Banks are unable to adequately assess financial risk due to delays in upgrading IT systems, according to the Basel Committee on Banking Supervision.
The committee, which consists of a number of international regulation authorities, released guidelines in January aimed at improving bank IT systems which were deemed “inadequate” for identifying risk following the global financial crisis. Banks designated as critical to global financial stability are expected to meet the committee’s requirements to improve systems by 2016.
A progress report released yesterday highlighted that only 10 of the 30 banks surveyed will fully comply with the committee's demands by the deadline, and "need to significantly upgrade their risk IT systems and governance arrangements".
“Many banks are facing difficulties in establishing strong data aggregation governance, architecture and processes, which represent the initial stage of implementation,” the committee said in a statement. “Instead, they resort to extensive manual workarounds.”
The main reason for missing the deadline is due to “large, ongoing, multi-year IT and data-related projects” extending past this period, with one bank not expected to be compliant until 2018.
The committee called for more centralised management of data, such as meta data, and better accountability throughout the data lifecycle.
The committee said that in order to effectively support risk data aggregation and risk reporting practices, banks must resolve the "significant limitations currently affecting their risk IT systems".
Commenting on the Basel Committee progress report, Rolf Van Roessing, past international vice president ISACA and executive advisor at KPMG Europe, said that banks have a long way to go to improve their risk IT systems.
“Assessing risks and future systemic risks in particular, is an extremely difficult challenge for financial institutions. The recent reports on delays in implementing the comparative risk analysis are therefore not surprising,” he said.
“Banks as single institutions will have to identify and analyse their own risks as well as those presented by market interactions and system dynamics. This in turn creates massive amounts of data, and subsequent difficulties in managing and controlling the data."
He added: “Many financial institutions will have to revisit their IT infrastructure and application-based analytics. In terms of establishing accuracy, completeness and integrity of risk data, there is a lot of work to be done in strengthening internal IT controls and processes.”
At a financial management event last month, HSBC's chief data officer Peter Serenita warned that no financial firm has implemented data management as 'business as usual', despite regulatory demands around risk reporting.