The Basel Committee regulation BCBS 239 could cost the financial services industry $1.5 billion to $2 billion a year as firms remodel their IT architectures to meet the demands of the regulation’s 11 principles – but while the cost of compliance is high, the regulation is a game changer and could improve firms’ profitability.
The details and implications of BCBS 239 – the Basel Committee on Banking Supervision’s latest principles for effective data aggregation and risk reporting – are outlined in a SunGard white paper authored by Sven Ludwig, senior vice president of risk management and analytics, EMEA, SunGard, and entitled ‘BCBS 239 – The $8 Billion Game Changer for Financial Institutions’.
The paper outlines the timetable of BCBS 239, which was issued in January 2013 by the Basel Committee. Global systemically important banks must comply by 2016, while domestic systemically important banks are expected to be compliant three years after their designation. In terms of supervisory assessment of banks’ progress in implementing the regulation’s principles, a second report will be published next month following an initial report in December 2013 that found material non-compliance with the regulation.
Breaking down the requirements of the regulation’s 11 principles, the paper notes that seven of the principles cover the requirement for banks to generate accurate and reliable risk data, capture complete and up-to-date risk, and provide risk reports that are validated, comprehensive, clear, useful and delivered in adequate frequency to relevant internal parties. From an IT perspective, the paper states that the second principle is crucial. This principle states: “A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other principles.”
SunGard estimates the cost of the requirements at about $1.5 billion a year, rising to nearly $2 billion in 2017, with changes to IT architecture requiring continuous investment beyond 2019. It suggests that while a new IT architecture is not necessarily a silver bullet for compliance, it is a key enabler of BCBS 239 and can support financial institutions’ targets, objectives and risk appetites with more accuracy. Investment in technology is also expected to unify the pillars of risk, finance and regulatory reporting.
Looking at how firms can implement BCBS 239 solutions, the paper notes three common building blocks: IT architecture; a data quality framework; and risk reporting. It explains that IT architecture must embrace both business requirements and the data quality framework, and states: “Requirements like adaptability, aggregation, drilldown, ad hoc and timeliness, even in times of stress and crisis, define the technology solution.” To deliver the speed and flexibility required by the regulation SunGard proposes in-memory technologies, such as those offered by its risk and compliance business.
While BCBS 239 poses a complex and high-cost data management challenge, it is not all doom and gloom, with SunGard acknowledging support for the implementation of the regulation across most banks, and concluding: “The solution is in the bigger picture: using investments in IT to help steer the organisation, with precision, towards greater profitability.”