Monday January 21 2013 Top 10 Risk Compliance News Events

477 views

Published on

Monday January 21 2013 Top 10 Risk Compliance News Events

Published in: Education
  • Be the first to comment

  • Be the first to like this

Monday January 21 2013 Top 10 Risk Compliance News Events

  1. 1. Page |1 International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the weeks agenda, and what is nextDear Member,If I tell you that this paper from the BaselCommittee starts with a poem, will youbelieve me?It is true!I saw it and I immediately thought… Oh, it’s going to be a bad day.In the past, I sometimes had to spend one hour per page to understandsome Basel ii/iii papers… now that they need a poem to start, what isgoing to happen?I know you ask… what poem George?“Where is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information?”T. S. Eliot. The Rock (1934)Now I am sure: T.S Eliot could become a risk management expert.I always investigate every section, reference and past paper mentioned toany paper from the Basel committee (this is how I spend one hour perpage average), so I want to read all the poem, not only this part. It may beimportant in order to understand the regulation! Otherwise, why wouldthey start with a poem?I found the part of the poem that was written in the paper: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  2. 2. Page |2Where is the Life we have lost in living?Where is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information?Now I wonder why they ignored the first part “Where is the Life we havelost in living?”Perhaps they know the answer… trying to comply with Basel {1, 2, 3…}I called a friend, attorney and lobbyist in Washington DC and I asked himabout the poem… well, he knew it very well, and he told me that the poemis about a life lived without religion; it is against communism andfascism, against totalitarian regimes. (My first thought: Did I mentionwhich poem?)Oh, perhaps I must call another friend, a university professor in Harvard,to have another opinion and to keep somewhere in the middle? No, it istoo much for a day, I will better read the poem.The poem…The Eagle soars in the summit of Heaven,The Hunter with his dogs pursues his circuit.О perpetual revolution of configured stars,О perpetual recurrence of determined seasons,О world of spring and autumn, birth and dying!***Where is the Life we have lost in living?Where is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information? _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  3. 3. Page |3***I journeyed to London, to the timekept City,Where the River flows, with foreign flotations.There I was told: we have too many churches,And too few chop-houses. There I was told:Let the vicars retire. Men do not need the ChurchIn the place where they work, but where they spend theirSundays.In the City, we need no bells:Let them waken the suburbs.I journeyed to the suburbs, and there I was told:We toil for six days, on the seventh we must motorTo Hindhead, or Maidenhead.If the weather is foul we stay at home and read the papers.In industrial districts, there I was toldOf economic laws.In the pleasant countryside, there it seemedThat the country now is only fit for picnics.And the Church does not seem to be wantedIn country or in suburbs; and in the town _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  4. 4. Page |4Only for important weddings.***The world turns and the world changes,But one thing does not change.In all of my years, one thing does not change.However you disguise it, this thing does not change:The perpetual struggle of Good and Evil.***The desert is not remote in southern tropics,The desert is not only around the corner,The desert is squeezed in the tube-train next to you.The desert is in the heart of your brother.***The voices of the Unemployed:No man has hired usWith pocketed handsAnd lowered facesWe stand about in open placesAnd shiver in unlit rooms. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  5. 5. Page |5Only the wind movesOver empty fields, untilledWhere the plough rests, at an angleTo the furrow. In this landThere shall be one cigarette to two men,To two women one half pint of bitterAle. In this landNo man has hired us.Our life is unwelcome, our deathUnmentioned in “The Times.”***What life have you if you have not life together?There is no life that is not in community,And no community not lived in praise of God.***And now you live dispersed on ribbon roads.And no man knows or cares who is his neighbourUnless his neighbour makes too much disturbance,But all dash to and fro in motor cars, _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  6. 6. Page |6Familiar with the roads and settled nowhere.Nor does the family even move about together.But every son would have his motor cycle,And daughters ride away on casual pillions.***In the land of lobelias and tennis flannelsThe rabbit shall burrow and the thorn revisit,The nettle shall flourish on the gravel court,And the wind shall say: “Here were decent godless people:Their only monument the asphalt roadAnd a thousand lost golf balls.”***When the Stranger says: “What is the meaning of this city?Do you huddle close together because you love each other?”What will you answer? “We all dwell togetherTo make money from each other”? or “This is a community”?And the Stranger will depart and return to the desert.