Foremost among the responses to the financial crisis was Basel III, the governance guidelines proposed in 2010 by the Basel Committee on Banking Supervision, revised and expanded since then and in the process of being implemented worldwide. Beyond Basel III, institutions must contend with European Union initiatives, including the latest iteration of the Capital Requirements Directive (CRD IV); the Markets in Financial Instruments Directive (MiFID), for investment services; the European Market Infrastructure Regulation (EMIR), covering derivative instruments, etc. Firms are also implementing principles revised by the International Accounting Standards.
In the case of British watchdogs, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have introduced a set of rules intended “to hold individuals working at all levels in banking to appropriate standards of conduct,” as the FCA put it. The rules, that took effect in March 2016, apply to British lending and investment firms and to similar foreign firms operating in Britain.
The Senior Managers Regime applies to “individuals who hold key roles and responsibilities,” including members of the board and executive committee. The Certification Regime extends accountability down to “other staff who could pose a risk of significant harm to the firm or any of its customers.”
Financial entities in the United States, meanwhile, must comply with the Dodd-Frank Wall Street Reform and Consumer Protection Act, a 2010 law that, among other functions, requires the Federal Reserve Board to conduct annual stress tests at banks under various scenarios. In addition, US firms will also need to pay heed to the Financial Accounting Standards Board’s (FASB’s) proposed accounting standards more commonly referred to as the Current Expected Credit Loss model, or CECL. This model – akin to the International Accounting Standards Board’s IFRS 9 standard – will mean that financial institutions must use historical information, current conditions and sound forecasts to estimate expected loan loss.
Details of the laws and standards differ, but common themes run through them. Regulators aim to encourage firms to think and act in a more unified, holistic way. They want boards and top executives to accept responsibility for devising and implementing strategy throughout an organisation. Another objective is for firms to consider risk-adjusted performance when making decisions instead of treating each element – risk and reward – in isolation.
New thinking demands a new management framework
It’s difficult using a Governance Risk and Compliance model in isolation to accommodate such a shift in focus – from understanding what happened minute detail to making useful forecasts of what is going to happen – because of the model’s inherently static nature. The system is put in place, and actions conform to established procedures. No improvisation. Anticipating or even responding to unusual or unforeseen development becomes a tall order.
Instead, adopting a comprehensive, forward-looking GFRC management model is more than good compliance. It’s good business. Treating a bank like a single organism headed toward the future, with all its caprices, permits it to operate more efficiently.
Without the duplication of effort that results from different business segments carrying out the same tasks, firms can cut costs. Probably more important, they will be able to spot and respond to changes in the marketplace faster and in a more targeted, effective manner. That, too, should translate into lower costs, as well as more and happier customers and greater returns relative to capital employed and risks taken.
Achieving these benefits won’t be easy, of course. It will take extensive changes in how banks are structured, how their executives make decisions and how they deploy technology to support their activities. Making the transition to a GFRC framework and integrating all functions more fully into planning and decision-making processes will go a long way toward reaching the desired outcome.
Strengthening the bonds between Finance and Risk, for example, enables firms to meet more rigorous standards under CRD IV, notably Financial Reporting (FINREP) and daily common reporting (COREP). To be sure, the boxes still must be ticked and procedures great and minuscule adhered to. But a GFRC approach highlights the advantages that can accrue company-wide when all departments make decisions broadly, strategically and with a focus on tomorrow instead of yesterday – thinking outside the box rather than ticking one after another.
Great new model, shame about the tech
Even the best management framework requires the right support systems to work effectively. Firms moving to a GFRC model therefore must refresh the way they think about technological infrastructure. Much of the reason that silos have become entrenched in the fabric of many organisations is that their systems shore them up and enhance them. Firms have grown so dependent on this technology that it limits their ability to adapt to changing business and regulatory conditions.
Even if they would like to adopt GFRC principles, their antiquated tech makes it difficult. The partitioning of activities into silos encourages consistent use of platforms that create inconsistency. Without GFRC and the imperative of a unifying, top-down management model, each part of a firm, within each operating jurisdiction, is inclined to use a best-of-breed system that meets its needs, even if it meets no one else’s.
The all-too-human traits of competitiveness and stubbornness, in fact, may compel business units to employ systems whose chief virtue seems to be that a related unit, perhaps one that performs the same function in a different country, has plugged in something different. There may be a method to their madness, but, looking from the top down, there’s a madness to their method.
This approach has the effect of producing a grab bag of data, often duplicating work done in various parts of an organisation in different ways, leading to conflicting results and fruitless, time-consuming analysis. Having to cut and paste data compiled from several sources in several formats using several sets of rules limits the ability of executives to discern meaningful trends that they could otherwise factor into their strategic planning.
That’s a serious drawback from a business standpoint and amid the new emphasis among regulators on firms engaging in more forward-looking analysis. Revised stress-testing procedures require banks to conduct many tests, often done on the fly using ad hoc criteria. Then they may need to be repeated under slightly altered scenarios so that impacts on numerous other variables – within a bank, among its customers and possibly in the wider financial system and economy – can be examined virtually instantaneously. Then the results must be reported.
Firms won’t be flipping the switch on their hardware just to carry out stress tests, either. Systems support every facet of capital planning, liquidity management, risk control and forecasting. Regulators, now more than ever, will demand consistency in the choice of assumptions used in a bank’s calculations. It will be unacceptable to assume one interest-rate backdrop for the income statement and another when it comes to estimating default risk, for example. To do so might produce flattering but unrealistic results, with potentially dire implications for capital adequacy.
Firms adopting a GFRC approach need technology that can store massive amounts of historical and current data – data sets that are often so large and complex that traditional processing methods are inadequate – in a way that allows fast and transparent access by all departments. It also must feature a certain fuzziness in processing capabilities in order to handle behavioral elements, social media content and so forth, especially
No matter where the future takes them, firms won’t get there with antiquated organisational structures and technology. Failing to recognise that means losing ground to more nimble, progressive rivals and running afoul of regulators who are demanding that banks handle increasing amounts of interrelated data and display ever greater foresight.
In contrast with the multiple independent systems common at institutions that maintain isolated silos, a comprehensive platform of connected systems allows a firm to implement GFRC procedures to their best effect. It enables the production of more accurate and consistent measurements, analysis and forecasts, either for internal consumption or for regulatory reports that may be demanded in raw form or in specific formats compatible with authorities’ own systems.
The key is that all parts belong to a greater whole but that the whole need not be excessively great. Firms that employ traditional GRC systems can mix and match from a variety of additional, complementary systems designed to work seamlessly with one another and with existing technology. Ultimately, the right platform will help a firm establish better control over data management and analysis, reduce costs and enhance the client experience. By putting in place the right management framework and infrastructure, institutions can confront these challenges successfully and – if they go the extra mile – convert them into opportunities.
Vice President of Strategy, OneSumX