Embracing change: Post-regulatory risk aggregation

A month has passed since the Basel Committee on Banking Supervision issued its progress update on BCBS239 risk aggregation. The progress report appeared without much fanfare or attention, and yet it includes a few alarming observations.

To quote the press release, “many banks are facing difficulties in establishing strong data aggregation governance, architecture and processes, which represent the initial stage of implementation. Instead, they resort to extensive manual workarounds. Notably, of the 30 banks that were identified as G-SIBs [global systemically important banks] during 2011 and 2012, 10 reported that they will not be able to fully comply with the Principles by the 2016 deadline. The main reason reported is large, ongoing, multi-year IT and data-related projects.” (‘Progress in adopting the principles for effective risk data aggregation and risk reporting issued by the Basel Committee,’ 18 December 2013)

The progress report highlights the fact that many firms are not approaching the requirements holistically or strategically, as evidenced by references to manual workarounds, and the tendency to limit scope of self-assessment to group level assessments, which fail to take into account each material business unit or entity, as the regulators intended.

There is an irony of sorts, wherein the regulators are asking firms to embrace fully and strategically the BCBS239 risk aggregation principles, and yet many G-SIBs are effectively taking short-cuts and limiting the scope of their endeavours in this area.

What's happening is, in effect, turning an opportunity for strategic and transformational change - whereby organisations would have the ability to understand and analyse risk across the spectrum and at any level - into something that is not at all strategic and equates to a regulatory ’box-ticking’ exercise (albeit a very expensive one). Moreover, this underscores a tendency in the banking industry to approach all regulatory projects in the same way, seeking to meet regulatory obligations and avoid being penalised, but with markedly less emphasis on extracting strategic value.

The industry needs to change its thinking on risk aggregation, and the smart players will recognise the strategic opportunity to go beyond perfunctory compliance, and extend and elevate the risk aggregation platform to a vital strategic business management tool. Firms who seize this opportunity will be able to optimise their business around return on equity, risk and regulatory capital usage, and ultimately gain a significant competitive advantage over those who do not.

The full BCBS239 progress update press release can be found here.