Congress's banking chiefs are spending a lot of time these days pow-wowing over the shape of financial regulation post-Armageddon, with the creation of a systemic risk regulatory function a high priority for both President Obama and Congress.
Rep. Barney Frank (D-Mass.) and Obama seem to favor deputizing the Federal Reserve with the power; others are less sure of whether the Fed's powers should be expanded further. Sen. Christopher Dodd (D-Conn.) and other Democrats have questioned the Fed's track record in regulating and protecting consumers in light of AIG.
Outside the Beltway many bankers and industry players believe it matters less who gets anointed with the power to monitor systemic risk and more what tools can get the job done. "Whether you have four, two or 10 regulators, what's needed is a data-driven regulatory structure that allows regulators to get the pulse of the market on a daily basis," says Steve Adler, chairman of IBM's data governance council.
In the days before Lehman Brothers was allowed to fail, major banks were asked by regulators to tally their exposure. It was easier said than done. One institution estimated it had 50,000 positions with Lehman, and sequestered 125 employees in a room that weekend to tally all the spreadsheets and come up with a number. If a single major institution doesn't have enough standardized data to quickly tabulate risk, how can any regulator get a bead on the entire system? "It's hard for regulators — or anybody — to understand how market crowding affects the market," Adler says. "The best thing we could do is to require top firms in the industry to report end-of-day positions to the regulators."
Adler, his colleagues at IBM, and the 51 banks involved in the Operational Riskdata eXchange Association (ORX), have become evangelists for an effort to create a global standard for reporting loss events to regulators. The hope is that the standardized data could be aggregated, and then fed back to the industry to improve institutions' trending and forecasting, and to enable a viable insurance market for some kinds of risk.
The IBM proposal calls for the creation of a risk taxonomy based on the financial reporting language XBRL that would act as a tool to allow standardized loss reporting from financials to regulators, and the creation of a huge repository of loss data from thousands of institutions that after a few years could be used to give financial regulators a "risk pulse" on the system, Adler says, and also allow peer-to-peer comparison by institutions. The logical extension of this repository would be its use by insurers or re-insurers to price coverage for operational risk, allowing banks to transfer this risk off balance sheets into insurance products.
The Council, along with regulatory representatives, held a kickoff meeting for the mission in late February. The effort has significant support from a number of industry groups and vendors, including ORX, the Financial Services Technology Consortium, the Enterprise Data Management Council, and XBRL International. "The whole area of risk management, reporting and metrics, is not terribly standardized upon," notes Dan Schutzer, executive director of the FSTC. "It would seem to me that if we start getting some of these standards nailed down and some of the ambiguity taken out, it'll be easier for systems to interface with each other."
The challenge to the effort may be in bringing two distinct constituencies together on the issue, and then convincing the new regulator of the utility. Heads of operational risk management may be all in favor of this initiative, but the nitty-gritty of defining a taxonomy via XBRL may well be a more technical task for the IT department. "I think it's a good solution for a problem the [line of business leaders] don't know exists yet," says Luc Brandts, founder and chief technology officer of enterprise government risk-management and compliance vendor BWise.
The other big players in the market — Oracle and SAP, for example — may be reluctant to sign on for an IBM-led initiative. But the length of time this effort is likely to take is matched by the mammoth challenge legislators have in creating and operationalizing the new regulatory landscape. All the same, industry needs to seize the opportunity the current risk management failure brings. "This is the moment," Brandts says. "There's an awareness there that there otherwise wouldn't be."