The evolving regulatory landscape means that financial institutions (FIs) are implementing huge structural changes. This research sets out to understand the current standing, issues and challenges organizations are facing in implementing capital adequacy, stress testing, model risk management, governance, compliance and successful data quality programs. We surveyed 103 risk management professionals working in a wide range of financial service sectors around the world, and conducted in-depth follow-up interviews.
Some of the key findings include:
- Capital adequacy programs fall short of their potential: Close to 80% of FIs said Basel 3 regulation has a fairly significant impact on their capital adequacy programs. Dodd- Frank and CCAR were seen to have the most significant impact in the US. However, FIs are struggling with the breakneck speed at which they must adopt new mandates, and therefore see the guidelines as a regulatory compliance issue with moderate impact on other aspects of the firms business. By 2019 the anticipated additional capital reserve requirements will be in excess of $870 billion and €1.1 trillion for US and European FIs respectively. Successful, standardized and transparent risk management practices will help demonstrate effective capital adequacy programs to regulators. However, there are untapped opportunities to adopt strategies around capital efficiencies which can lead to business benefits beyond compliance, particularly around retail banking and capital market activities.
- Stress testing still needs to be pushed to board level: More than 60% of FIs have identified stress testing as a core risk and control activity and have constituted committees (either board level or executive level) that engage entirely with passing stress testing and ICAAP reporting. Around 66% of respondents have reported that stress testing is one of the agenda items in their board meeting – with 51% reporting that it is a core agenda item only to “some” extent. However, more concerning, almost 65% of the respondents said stress testing is only part of their ICAAP and not embedded within their business planning and risk management processes.
- Model risk management and governance is underdeveloped: Overall 70% of FIs have implemented internal policies and rules to separate model development and model validation activities, enabling an independent review of the models’ performance, design objectives and business use. Most FIs have appropriate model risk governance guidelines, with reporting to a risk committee and/or CRO, and have implemented standardized validation procedures, but have yet to establish corporate-wide validation tools to help manage the workload. However, only a few respondents (less than 14%) indicate any involvement of internal audit, which highlights a major operational governance gap and significant inconsistencies between model risk management and implementing Basel guidelines.
- Data quality challenges plague financial firms: It is evident that data quality is a pressing issue, with no uniform approach across the various tiers of FIs. Tier-1 FIs lead the charge, with data quality ownership residing with the business lines1, while data management is controlled by functions such as CIO/IT, centralized data governance teams and the CRO/ CFO. That said there is still a need for enterprise-wide standards and controls under a single point of visibility and governance such as the emerging Chief Data Officer role.
- Governance and compliance: In a majority of larger FIs, the onus is on the business lines to develop, measure and manage their own data quality, lending models and risk estimates, while the independent risk function is tasked with capital adequacy calculations, assessment and allocation, among other model and portfolio calibrations. In terms of the compliance assessment, in tier-1 FIs the role of internal audit is under-emphasized and under-utilized, demonstrating low confidence in the organization’s governance initiatives. Although FIs are reporting board awareness and monitoring of activities associated with passing stress tests and regulatory compliance reviews, the fact that neither internal nor external audit review and reporting mandates are in place points to a serious lack of governance. This could become a major capital reserve requirement issue for boards and their banking operations by 2019. There were numerous stress test failures in 2014 in both the US and Europe that reflect the impending seriousness of this issue.
- Coverage and reach of regulatory bodies: There is clear evidence of the regulatory focus on the tier-1 lending institutions, with limited attention on the tier-2s and virtually no assessment of the tier-3 and tier-4 lenders, which could become a serious issue in a severe economic downturn. Most regulatory agencies face three confounding pressures – constrained budgets; lack of qualified practitioners, and lack of industry-wide model management standards; including benchmarks and interpretive or calibration tools and methods. Combine these challenges with the number of lenders today – about 6,000 in Europe and the equivalent in the US – and the greatest concentration at the tier-2, 3 and 4 levels, one could readily anticipate a 10%-15% bank failure rate, when combining capital reserve requirements and a severe economic recession. This could represent a $100 billion to $200 billion problem for the global lending system.