Contrary to a Recent Op-Ed, Banks, and their Supervisors, Take Risk-data Management Very Seriously

Contrary to a Recent Op-Ed, Banks, and their Supervisors, Take Risk-data Management Very Seriously

In an op-ed in yesterday’s Financial Times, Charles Taylor states that “[t]he world’s biggest banks are doing an awful job of managing their data on risk.”  He bases his conclusion on a report issued by the Basel Committee on Banking Supervision (BCBS) last month titled “Progress in adopting the Principles for effective risk data aggregation and risk reporting.”  Mr. Taylor goes on to state that “[t]he Basel standards are really basic…management often seem not to care…” and concludes that “[b]anks are not taking their knowledge gap seriously enough…partly because…supervisors have not been serious either.”  To evaluate his claims, we read the BCBS report he cites, two different reports by the Federal Reserve, speeches by Federal Reserve officials, and a report by the IMF, and reached a different conclusion:  The largest U.S. banks are doing a commendable job managing their data on risk largely because their management and their supervisors take the job seriously.

The BCBS report assesses the compliance of the 30 global systemically important banks (GSIBs) with 11 principles it has established.  It finds that the majority of banks are fully or largely compliant with 10 of the principles.  It attributes the lack of even greater compliance to three things: (i) the task is very difficult; (ii) it is harder than had been expected; and (iii) supervisors keep raising their expectations.  The BCBS report goes on to state that “…[b]anks have increasingly recognised the value of implementing the Principles and have stepped up their efforts to do so….”

The hundreds of supervisors involved in the Fed’s annual stress tests would likely be surprised to learn that they aren’t taking banks’ risk-data management capabilities seriously.  Each year, as part of its stress tests, the Federal Reserve performs a qualitative assessment of banks’ capital planning practices that includes, in part, an evaluation of the banks’ “…governance, risk management, [and] internal controls…”  Having a reliable data and IT infrastructure system is required to receive a pass in the internal controls area.  Although the Federal Reserve does not directly refer to the 11 principles established by the BCBS, those principles are reportedly being imposed on the banks subject to the qualitative review of CCAR via that process.

Since 2013 (the first-year the stress test results were made public), only a small number of banks have not passed the qualitative part of the test, and that number has steadily declined.  In each of the last two years, only one bank did not pass the test for qualitative reasons.

In fact, Federal Reserve officials point to improvements in risk-data measurement as one of the great successes of stress testing.  For instance, in a 2014 speech evaluating stress testing, former Governor Tarullo stated

“Since the first CCAR there has been notable improvement in the firms’ capital planning processes. Many firms have made meaningful investments in their risk-measurement processes, including significant enhancements to their internal data and management information systems.”

The largest U.S. banks have also had their risk-data management capabilities validated as part of the living will process.  SR Letter 14-1, which specifies recovery and resolution expectations for large bank holding companies, requires banks to be able to produce regular and timely reports on their risk exposures by internal and external counterparties.

Consequently, the fact that the 8 largest U.S. banks have had their living wills accepted by the Federal Reserve and FDIC (with no deficiencies identified) indicates the banks can’t be doing an “awful” job of managing their risk-data capabilities.

Lastly, in 2015, in the opening paragraph of the IMF’s report “Financial System Stability Assessment of the United States,“ the IMF highlights five key ways the U.S. financial system has strengthened since the crisis.  One of those ways is that “…supervisory stress testing is leading changes in risk measurement and management…”  The report goes on to state that “[t]here have been substantial improvements in the risk management processes of banks, and risk aggregation has been greatly facilitated by the stress testing requirements. Given the enormity of the task of achieving and sustaining meaningful risk aggregation across the Global Systemically Important Banks (GSIBs), this remains very much work in progress and may take years to complete.”

In sum, unlike Mr. Taylor, the BCBS, the Fed, and the IMF have all recognized that banks, and their supervisors, take risk-data management seriously, devote extensive resources to it, and, as a result, improvements in data risk management have been one of the key successes of post-crisis regulation and supervision.

Disclaimer: The views expressed in this post are those of the author(s) and do not necessarily reflect the position of the Bank Policy Institute or its membership, and are not intended to be, and should not be construed as, legal advice of any kind.