О my soul, be prepared for the coming of the Stranger,Be prepared for him who knows how to ask questions.О weariness of men who turn from God _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  7. 7. Page |7To the grandeur of your mind and the glory of your action,To arts and inventions and daring enterprises.To schemes of human greatness thoroughly discredited.Binding the earth and the water to your service,Exploiting the seas and developing the mountains,Dividing the stars into common and preferred.Engaged in devising the perfect refrigerator,Engaged in working out a rational morality,Engaged in printing as many books as possible,Plotting of happiness and flinging empty bottles,Turning from your vacancy to fevered enthusiasmFor nation or race or what you call humanity;Though you forget the way to the Temple,There is one who remembers the way to your door:Life you may evade, but Death you shall not.You shall not deny the Stranger.***But it seems that something has happened that has never happenedbefore:though we know not just when, or why, or _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  8. 8. Page |8how, or where.Men have left God not for other gods, they say, but for no god;and this has never happened beforeThat men both deny gods and worship gods, professing firstReason,And then Money, and Power, and what they call Life, or Race,or Dialectic.The Church disowned, the tower overthrown, the bells up-turned, what have we to doBut stand with empty hands and palms turned upwardsIn an age which advances progressively backwards?***T.S. EliotOk, Now I feel that I will understand the paper from the BaselCommittee.I also found another part of the poem that is suitable to start anotherBasel iii paper:“Be prepared for him who knows how to ask questions”.Read more (about the paper, not the poem) at number 1 below.Welcome to the Top 10 list. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  9. 9. Page |9Principles for effective risk dataaggregation and risk reportingJanuary 2013The financial crisis that began in 2007revealed that many banks, including globalsystemically important banks (G-SIBs), wereunable to aggregate risk exposures andidentify concentrations fully, quickly andaccurately.This meant that banks ability to take riskdecisions in a timely fashion was seriouslyimpaired with wide-ranging consequences for the banks themselves andfor the stability of the financial system as a whole.Vice Chair Janet L. YellenAt the American EconomicAssociation/American Finance Association JointLuncheon, San Diego, CaliforniaInterconnectedness and Systemic Risk:Lessons from the Financial Crisis andPolicy Implications _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  10. 10. P a g e | 10Islamic finance industryneeds transformationThe Islamic financial services industry needs to undergo a completetransformation in order to be recognized and respected as a major globalplayer, a key conference in Bahrain heard.ESMA and the EBAtake action tostrengthen Euriborand benchmark rate-setting processesThe European Securities and Markets Authority (ESMA) and theEuropean Banking Authority (EBA) published the results of their jointwork on Euribor and propose principles for benchmark rate-settingprocesses. The publications include:Report from the Commissionto the European Parliamentand the CouncilThe review of theDirective 2002/87/EC of the European Parliament and theCouncil on the supplementary supervision of credit institutions,insurance undertakings and investment firms in a financialconglomerate _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  11. 11. P a g e | 11ESMA to provide technical adviceon possible delegated actsconcerning the ProspectusDirectiveThe European Commission sent a formal request on 20 January 2011 toESMA to provide technical advice on possible delegated acts concerningthe Prospectus Directive as amended by Directive 2010/73/EU (theMandate).Regulatory Resolutionsfor 2013Remarks by Assistant SuperintendentMark Zelmer, Office of the Superintendent of Financial InstitutionsCanada (OSFI) to the 2013 RBC Capital Markets Canadian Bank CEOConferenceFifth progress note on the GlobalLEI InitiativeThis is the fifth of a series of notes onthe implementation of the legal entity identifier (LEI) initiative. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  12. 12. P a g e | 12Corporate governanceAddress by Mr Yandraduth Googoolye, First DeputyGovernor of the Bank of Mauritius, at theworkshop on “Corporate governance”, organised bythe Mauritius Institute of Directors, Port-LouisStandard Quantum LimitSmashed, Could Mean BetterFiber-Optic CommsFrom NIST Tech BeatCommunicating with light maysoon get a lot easier, hints recentresearch from the NationalInstitute of Standards andTechnology (NIST) and theUniversity of Marylands JointQuantum Institute (JQI), wherescientists have potentially found away to overcome a longstandingbarrier to cleaner signals. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  13. 