RegTech Intelligence 
Multiple risk management failings, resulting in high profile fines and exposing the ineptitude of boards in understanding the complex risks, coupled with poor internal controls and assessment findings, have painted a grim picture of risk management in 2013.
The Financial Stability Board’s (FSB) recent Thematic Review of Risk Governance further corroborates this picture. The report finds that, while regulators have improved their oversight of risk management since the crisis, including assessing board skills, establishing independent risk management functions and standalone risk committees, there is still a huge amount of work to be done. “Significant gaps” still remain, with nearly half of companies surveyed “not meeting” the fundamental criteria for sound risk governance.
While the report did not specifically focus on risk data aggregation capabilities at banks, it did note that “one of the key hindrances to effective risk management at G-SIFIs has been weaknesses in firms‘ IT infrastructures and the inability to aggregate risk data efficiently.”
The FSB has listed five broad recommendations for national authorities, including:
- Setting requirements on the independence/composition of boards, including skill sets
- Board accountability for oversight of risk governance, including assessing whether control functions are comprehensive and complete enough to enable effective decision making on risk strategies
- Establishing communication procedures between risk committee and board committees, especially the audit and finance committees
- Setting requirements for the Chief Risk Officer’s “stature, authority and independence in the firm” and establishing a performance and objectives review procedure by the risk committee
The FSB isn’t sitting on the sideliners waiting for firms to up their game. In 2013, the FSB will define, with standards organisations, the common terms and frameworks to assess risk management by end 2013. Furthermore, by September 2013, the FSB has agreed to finalise formal requirements for assessing risk culture, especially for G-SIFIs.
In an already tense regulatory environment, these findings will only focus further regulatory attention on firms’ risk management governance. This means the regulatory clamp-down, as already evidenced by huge fines for ‘London Whale’ type incidents at Barclays, JPMorgan and UBS, is highly likely to continue.
While firms reassess and change their risk management strategies in light of these findings, they should also keep the BCBS’s standards on risk data aggregation and reporting on their radars. With the FSB and the BCBS agreeing that “higher expectations” must be met by G-SIFIs for risk data aggregation and reporting by 2016 and national regulators beginning to question firms on this in 2013, these developments should be closely watched.
Recommended Further Reading:
http://www.financialstabilityboard.org/publications/r_130212.pdf
http://www.bis.org/publ/bcbs239.pdf
[nktagcloud single=yes]