In keeping with the recent onslaught of regulatory papers aimed at fostering a more risk aware financial services industry, the Basel Committee on Banking Supervision (BCBS) has published yet another consultative paper this week, this time focused on corporate governance. The paper includes 14 principles aimed at sparking investment by firms into their risk infrastructures and a more responsible attitude to risk management, a key part of which is having access to the right data at the right time.
Of course, the document is largely focused on the need for an independent risk function and details the governance structures and incentives that should be set in place around this function, rather than describing technology and data requirements per se. However, the principles do include recommendations around the amount and quality of the data that must be made available to the risk function and senior management for decision making purposes. It also stresses the need for firms to revisit their current technology capabilities in light of the changes in the market overall, thus using both quantitative and qualitative risk analysis.
The new BCBS principles are therefore based on its original 2006 guidance on the subject of governance that has been updated to reflect the failings highlighted during the financial crisis. This includes a call to action for banks to ensure their infrastructure is up to the task: “the sophistication of the bank’s risk management and internal control infrastructures should keep pace with any changes to the banks’ risk profile (including its growth) and to the external risk landscape”.
Much the same as other recent papers on the subject of risk, the notion of stress and scenario testing rears its head in the BCBS paper also. This adds fuel to the fire for the argument for firms to invest in risk analytics systems that are capable of producing a more forward looking approach to risk assessment.
Overall, the use of internal controls and systems to support the risk function should provide “comfort” that the financial and management information it is receiving is “reliable, timely and complete”, notes the BCBS. The idea of a more holistic approach to risk management across a group also entails the need for a more joined up risk management system. The BCBS paper states that the board of the parent must have “appropriate means” to monitor that each subsidiary is in compliance with all of the applicable governance requirements.
The regulatory body also notes that as financial institutions change over time, so too should their risk management systems. They should therefore: “keep pace with developments such as balance sheet and revenue growth, increasing complexity of the bank’s business or operating structure, geographic expansion, mergers and acquisitions, or the introduction of new products or business lines”.
All of this has a price tag, however, and the BCBS paper indicates that the board should take all of this into account when allocating resources. “A bank should ensure through its planning and budgeting processes that the risk management function has adequate resources (in both number and quality) necessary to assess risk, including personnel, access to information technology systems and systems development resources, and support and access to internal information,” says the paper.
The question of data quality is an important one and BCBS suggests that the board should give “special attention” to the quality, completeness and accuracy of the data it relies on to make risk decisions. This data must also be available for communication to senior management in as timely a manner as possible; a call to action for investment in data management if ever there was one.