13. P a g e | 13Principles for effective risk dataaggregation and risk reportingJanuary 2013The financial crisis that began in 2007revealed that many banks, including globalsystemically important banks (G-SIBs), wereunable to aggregate risk exposures andidentify concentrations fully, quickly andaccurately.This meant that banks ability to take riskdecisions in a timely fashion was seriouslyimpaired with wide-ranging consequences for the banks themselves andfor the stability of the financial system as a whole. The Basel Committees Principles for effective risk data aggregation willstrengthen banks risk data aggregation capabilities and internal riskreporting practices.Implementation of the principles will strengthen risk management atbanks - in particular, G-SIBs - thereby enhancing their ability to copewith stress and crisis situations. An earlier version of the principles published today was issued forconsultation in June 2012.The Committee wishes to thank those who provided feedback andcomments as these were instrumental in revising and finalising theprinciples. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  14. 14. P a g e | 14Principles for effective risk data aggregation and risk reportingWhere is the wisdom we have lost in knowledge?Where is the knowledge we have lost in information?T. S. Eliot. The Rock (1934)Introduction1. One of the most significant lessons learned from the global financialcrisis that began in 2007 was that banks’ information technology (IT) anddata architectures were inadequate to support the broad management offinancial risks.Many banks lacked the ability to aggregate risk exposures and identifyconcentrations quickly and accurately at the bank group level, acrossbusiness lines and between legal entities.Some banks were unable to manage their risks properly because of weakrisk data aggregation capabilities and risk reporting practices.This had severe consequences to the banks themselves and to thestability of the financial system as a whole.2. In response, the Basel Committee issued supplemental Pillar 2(supervisory review process) guidance to enhance banks’ ability toidentify and manage bank-wide risks.In particular, the Committee emphasised that a sound risk managementsystem should have appropriate management information systems (MIS)at the business and bank-wide level.The Basel Committee also included references to data aggregation as partof its guidance on corporate governance.3. Improving banks’ ability to aggregate risk data will improve theirresolvability. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  15. 15. P a g e | 15For global systemically important banks (G-SIBs) in particular, it isessential that resolution authorities have access to aggregate risk datathat complies with the FSB’s Key Attributes of Effective ResolutionRegimes for Financial Institutions as well as the principles set out below.For recovery, a robust data framework will help banks and supervisorsanticipate problems ahead.It will also improve the prospects of finding alternative options to restorefinancial strength and viability when the firm comes under severe stress.For example, it could improve the prospects of finding a suitable mergerpartner.4. Many in the banking industry recognise the benefits of improving theirrisk data aggregation capabilities and are working towards this goal.They see the improvements in terms of strengthening the capability andthe status of the risk function to make judgements.This leads to gains in efficiency, reduced probability of losses andenhanced strategic decision-making, and ultimately increasedprofitability.5. Supervisors observe that making improvements in risk dataaggregation capabilities and risk reporting practices remains a challengefor banks, and supervisors would like to see more progress, in particular,at G-SIBs.Moreover, as the memories of the crisis fade over time, there is a dangerthat the enhancement of banks’ capabilities in these areas may receive aslower-track treatment.This is because IT systems, data and reporting processes requiresignificant investments of financial and human resources with benefitsthat may only be realised over the long-term. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  16. 16. P a g e | 166. The Financial Stability Board (FSB) has several international initiativesunderway to ensure continued progress is made in strengthening firms’risk data aggregation capabilities and risk reporting practices, which isessential to support financial stability.These include:• The development of the Principles for effective risk data aggregationand risk reporting included in this report.This work stems from a recommendation in the FSB’s Progress report onimplementing the recommendations on enhanced supervision, issued on4 November 2011:“The FSB, in collaboration with the standard setters, will develop a set ofsupervisory expectations to move firms’, particularly SIFIs, dataaggregation capabilities to a level where supervisors, firms, and otherusers (eg resolution authorities) of the data are confident that the MISreports accurately capture the risks.A timeline should be set for all SIFIs to meet supervisory expectations;the deadline for G-SIBs to meet these expectations should be thebeginning of 2016, which is the date when the added loss absorbencyrequirement begins to be phased in for G-SIBs.”• The development of a new common data template for globalsystemically important financial institutions (G-SIFIs) in order to addresskey information gaps identified during the crisis, such as bi-lateralexposures and exposures to countries/sectors/instruments.This should provide the authorities with a stronger framework forassessing potential systemic risks.• A public-private sector initiative to develop a Legal Entity Identifier(LEI) system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  17. 