Reconsidering the Risk Data Environment

Earlier in the year, Inside Reference Data noted that global systemically important banks (G-Sibs) were having difficulty complying with the BCBS 239 data aggregation governance principles set out by the Basel Committee on Banking Supervision (BCBS), according to the BCBS itself in a report it had issued.

BCBS 239 principles are supposed to be completely implemented by next year. In a breakfast briefing sponsored by Risk, a sister website and publication to IRD and the WatersTechnology group, in New York on July 15, Peyman Mestchian, managing partner at Chartis Research, remarked that it was unlikely most firms would be compliant by January, but it was likely the BCBS would be satisfied, at least for now, with firms being able to identify and report the gaps in their operations, and show plans for fixing those gaps. Mestchian expects BCBS 239 compliance to require a four- or five-year-long initiative, at least for G-Sibs.

In the US, the Comprehensive Capital Analysis Review (CCAR) regimen for reporting aggregated risk data as a stress test check-up has been in force each year since 2011. CCAR has seen so many changes in its requirements from year to year, however, observed Jon Hill, executive director and head of market and operational risk model validation in the model review group at Morgan Stanley, that passing a CCAR one year is no guarantee of passing it the next year.

Therefore, firms are continually trying to get a better handle on pricing and risk information, as Hill and Mestchian related. Often, Mestchian said, service providers and consultants tout the idea of moving off spreadsheets as a cure for passing CCAR or BCBS 239 reviews. Spreadsheets are not the problem, though, he added. "This is like saying you will stop using Microsoft Office."

Systems that offer governance controls around the use of spreadsheets are a better answer, according to Mestchian. "Risk analysts have to know what they're doing behind the scenes, in back-end technology, with control, governance and reporting," he said.

In March, shortly after that BCBS 239 report, service providers and consultants were saying firms ought to simplify their views of data for risk management, and at the same time, try to get that "big picture" view. Perhaps a wide-ranging and broad control environment might make such a view possible where it previously was not.

Quick thought:

I don't like to be one to pile on, but it's worth reflecting on the demise of CounterpartyLink, the legal entity and know-your-customer data provider, that came to light last week. The company's value proposition was collecting counterparty information, figuring out where there was overlap, eliminating redundancies and then re-distributing a more accurate and trustworthy data product. Some believe the oversight in this plan was that the overlap was not significant enough to offer enough value by correcting it.

There must have been some value in what CounterpartyLink did, however, since DTCC has acquired some of its assets and intellectual property. So it makes sense to wonder if CounterpartyLink's dissolution is really a case where a first mover in a space, a company that has figured out a novel service or a new value it can offer customers, ends up not lasting because competitors learn from its mistakes or it lacked the resources to see its invention all the way through to become a stable business.