The Fed is unhappy with the living wills of 11 big banks in the US and has now upped the ante. Fix it by July 2015 or face tougher rules. Lots of regulations complement other efforts to improve the intensity and effectiveness of bank supervision, BCBS 239
is part of that gang. Expectations and standards around BCBS 239 aren't for the faint hearted either: a seismic shift in risk management; enterprise-wide risk management and smoother bank resolution are all on the table. Whilst it's not entirely clear what
the ramifications for banks will be if they fail to adhere to standards, the principles do come with deadlines and they are approaching fast.
At a core level, national supervisors are expecting a bank's data and IT infrastructures to be significantly enhanced. Reports need to be based on accurate, complete and timely data. Systems need to deliver the right information to the right people at the
right time. While supervisors expect senior management to be able to establish accuracy and precision requirements for both regular and stress/crisis reporting, they also expect them to develop forward looking report capabilities. What's more, if you've outsourced
part of your operations, it is still your responsibility. This is designed to provide early warnings of any potential breaches of risk limits that may exceed the bank's risk tolerance or appetite. In short, supervisors expect risk management reports to enable
banks to anticipate problems.
The supervisors are looking further afield too. While this regulation currently only applies to a bank's group risk management processes, there is comment from supervisors that banks may also benefit from applying BCBS 239 to other processes, such as financial
and operational processes as well. That looks like a fairly unsubtle suggestion that it will expand over time.
Policies and processes also need to be in place regarding the application of trade-offs. Banks should be able to explain the impact of these trade-offs on their decision-making process through qualitative reports and, to the extent possible, quantitative
Supervisors have remit over growth and new business too. They will be able to set limits on a bank's risks or the growth in their activities where deficiencies in risk data aggregation and reporting are assessed as causing significant weaknesses in risk
management capabilities. For new business initiatives, supervisors may require that banks' implementation plans ensure that robust risk data aggregation is possible before allowing a new business venture or acquisition to proceed.
The supervisors appear to be circling in ever decreasing circles.