17. P a g e | 17The LEI system will identify unique parties to financial transactionsacross the globe and is designed to be a key building block forimprovements in the quality of financial data across the globe.7. There are also other initiatives and requirements relating to data thatwill have to be implemented in the following years.The Committee considers that upgraded risk data aggregation and riskreporting practices will allow banks to comply effectively with thoseinitiatives.Definition8. For the purpose of this paper, the term “risk data aggregation” meansdefining, gathering and processing risk data according to the bank’s riskreporting requirements to enable the bank to measure its performanceagainst its risk tolerance/appetite.This includes sorting, merging or breaking down sets of data.Objectives9. This paper presents a set of principles to strengthen banks’ risk dataaggregation capabilities and internal risk reporting practices (thePrinciples).In turn, effective implementation of the Principles is expected to enhancerisk management and decision-making processes at banks.10. The adoption of these Principles will enable fundamentalimprovements to the management of banks.The Principles are expected to support a bank’s efforts to:• Enhance the infrastructure for reporting key information, particularlythat used by the board and senior management to identify, monitor andmanage risks; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  18. 18. P a g e | 18• Improve the decision-making process throughout the bankingorganisation;• Enhance the management of information across legal entities, whilefacilitating a comprehensive assessment of risk exposures at the globalconsolidated level;• Reduce the probability and severity of losses resulting from riskmanagement weaknesses;• Improve the speed at which information is available and hencedecisions can be made; and• Improve the organisation’s quality of strategic planning and the abilityto manage the risk of new products and services.11. Strong risk management capabilities are an integral part of thefranchise value of a bank.Effective implementation of the Principles should increase the value ofthe bank.The Committee believes that the long-term benefits of improved risk dataaggregation capabilities and risk reporting practices will outweigh theinvestment costs incurred by banks.12. For bank supervisors, these Principles will complement other efforts toimprove the intensity and effectiveness of bank supervision.For resolution authorities, improved risk data aggregation should enablesmoother bank resolution, thereby reducing the potential recourse totaxpayers.Scope and initial considerations13. These Principles are initially addressed to SIBs and apply at both thebanking group and on a solo basis. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  19. 19. P a g e | 19Common and clearly stated supervisory expectations regarding risk dataaggregation and risk reporting are necessary for these institutions.National supervisors may nevertheless choose to apply the Principles to awider range of banks, in a way that is proportionate to the size, nature andcomplexity of these banks’ operations.14. Banks identified as G-SIBs by the FSB in November 2011 orNovember 2012 must meet these Principles by January 2016;G-SIBs designated in subsequent annual updates will need to meet thePrinciples within three years of their designation.G-SIBs subject to the 2016 timeline are expected to start making progresstowards effectively implementing the Principles from early 2013.National supervisors and the Basel Committee will monitor and assessthis progress in accordance with section V of this document.15. It is strongly suggested that national supervisors also apply thesePrinciples to banks identified as D-SIBs by their national supervisorsthree years after their designation as D-SIBs.16. The Principles and supervisory expectations contained in this paperapply to a bank’s risk management data.This includes data that is critical to enabling the bank to manage the risksit faces.Risk data and reports should provide management with the ability tomonitor and track risks relative to the bank’s risk tolerance/appetite.17. These Principles also apply to all key internal risk managementmodels, including but not limited to, Pillar 1 regulatory capital models (eginternal ratings-based approaches for credit risk and advancedmeasurement approaches for operational risk), Pillar 2 capital models andother key risk management models (eg value-at-risk). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  20. 20. P a g e | 2018. The Principles apply to a bank’s group risk management processes.However, banks may also benefit from applying the Principles to otherprocesses, such as financial and operational processes, as well assupervisory reporting.19. All the Principles included in this paper are also applicable toprocesses that have been outsourced to third parties.20. The Principles cover four closely related topics:• Overarching governance and infrastructure• Risk data aggregation capabilities• Risk reporting practices• Supervisory review, tools and cooperation21. Risk data aggregation capabilities and risk reporting practices areconsidered separately in this paper, but they are clearly inter-linked andcannot exist in isolation.High quality risk management reports rely on the existence of strong riskdata aggregation capabilities, and sound infrastructure and governanceensures the information flow from one to the other.22. Banks should meet all risk data aggregation and risk reportingprinciples simultaneously.However, trade-offs among Principles could be accepted in exceptionalcircumstances such as urgent/ad hoc requests of information on new orunknown areas of risk.There should be no trade-offs that materially impact risk managementdecisions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  21. 