The Wall Street Journal reported last week that the American units of Deutsche Bank and Banco Santander are likely to fail their U.S. stress tests due to shortcomings in how they measure and predict potential losses and risks. The surprising thing is not that Deutsche and Santander might fail the tests, but that large banks manage to pass any country's stress tests at all.
Big banks are making critical risk management decisions with data that is often old, incomplete or even inaccurate. In fact, roughly half of the 30 globally systemically important banks believe they will failto comply with important risk data aggregation principles by the January 2016 deadline, according to a recent survey by the Basel Committee on Banking Supervision. The other 50% say they will not be able to comply with all the principles, and some will barely scrape by.
This is bad news for the safety of the global financial system. Banks' regulatory reporting and public risk data only have value to the market if the information is accurate and timely. And risk managers are unable to minimize their risks and make effective resolution plans without reliable data. Indeed, the Basel Committee found that in the years leading to the global financial crisis, banks' information technology and data architecture were inadequate to support prompt and accurate identification and measurement of financial risks.
More than seven years have now passed since the crisis. But despite the billions of dollars that the financial industry has spent improving IT architecture, banks have failed to prioritize risk data management.
Part of the problem is that employees of banks that merged during the crisis have maintained a silo mentality that leads them to avoid sharing key information across departments and business units. Banks also continue to be plagued by out-of-date technology and manual processes for inputting data and risk modeling. And as banks noted in the Basel survey, they are also experiencing delays in initiating or implementing large-scale IT infrastructure projects and remain challenged by the complexity of financial regulatory projects.
Another issue is that many banks have made very little progress with data governance, meaning that they continue to have ill-defined data collection and security processes, according to the Basel survey. About half of the banks surveyed also reported lagging behind compliance deadlines for data architecture and IT infrastructure, data accuracy and integrity and how they adapt data for different risk reports. Even more worrisome is that many banks said their data and information technology architecture may prove inadequate in crisis situations.
Some banks have yet to communicate with their boards about their risk reporting's current limitations, according to the survey. And although all 30 banks said they would be unable to comply with one or more principles in a timely manner, they still told the Basel Committee that they could provide accurate and timely reports to risk managers and regulators. Based on the survey results and my own professional experience, it's safe to say that senior risk managers who often fail to understand the complexities of IT are being overly optimistic.
The Federal Reserve will release stress test results and the results of its Comprehensive Capital Analysis and Review in early March. These exams are critical in ensuring that banks are able to survive unexpected losses, especially during economic downturns.
In order to ensure the health of their banks, senior executives must make risk data aggregation their highest priority. And it is equally important that financial and bank regulators make it their supervisory priority that banks comply with Basel's data aggregation principles in a timely manner.
Until the market has proof that bank data is accurate, appropriate, complete and timely, banks' stress tests and capital reviews are neither credible nor reliable. Banks' capital ratios, liquidity and leverage buffers and living wills also cannot be trusted. And as long as banks continue to display an inability to comply with data aggregation requirements, the market and regulators must question whether high-level executives are really committed to quality risk management.