Gone fishing! – Increase your catch through compliance

Regulatory compliance, more often than not, is viewed as the barbed thorn in the side of financial organisations. Deeply penetrative, hooked into place, and bleeding cost at a flow rate most CFOs would really rather not think about. But what if there was a way to not only stem that flow, but also significantly reduce the pain? Better still, what if you could exploit the imperative of Basel II to use that barbed thorn for something a little more ‘fun’ – like fishing for reduced costs and greater profitability?

Through fiscal year 2006, financial institutions will be aiming for the advanced levels of compliance with the Basel II Capital Accord. The realisation that Basel II is the beginning of a new way of doing things, and that optimal risk management requires users and processes to have access to the correct data in the best way, is making the boards of some banks take a deeper, broader look at their approach to handling the Basel II Accord.

It is a requirement of Basel II that banks demonstrate that the insight gleaned from the more advanced levels of compliance are actively being used to support the core business processes across the enterprise. So, the integration of risk-based processes and customer pricing processes will be enabled by Basel II and driven by competitive pressures, and the need to optimise shareholder value. To achieve this, banks will need risk data, integrated within customer profitability models, available for customer relationship management (CRM) and customer exposure management.

Basel II is only the beginning

When considering alternative technology solutions to address Basel II, it is important to keep in mind that these regulations are evolutionary in nature. We can expect to see continual change as all participants seek to ensure the solvency of the banking system, a reduction in the gap between regulatory and economic capital, and the optimal deployment of capital across financial services institutions. To build a Basel solution around a specific piece of software or to allow different parts of the bank to design and implement their own individual approaches to Basel II would not be recognising the enterprise-wide impact of the Accord and would not allow for rapid response to the regulatory and business changes in the years ahead.

Basel II is a data management issue

There is little doubt that today most people and organisations with a stake in the new accord see Basel II as, first and foremost, a data challenge. Indeed the commonality amongst the many new regulatory challenges currently facing banks is data.

Data is the key enabler for compliance and best practice in all these areas because it is the data that will underpin any calculation and decision that needs to be made within the bank, and it is the data that must be transformed and reported on to satisfy Basel II, IAS, Sarbanes-Oxley, anti-money laundering initiatives, and fraud reduction in general.

The output of one initiative becomes the input to another initiative. Risk, capital methodologies, customer profitability, risk-adjusted performance management, disclosure requirements and fraud detection should be taking place at an enterprise level on a set of enterprise data that represents a ‘single view of the business’.

Store once – use many

In the past, the standard approach to this has been to copy the data from the source out to the locations where needed; usually residing in some form of data mart. One of the many problems this has generated has been that the same element of discrete data now exists multiple times around the organization, creating not only reconciliation nightmares but inconsistency among all instances. There is no single view of the business, not to mention what is now recognised as the huge cost, to both the business and IT constituencies, of maintaining this proliferation of what is basically the same data.

To resolve this, many organisations have adopted a ‘single view’ strategy. This single view of the business is a proven concept that is showing unprecedented benefits to those organisations that have dared to seek a better understanding of what drives their business.

The concept of a single view of the business in the context of Basel II can best be described as “store once, use many times”. Put the effort into extracting, transforming and loading the source data once. Then store it in a repository purposely designed to cater to large volumes of data where that data will be required to feed applications and answer all forms of unstructured, complex, and ad-hoc questions from anywhere across the enterprise. Hence, the opportunity to utilise those same data to go fishing for new opportunities and profitability in many other areas of the organisation.

The most sensible approach to operational risk frameworks will see all risk data in a single scalable platform that allows for collection of the loss and near-loss data at the business unit level for feeding into an enterprise repository. This enterprise repository will allow access by all BUs and Group Risk. The data will be supported by an enterprise logical data model, which will ensure consistency of operational risk definitions and measures (also a mandate of Basel II).

With the introduction of Pillar 3 (market discipline), there will be a heightened awareness of the need for a single view of the business from banks. New information about customers, capital structures, exposures, and adequacy are now needed to be placed into the public domain, which will drive even higher levels of interest, and regulators, in their quest for more in-depth information, will drive the need for banks to establish a single view which is irrefutable and auditable.

So now we can start to view regulatory compliance somewhat differently. Basel II can be viewed as the opportunity to invest in the platform that will deliver on Basel, while establishing a platform to reset the economics of the business into the future, and one that will drive competitive advantage in many new areas

Out with the old, in with the view

Just one example of the problems that the old multi-view, fragmented or business unit-siloed approaches to risk management can cause is in the management of corporate limits and exposures. These are critical pieces of daily decision-support information that must be accurate for the bank. Yet, if we consider any bank with reasonably sized retail, corporate and investment portfolios, it would not be uncommon for these banks to have five or six limit and exposure reporting systems (or data marts), which show staggering differences in limits and exposure balances for any one large customer.

Major exposures in many banks can only be approximated after huge efforts to reconcile the disparate limits and exposure systems. The bank’s business unit analysts spend their expensive time in reconciliation and little time in analysing and mitigating risk. Not to mention that the typical total cost per year of these separate systems maintaining exposures and limits can be in excess of US$1 million each.

Basel II won’t tolerate this for any organisation that wants to get to advanced levels of capital calculations. Perhaps the worst aspect of this disparate data situation is the fact that different business decisions are being made across the bank using each of the differing limits and exposure reporting systems.

These issues of reconciliation and integration in a decentralised approach are all the more exacerbated in the emerging world of complex financial services organisations. Through industry rationalisation over recent years, we now see huge financial holding companies, which are an amalgamation of many previously independent financial services companies, offering increasingly complex financial products and services. They may operate within a local market or across the entire globe, and their ability to develop a single picture of the risks they face is proving to be a huge challenge in the light of Basel II recommendations.

The best practice approach can be likened to a single view integrated or centralised approach. An approach where all source systems data will be loaded and transformed into a central data repository, and will support all Basel II calculations and reporting from this repository, whether at business unit or group level.

In this case, any data element is only stored once outside the system of record, and is lent out to the borrowing application or calculation engine. The benefits and ramifications for better risk management are huge under this approach. Ensuring the integrity of the data becomes a much simpler exercise, and all efforts are focused on ensuring data are as needed at this single point. The business units no longer need to invest their resources in reconciling differences between their own systems. Now they can devote more time to identifying, measuring and mitigating risk.

And perhaps the greatest benefit lies in the fact that this approach, supported by a strong data governance framework and metadata strategy, will deliver the consistent data formats, definitions, and measures across all constituents of the bank as demanded by Basel II.

If this same central repository is supporting a single view of the customer through an enterprise-wide business data model encompassing the Basel II data requirements, then integration between these domains is more easily attained so that risk-based customer treatments become a reality as is encouraged by Basel II.

The group risk function can champion the need for an integrated view of risk across the organisation … however, all business units will see the benefits flow.