21. P a g e | 21Decision-makers at banks, in particular the board and seniormanagement, should be aware of these trade-offs and the limitations orshortcomings associated with them.Supervisors expect banks to have policies and processes in placeregarding the application of trade-offs.Banks should be able to explain the impact of these trade-offs on theirdecision- making process through qualitative reports and, to the extentpossible, quantitative measures.23. The concept of materiality used in this paper means that data andreports can exceptionally exclude information only if it does not affect thedecision-making process in a bank (ie decision-makers, in particular theboard and senior management, would have been influenced by theomitted information or made a different judgment if the correctinformation had been known).In applying the materiality concept, banks will take into accountconsiderations that go beyond the number or size of the exposures notincluded, such as the type of risks involved, or the evolving and dynamicnature of the banking business.Banks should also take into account the potential future impact of theinformation excluded on the decision-making process at theirinstitutions.Supervisors expect banks to be able to explain the omissions ofinformation as a result of applying the materiality concept.24. Banks should develop forward looking reporting capabilities toprovide early warnings of any potential breaches of risk limits that mayexceed the bank’s risk tolerance/appetite.These risk reporting capabilities should also allow banks to conduct aflexible and effective stress testing which is capable of providingforward-looking risk assessments. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  22. 22. P a g e | 22Supervisors expect risk management reports to enable banks to anticipateproblems and provide a forward looking assessment of risk.25. Expert judgment may occasionally be applied to incomplete data tofacilitate the aggregation process, as well as the interpretation of resultswithin the risk reporting process.Reliance on expert judgment in place of complete and accurate datashould occur only on an exception basis, and should not materiallyimpact the bank’s compliance with the Principles.When expert judgment is applied, supervisors expect that the process beclearly documented and transparent so as to allow for an independentreview of the process followed and the criteria used in thedecision-making process.I. Overarching governance and infrastructure26. A bank should have in place a strong governance framework, risk dataarchitecture and IT infrastructure.These are preconditions to ensure compliance with the other Principlesincluded in this document.In particular, a bank’s board should oversee senior management’sownership of implementing all the risk data aggregation and riskreporting principles and the strategy to meet them within a timeframeagreed with their supervisors.Principle 1Governance – A bank’s risk data aggregation capabilities and riskreporting practices should be subject to strong governance arrangementsconsistent with other principles and guidance established by the BaselCommittee. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  23. 23. P a g e | 2327. A bank’s board and senior management should promote theidentification, assessment and management of data quality risks as partof its overall risk management framework.The framework should include agreed service level standards for bothoutsourced and in-house risk data-related processes, and a firm’s policieson data confidentiality, integrity and availability, as well as riskmanagement policies.28. A bank’s board and senior management should review and approvethe bank’s group risk data aggregation and risk reporting framework andensure that adequate resources are deployed.29. A bank’s risk data aggregation capabilities and risk reportingpractices should be:(a) Fully documented and subject to high standards of validation.This validation should be independent and review the bank’s compliancewith the Principles in this document.The primary purpose of the independent validation is to ensure that abanks risk data aggregation and reporting processes are functioning asintended and are appropriate for the banks risk profile.Independent validation activities should be aligned and integrated withthe other independent review activities within the banks riskmanagement program, and encompass all components of the banks riskdata aggregation and reporting processes.Common practices suggest that the independent validation of risk dataaggregation and risk reporting practices should be conducted using staffwith specific IT, data and reporting expertise.(b) Considered as part of any new initiatives, including acquisitionsand/or divestitures, new product development, as well as broader processand IT change initiatives. