Ten of the 30 globally systemically important banks (G-SIBs) say that they will not be able to meet the 2016 deadline to fully comply with rules designed to strengthen risk data aggregation and risk reporting practices, the global bank regulator has warned.
The Basel Committee on Banking Supervision, part of the Bank for International Settlements (BIS), has issued a report on major banks’ progress in complying with the Committee’s BCBS 239 Principles for effective risk data aggregation and risk reporting (PERDARR).
These principles were published in January 2013 and global systemically important banks (G-SIBs) are required to fully comply with them by 1 January 2016. The main challenge is said to be large, ongoing, multi-year IT and data-related projects. Many major banks are having to resort to “extensive manual workarounds” as they encounter considerable difficulties in establishing strong data aggregation governance, architecture and processes.
Self-assessments may not reflect compliance status
The report is based on a self-assessment questionnaire completed by the banks. While the Committee believes the banks interpreted the ratings “more or less conservatively”, it is concerned that “The ratings chosen by banks may not accurately reflect their compliance status, covering all material group entities, all levels of management and all types of material risk.”
The identity of these ten banks is not known. Banks submitted the self-assessment questionnaires to their national regulators, who then anonymised the results before submitting them to the Committee.
The difficulties faced by these major banks raises concerns for other banks, too. The Committee has urged national regulators to apply PERDARR to institutions identified as “domestic systemically important banks” three years after being designated as such. “The Principles can be applied to a wider range of banks in a way that is proportionate to their size, nature and complexity,” the Committee said in a statement.
Four overarching weaknesses were identified in the report:
- In many cases, banks’ self-assessment was only conducted at the group level, even though the principles also apply to all material business units or entities within the group.
- Some banks rated themselves on the quality of risk reports to their senior management and boards but not to middle management.
- Many banks assessed only a few types of risk, such as credit risk and market risk, and did not comprehensively cover other types of risk, such as liquidity risk and operational risk.
- Very few banks offered insights into their definitions of materiality or tolerance level for manual versus automated processes for risk data aggregation and reporting. “Some banks may have used those definitions to justify higher compliance ratings than may be warranted,” the Committee said.
“Banks need to ensure that their implementation scope appropriately reflects the intended scope of the Principles," the Committee warned.
The press release is available by clicking here.
The full progress report is available by clicking here.