insurance: “… deposit insurance schemes could be made risk-based (e.g. through the inclusion of a dedicated risk premium in deposit guarantee pricing), taking into account the funding structure of insured institutions in normal times. The pricing could differ depending on… resolution rules.”
Uh Oh #2: “Pricing in asset encumbrance in deposit insurance schemes” seems to imply regulatory capital/RWA increases, through Basel IV or sooner through Basel III.5??3) Expansion in scope of stress testing: “…banks should be asked to perform regular stress tests that evaluate encumbrance levels under adverse market conditions.”
Uh Oh #3: Expansion of dimensions to stress test – in this case, related to asset encumbrance levels, funding scenarios and collateral frameworks. Institutions need to ensure stress testing practices are sustainably repeatable and sufficiently automated.4) Oversight and possible regulation of the currently unregulated: “Central banks and prudential authorities need to closely monitor and oversee market responses to increased collateral demand and their effects on interconnectedness… in securities financing markets [e.g. securities lending, repo] and for shadow banking activities.”
Uh Oh #4: There seems to be an undertone that anything “unregulated” is “bad” and risky. We anticipated this trajectory in our recent “Shadow Banking Products in Europe and North America” report and highlight how different products are used, risk management implications and technology advancement opportunities that various products may represent in the coming years. What’s coming could include the possible central clearing of securities lending and repo activities, more position/exposure reporting, restrictions on re-hypothecation of assets and other forms of transparency reporting, etc.
One wonders if regulators are now stepping into the territory of choking economic activity. Do we really need to fix what is not really broken? Is transparency for transparency’s sake necessarily beneficial to the way markets operate?5) Extend of collateral rehypothecation permitted: “A particular aspect that has received considerable scrutiny in the policy debate on securities financing markets is the extent to which rehypothecation activities should be permitted. The recent crisis experience suggests that greater reliance on rehypothecation in financial intermediaries’ balance sheets will increase interconnectedness and make them more vulnerable to financial shocks. Rehypothecation of client assets can also delay the recovery of assets or even impose losses on beneficial owners.”
Uh Oh #5: “Interconnectness” of the financial system is a concern, but it is also inevitable given the manner capital, derivative market reforms and collateralization rules are implemented. Instead of working to stop this interconnectedness from happening, regulators could do well to put in place “in-time circuit breakers” in the financial system to only “trip” when stress scenarios and adverse market conditions bubble up (pardon the pun).Whilst the above points remain “thinking points” and nothing is concrete, it does provide us with a possible glimpse of what is coming. If we think that regulatory burdens in the financial industry are onerous now, regulators are only getting started! Keep your strategy nimble and technology sufficiently flexible – built not just for current requirements, but for future changes. These changes may come sooner than you think! ————– For more detailed perspectives, please see the following: Maximizing Collateral Advantage: A Survey of Buy Side Business and Operational Strategies Shadow Banking Products in Europe and North America Equipping the Front Office for the New Risk Environment Cracking the Trillion Dollar Collateral Optimization Question Strength Under Fire in Risk Management
- Ensuring proactive and timely capture, monitoring and escalation of risk before they inflict material damage. There is a need to “right speed” latency of risk information delivery, in accordance with the velocity of risk in different parts of the firm’s portfolio and under different market conditions (e.g., lending/ banking book transactions may require significantly less latency compared to the trading book; normal vs. stressed conditions will exhibit different risk characteristics).
- Accelerating go-to-market time for risk management initiatives, yet reducing project risks associated with the pace and pressures of regulatory driven risk projects. For example, we observe forward-thinking firms actively expanding the use of quality management, rapid development methodologies and tools which enable IT architects, business analysts and testing teams to better achieve the precise mapping and modeling of changes within the firm. Here, as the financial industry evolves to become what I term as “ultra regulated” (for instance, akin to the utilities and nuclear industry where critical risk incidents result in significant catastrophes and loss of lives), IT planning and delivery functions will need to raise their game (note: not only to the expectations of regulators).
- Finding cost effective ways of delivering risk technology capabilities. In a situation where changes are fast-paced, complex and expensive to execute, firms would be wise to explore answers to the following questions: How can we maintain strategic flexibility and explore alternative technology options to go-to-market faster e.g. open source analytics, cloud deployments, joint R&D arrangements, venture capital, etc.? What technology ‘bets’ should a firm be placing, and when? How much should you wager? What is the right mix of short-term and long-term ‘bets’?