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  24. 24. P a g e | 24When considering a material acquisition, a bank’s due diligence processshould assess the risk data aggregation capabilities and risk reportingpractices of the acquired entity, as well as the impact on its own risk dataaggregation capabilities and risk reporting practices.The impact on risk data aggregation should be considered explicitly bythe board and inform the decision to proceed.The bank should establish a timeframe to integrate and align theacquired risk data aggregation capabilities and risk reporting practiceswithin its own framework.(c) Unaffected by the bank’s group structure.The group structure should not hinder risk data aggregation capabilitiesat a consolidated level or at any relevant level within the organisation (egsub-consolidated level, jurisdiction of operation level).In particular, risk data aggregation capabilities should be independentfrom the choices a bank makes regarding its legal organisation andgeographical presence.30. A bank’s senior management should be fully aware of and understandthe limitations that prevent full risk data aggregation, in terms ofcoverage (eg risks not captured or subsidiaries not included), in technicalterms (eg model performance indicators or degree of reliance on manualprocesses) or in legal terms (legal impediments to data sharing acrossjurisdictions).Senior management should ensure that the bank’s IT strategy includesways to improve risk data aggregation capabilities and risk reportingpractices and to remedy any shortcomings against the Principles set forthin this document taking into account the evolving needs of the business.Senior management should also identify data critical to risk dataaggregation and IT infrastructure initiatives through its strategic ITplanning process, and support these initiatives through the allocation ofappropriate levels of financial and human resources. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  25. 25. P a g e | 2531. A bank’s board is responsible for determining its own risk reportingrequirements and should be aware of limitations that prevent full risk dataaggregation in the reports it receives.The board should also be aware of the bank’s implementation of, andongoing compliance with the Principles set out in this document.Principle 2Data architecture and IT infrastructure – A bank should design, build andmaintain data architecture and IT infrastructure which fully supports itsrisk data aggregation capabilities and risk reporting practices not only innormal times but also during times of stress or crisis, while still meetingthe other Principles.32. Risk data aggregation capabilities and risk reporting practices shouldbe given direct consideration as part of a bank’s business continuityplanning processes and be subject to a business impact analysis.33. A bank should establish integrated data taxonomies and architectureacross the banking group, which includes information on thecharacteristics of the data (metadata), as well as use of single identifiersand/or unified naming conventions for data including legal entities,counterparties, customers and accounts.34. Roles and responsibilities should be established as they relate to theownership and quality of risk data and information for both the businessand IT functions.The owners (business and IT functions), in partnership with riskmanagers, should ensure there are adequate controls throughout thelifecycle of the data and for all aspects of the technology infrastructure.The role of the business owner includes ensuring data is correctly enteredby the relevant front office unit, kept current and aligned with the datadefinitions, and also ensuring that risk data aggregation capabilities andrisk reporting practices are consistent with firms’ policies. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  26. 26. P a g e | 26II. Risk data aggregation capabilities35. Banks should develop and maintain strong risk data aggregationcapabilities to ensure that risk management reports reflect the risks in areliable way (ie meeting data aggregation expectations is necessary tomeet reporting expectations).Compliance with these Principles should not be at the expense of eachother.These risk data aggregation capabilities should meet all Principles belowsimultaneously in accordance with paragraph 22 of this document.Principle 3Accuracy and Integrity – A bank should be able to generate accurate andreliable risk data to meet normal and stress/crisis reporting accuracyrequirements.Data should be aggregated on a largely automated basis so as tominimise the probability of errors.36. A bank should aggregate risk data in a way that is accurate andreliable.(a) Controls surrounding risk data should be as robust as those applicableto accounting data.(b) Where a bank relies on manual processes and desktop applications(eg spreadsheets, databases) and has specific risk units that use theseapplications for software development, it should have effective mitigantsin place (eg end-user computing policies and procedures) and othereffective controls that are consistently applied across the bank’sprocesses. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  27. 27. P a g e | 27(c) Risk data should be reconciled with bank’s sources, includingaccounting data where appropriate, to ensure that the risk data isaccurate.