Banks have worked hard over the past decade to improve their risk data aggregation and reporting (RDARR) capabilities. However, the ECB believes their efforts are insufficient and urges them to make faster progress.
Last summer, the European regulator therefore issued a guide in which it reemphasized the importance of RDARR and listed a number of specific concerns. It also included the topic in its supervisory priorities. Strategy, management and IT consulting firm zeb advises banks to already thoroughly evaluate their RDARR capabilities and draw up a clear improvement plan.
One of the key lessons from the 2007 global financial crisis is that effective risk management hinges on a strong IT and data architecture, and the ability to aggregate and report risk data - for example, bank-wide exposure to specific sectors and institutions - in a timely and accurate manner. Both internally for bank management, for making decisions about risk appetite, and externally for regulators. Banks fell significantly short in this area during the crisis.
In response to the deficiencies, the Basel Committee on Banking Supervision (BCBS) in early 2013 issued guidelines on the "effective aggregation of risk data and risk reporting," better known as "BCBS 239(1)." Banks have worked hard over the past decade to improve their capabilities using these guidelines.
The European Central Bank has been monitoring the effective aggregation of risk data and risk reporting since 2016. This was initially done through its "RDARR" thematic review, relying heavily on BCBS-239 guidelines. Despite repeated calls for action and increased supervision in recent years, the ECB has found that banks have still not made enough progress in addressing their structural weaknesses.
According to Andreas Nolte, Manager at zeb's Amsterdam office, the shortcomings are often related to a lack of involvement of the bank management, an ineffective governance structure (an unclear division of tasks between the teams involved) and a fragmented data and IT landscape.
"In particular, aggregating and reporting risk data at the group level remains a problem. The collapse of some US(2) and Swiss(3) banks last year, coupled with the increasing importance of integrating climate risk, again underscores the urgent need to address this."
The ECB is now urging banks to make faster progress. Last summer, the regulator released a draft version of a guide(4) in which it reemphasized the importance of efficient aggregation and reporting of risk data and listed a number of specific concerns.
In addition, the ECB has included the topic in its supervisory priorities, as one of the topics the central bank will focus on most over the next three years. The Nederlandsche Bank (DNB) is also keeping a specific focus on data quality this year.
Nolte has three recommendations for banks to still meet ECB expectations.
"First of all, we advise banks to pay close attention to ECB publications. The regulator organized a consultation with the industry after releasing the draft version of its guide. It will soon publish its final version. This could still contain some important adjustments."
"Second, we recommend that banks already thoroughly evaluate their RDARR capabilities, especially focusing on the ECB's specific concerns. For example, does bank management pay enough attention to this topic? Are all (risk) data, models and reports included in the relevant governance structure and do they clearly define the roles and responsibilities of the teams involved? Are group reports prepared correctly? And finally, are data processed timely and accurately - are quality controls in place?"
"Third, we recommend that banks establish a clear improvement plan to address existing deficiencies. It is important to regularly review progress."
Finally, Nolte notes that successful players link BCBS 239 to their strategic objectives. "For example, they are expanding the scope from risk to sustainability data and reporting and embracing new technologies. The benefits of timely and accurate aggregation and reporting of risk data go beyond regulatory compliance and making good decisions about risk appetite."
"A well-organized IT and data architecture can also lead to lower costs, better cross-selling opportunities and thus higher customer revenues," Nolte said.
https://www.bis.org/publ/bcbs239.pdf
https://www.banken.nl/nieuws/24405/techsector-onder-financiele-hoogspanning-na-omvallen-silicon-valley-bank
https://www.banken.nl/nieuws/24420/noodlijdend-credit-suisse-overgenomen-door-ubs
https://www.bankingsupervision.europa.eu/legalframework/publiccons/pdf/ssm.pubcon230724_draftguide.en.pdf