1. Know your team up members close and personal. For big life and death expeditions, although the motivation and incentives of the team are important, these are not sufficient elements in order to reach your end goals. You need to discern and understand the character of the individual members of the team, or face the risks of failure, or worse endanger the team’s lives if there are serious weaknesses in a team member’s character. Hence select your sojourners very carefully.
2. Be of “one mind” – The team who are going to take the risks, is the same team who assesses the risks, is the same team who reaps the rewards – you need to plan, operate and execute with “one mind”
3. Assess your routes and research the terrain you are trying to conquer very carefully, especially the danger zones, pitfalls and hidden crevices
4. Ensure you have the proper tools suitable for the terrain
5. Face (and expect) adverse conditions, resistance and ‘boring waiting periods’ by maintaining discipline and endurance, with a unrelentless focus towards the end goal
6. Adaptibility and innovation is required (without compromising point 5)
7. Big picture plans and detailed tactical steps are equally important to execute towards the goal – don’t underestimate either
8. Use political levers to get past road blocks, rough terrains or to cut journey time (without compromising point 5)
9. Ensure timely monitoring mechanisms to gauge progress, safety checks to measure critical (team and personal) healh indicators, and landmarks to determine closeness to target destinations
10. Plan against big risks: Try to avoid or go around these altogether rather than face it… if there is one place risk management matters, this is it: when your life and death depends on it! How much can financial instiutions learn from these principles? I believe, a lot. And for some organizations, its life and death may indeed depend on executing to these principles in the coming years ahead.
- For one, good or bad, because expected shortfall also measures highly improbable risks, it opens up the door to a greater degree of ambiguity related to modeling assumptions.
- Secondly, the metric is also sensitive to rare “tail risk” events that are many practitioners consider low probability. Some consider that these events should be determined by a firm’s view of the world and not be imposed through regulatory mechanisms for every firm.
- With expected shortfall, this is likely to increase regulatory capital required (in addition to what is currently already on the table to be met by banks)
- First, it provides interesting insights and food for throught into the business mix of these institutions, the quality of their assets and where the largest vulnerabilities lie – not merely for regulators, but also for equity investors, bondholders and business counterparties. For example, financial institutions with asset servicing, transaction banking and retail credit businesses are impacted less under these tests, compared to those that are heavily skewed towards SME and wholesale banking
- Investment banks and broker/dealers with large trading positions would contribute >94% of all trading/counterparty losses in the system. These numbers are also a reflection of the size of fixed income and credit assets and derivative agreements in their portfolios. Most retail and commercial banks would incur minimal or no trading/CVA losses.
- Some pundits in the industry are lauding these results, saying that the financial crisis that has swept through Wall street is “over”; and that these stress tests draw a line over the pain of the past few years. Whereas in actual fact, this is likely to be the first step into a new world – where the financial sector and broader global economy faces further challenges ahead, for instance in the Eurozone, as well as the stability of emerging market financial systems. Global financial linkages will impact developed market institutions and these will be the real check and balance to the resiliency of these regulatory “stress and health check” mechanisms.
- Finally, in addressing risks, faith cannot, and must not, rest on the analytical tools and models, no matter how sophisticated they are, nor can it rest in the enforcement of financial regulation. The old adage of sound judgment and common sense, supported by data, analytics, and robust processes, still stands. For example, could the Fed’s assumption of a stress scenario in Europe be “too optimistic”, not taking into account the possibility of multiple failures (rather than one)? This question brings up a point that in stress testing activities, it is an art in making judgement calls rather than science. Any stress testing calculation and/or process is only as credible as the quality of the assumptions and judgement behind them.
- Establish the appropriate regulatory response paradigm beyond the conventional reactive, bottom-up approach. Structural regulations cannot be treated the same as ‘point’ regulations.
- Plan and anticipate for different outcomes using a regulatory scenario approach for regulations that are ambiguous and entail multiple cause and effects
- Converge fragmented risk and compliance operations to optimize and achieve cost synergies
- Ensure that IT stakeholders and technology strategies need to be formulated in tandem with business planning, not as a “leave that for later” afterthought.
- IT should maintain strategic flexibility in times of uncertainty. Identify potential “drag areas” and as much as possible, plan for multiple business / regulatory scenarios in order to future-proof emerging requirements.