Why aren’t banks taking data risk seriously?
- Neil Vernon, CTO at Gresham Computing
- 24.12.2015 12:30 pm undisclosed
BCBS 239, which comes into force in a weeks’ time, was introduced by the Basel Committee in response to the financial crisis, which highlighted the inability of many banks and financial institutions to aggregate data quickly in order to make decisions on risk.
The 14 core principles of BCBS 239, though not prescriptive, are essentially good old common sense; the establishment of an effective data architecture and infrastructure that supports data aggregation and risk reporting, the ability to ensure data integrity and produce accurate reports, the need to generate risk data quickly and subject it to effective governance.
So why, when it became clear eight years ago that existing data infrastructures were inadequate, are so many banks now scrambling to achieve compliance by January’s deadline?
Three key reasons for banks’ delay in taking control of data risk:
- The massive growth in banking data. The swift financial decline that followed the crash coincided with an equally rapid change in the way that people bank. Aside from a consumer-driven flood of Internet and mobile transactions across multiple territories and time zones; office trading, product sales, the maturing of the Asian markets, OTC products and exchanged based assets, FX and fpML all create vast amounts of information that requires matching, processing and collecting, faster and with more regulatory hoops to jump through than ever before. Add in the mergers, acquisitions and de-mergers that have become a regular occurrence since the financial crisis and it’s easy to see why the banks have struggled to maintain control. Functions and processes have become siloed, and banking IT has become a patchwork of different systems, offshored processes and complex data feeds. Nothing is joined up. And while reports take weeks to produce, the data is almost immediately out of date.
- Identifying who is responsible: Data risk has typically been viewed as a tactical function, passing between IT and operations; two departments whose workloads have spiralled as the functions and processes of banking have grown. The Basel Committee has made it clear that the responsibility for controlling data risk should lie at the feet of senior management – and certainly, for banks to validate the importance of data risk it needs a culture change which involves every functional department and is driven by the top floor.
- ‘If it ain’t broke, don’t fix it’. With so many conflicting pressures, it has simply been easier for many banks to leave the issue of data control on the back burner until they fall foul of an internal breach or are forced to take action by the regulator. But if recent history teaches us anything, it’s that the cost of doing nothing can be immense, as some financial institutions have discovered to their detriment. The actions of a single rogue trader, unconstrained by stringent controls, can easily bring flimsy walls crashing down – and it’s a scenario that could happen to any bank that doesn’t have its data house in order.
Time for a new compliance culture?
Certainly, it appears that the regulators are no longer willing to encourage and cajole banks into taking action – they’re now getting tough. Fines have rocketed by 271 per cent over the last two years, leaving banks £2.45bn out of pocket.
Whether they take action because of a proactive desire to take control, or through fear of a tap on the shoulder remains to be seen, but what is clear is that data integrity is an issue that can no longer be left to chance.
The argument that’s perhaps been lost in the mire of regulation and threats of internal malpractice is the opportunity that can come from effective data control.
Where data is harvested to analyse risk, it can also be used to extract more meaningful predictive analytics – not only to identify potential areas of concern, but also trends and opportunities. While data remains a homogenous mass for banks, not only is the risk higher, but opportunities are hidden.
With a holistic approach to realigning internal culture, this could be the start of a new era of proactive risk management and better banking.
For more on the risks associated with ineffective data control and how you can ensure your data integrity within a matter of weeks, download the latest Gresham Guide; ‘Banking in the dark: data control frameworks for the new risk era’.