In line with planned risk related deliverables, the Committee of European Banking Supervisors (CEBS) has published another consultation paper, this time on the management of concentration risk under the supervisory review process. The paper is available for comment until 31 March next year and is aimed at providing market participants with a holistic approach to concentration risk management. Furthermore, CEBS expects its members to apply the finalised guidelines by the end of next year.
Firms are now expected to identify and assess all aspects of concentration risk, rather than concentrate on credit risk measurement, as has previously been the case with regards to traditional analysis. In the draft revised guidelines CEBS is taking a broader approach to concentration risk management and suggests that it is not sufficient to analyse concentration risk only within a risk type (intra-risk analysis), but that analysis of concentration risk across risk types (inter-risk analysis) is also necessary, including credit, market, operational and liquidity risks.
As CEBS explains: “Concentration risk refers not only to risk related to credit granted to individual or interrelated borrowers but to any other significant interrelated asset or liability exposures which, in cases of distress in some markets/sectors/countries or areas of activity, may threaten the soundness of an institution.”
The draft revised guidelines update the guidelines on technical aspects of the management of concentration risk under the supervisory review process, which were first published on 14 December 2006. They also complement the principles set out in the CEBS’s Guidelines on the application of the supervisory review process, which is part of the Basel II framework review. The guidelines set out in the paper build upon CEBS’s Guidelines on the Application of the Supervisory Review Process under Pillar II and should be read together with CEBS’s guidelines on the revised large exposures regime, and CEBS’s high level principles for risk management.
The idea behind moving from credit risk assessment to concentration risk assessment is to better identify a firm’s risk exposures as a whole. These are the exposures that have the potential to produce losses large enough to threaten the financial institution’s health or ability to maintain its core operations, or to produce a material change in its risk profile, according to CEBS. It is a recognition that risk data should not be dealt with in a siloed manner, as these risks are all related to each other and need to be tracked in conjunction to each other.
CEBS directly states that firms need to ensure that their data management systems are up to the task: “an institution should have adequate data management systems to enable it to identify concentrations arising from different (types of) exposures”. This is a call for not just risk management technology investment, but also investment in the fundamental data infrastructure of the firm.
CEBS does not recommend that a one size fits all approach should be adopted with regards to concentration risk reporting requirements from the regulatory community, however. It stresses that smaller and less complex firms are more likely to be affected by credit risk than any other risk type and thus do not need to be subject to the same level of scrutiny.
Of course, bringing all this siloed risk data together will be challenging for most large financial institutions and will likely drive spending on risk IT (along with the veritable cartload of other risk related regulations) next year. However, although CEBS may have been granted more clout in the regulatory community, it does not have the teeth to threaten firms if they fail to comply with its recommendations. More likely, is that national regulators will be charged with tackling this area and demanding that firms provide concentration risk reports on a regular basis (a la the Financial Services Authority’s liquidity risk reporting regime).
In the meantime, there is enough of a basis within the guidelines for those firms that wish to stay one step of the regulators to be able to restructure their governance and risk management frameworks. It will likely be a costly process, as most risk data is held in completely separate silos. It will be up to individual institutions whether they choose to rip out and replace this patchwork of systems or (as is seemingly the norm in the financial services industry) create tactical linkages between each of the systems.
As well as highlighting fundamental deficiencies in firms’ data architectures, the challenge of concentration risk reporting will also likely throw data standardisation issues into the spotlight. Counterparty data tracking and disparities around securities identification between firms will thus be evident. All of this means that data will certainly be a key issue in 2010.
A public hearing will be held on the subject on 12 March 2010 at CEBS’s premises in London, from 10am to 1pm to allow interested parties to share their views. CEBS has indicated a 31 December 2010 deadline for implementation of the recommendations and says it will be conducting an implementation study a year after this date to assess who has yet to take action. You have been warned.