Despite increasingly stringent regulations on microprudential risk data, firms have yet to pull the trigger on serious commitment and aggressive investment. The critical piece – standards – is still missing, as both firms and regulators see this conversation as too difficult.
From mortgages to counterparty risk and now to sovereign risk — banks and regulators are still not clear on such basics as consistent global definitions of terms like ‘exposure’ and ‘probability of default’.
JWG research on risk MI revealed that only 15% think their management information programmes have sufficient resources and personnel, while only 8% said that risk management information was strongly supported. PJ DiGiammarino, JWG CEO, was quoted in this area saying, “Regulators are raising the bar on risk management at firms for liquidity risk, operational risk and market risk model management. They’re all saying more stringent requirements are coming and the penalties will be steeper than ever.”
Since the G20 is asking firms to improve their risk controls and risk disclosures in their reporting and provide relevant information to regulators in order to guard against systemic risk, good risk data would appear to be a pressing concern. However, firms, across the board are unprepared for the highly granular reporting requirements and the depth of the risk aggregation requirements. Whilst the complexity of the subject matter has led to delay after delay in the implementation of these regulatory initiatives, with COREP and Solvency II delayed till 2013.
- What technology solutions are needed to enhance straight-through processing of risk data as well as deal with exception handling and data state management?
- precisely what risk data will regulators be looking at when they inevitably tap directly into firms’ data feeds, and what will that model looks like?
- Who will lead the risk data standards conversation? Who will play a part and when will it take place?
The EC, through the CRA Directive, vaguely calls for improvements along with consistent and constant credit administration and monitoring, including a sound credit grading process and less “mechanical” reliance on CRA ratings. But what does this mean for firms without traditionally strong risk management?
In the US, the OCC, flying in the face of Dodd-Frank, said banks should continue their reliance on credit rating agencies now that the agencies are improving their process, while still pushing rules to remove their own references. US regulators have proposed that banks retain 5% of loans they securitise to ensure they have skin in the game. Another approach to reducing risk is for banks to maintain greater liquidity buffers.
The BCBS has taken another look at the principles by which firms and their regulators manage risk and issued a consultation paper. No doubt, a high level focus on broad principles will be required, but it cannot happen at the expense of detailed consultations which are also taking place. Risk practitioners have a lot on their plates as they focus on European technical standards for CRD IV (80+ spreadsheets) and the BCBS’ treatment of derivatives.
As the EBA’s technical consultation shows, middle and back-office personnel will need to pay particular attention to detailed spreadsheets and new communication protocols (e.g., XBRL, XML) in 2012 and 2013. Importantly, though the delayed adoption of CRD IV has delayed progress on technical standards so far, the coming year will be full of rich debate about scores of new spreadsheets and definitions. Senior management should be made aware early of the new and painful implications of ‘getting it wrong.’
- How well aligned will risk data standards be across jurisdictions?
- Decisions will need to be made now on complying with unfinished technical standards
- Regulators have competing risk objectives for both report detail and architecture.