(d) A bank should strive towards a single authoritative source for risk dataper each type of risk.(e) A bank’s risk personnel should have sufficient access to risk data toensure they can appropriately aggregate, validate and reconcile the datato risk reports.37. As a precondition, a bank should have a “dictionary” of the conceptsused, such that data is defined consistently across an organisation.38. There should be an appropriate balance between automated andmanual systems.Where professional judgements are required, human intervention may beappropriate.For many other processes, a higher degree of automation is desirable toreduce the risk of errors.39. Supervisors expect banks to document and explain all of their risk dataaggregation processes whether automated or manual (judgement basedor otherwise).Documentation should include an explanation of the appropriateness ofany manual workarounds, a description of their criticality to the accuracyof risk data aggregation and proposed actions to reduce the impact.40. Supervisors expect banks to measure and monitor the accuracy of dataand to develop appropriate escalation channels and action plans to be inplace to rectify poor data quality. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  28. 28. P a g e | 28Principle 4Completeness – A bank should be able to capture and aggregate allmaterial risk data across the banking group.Data should be available by business line, legal entity, asset type,industry, region and other groupings, as relevant for the risk in question,that permit identifying and reporting risk exposures, concentrations andemerging risks.41. A bank’s risk data aggregation capabilities should include all materialrisk exposures, including those that are off-balance sheet.42. A banking organisation is not required to express all forms of risk in acommon metric or basis, but risk data aggregation capabilities should bethe same regardless of the choice of risk aggregation systemsimplemented.However, each system should make clear the specific approach used toaggregate exposures for any given risk measure, in order to allow theboard and senior management to assess the results properly.43. Supervisors expect banks to produce aggregated risk data that iscomplete and to measure and monitor the completeness of their risk data.Where risk data is not entirely complete, the impact should not be criticalto the bank’s ability to manage its risks effectively.Supervisors expect banks’ data to be materially complete, with anyexceptions identified and explained.Principle 5Timeliness – A bank should be able to generate aggregate and up-to-daterisk data in a timely manner while also meeting the principles relating toaccuracy and integrity, completeness and adaptability. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  29. 29. P a g e | 29The precise timing will depend upon the nature and potential volatility ofthe risk being measured as well as its criticality to the overall risk profileof the bank.The precise timing will also depend on the bank-specific frequencyrequirements for risk management reporting, under both normal andstress/crisis situations, set based on the characteristics and overall riskprofile of the bank.44. A bank’s risk data aggregation capabilities should ensure that it is ableto produce aggregate risk information on a timely basis to meet all riskmanagement reporting requirements.45. The Basel Committee acknowledges that different types of data willbe required at different speeds, depending on the type of risk, and thatcertain risk data may be needed faster in a stress/crisis situation.Banks need to build their risk systems to be capable of producingaggregated risk data rapidly during times of stress/crisis for all criticalrisks.46. Critical risks include but are not limited to:(a) The aggregated credit exposure to a large corporate borrower.By comparison, groups of retail exposures may not change as critically ina short period of time but may still include significant concentrations;(b) Counterparty credit risk exposures, including, for example,derivatives;(c) Trading exposures, positions, operating limits, and marketconcentrations by sector and region data;(d) Liquidity risk indicators such as cash flows/settlements and funding;and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  30. 30. P a g e | 30(e) Operational risk indicators that are time-critical (eg systemsavailability, unauthorised access).47. Supervisors will review that the bank specific frequency requirements,for both normal and stress/crisis situations, generate aggregate andup-to-date risk data in a timely manner.Principle 6Adaptability – A bank should be able to generate aggregate risk data tomeet a broad range of on-demand, ad hoc risk management reportingrequests, including requests during stress/crisis situations, requests dueto changing internal needs and requests to meet supervisory queries.48. A bank’s risk data aggregation capabilities should be flexible andadaptable to meet ad hoc data requests, as needed, and to assessemerging risks.Adaptability will enable banks to conduct better risk management,including forecasting information, as well as to support stress testing andscenario analyses.49. Adaptability includes:(a) Data aggregation processes that are flexible and enable risk data to beaggregated for assessment and quick decision-making;(b) Capabilities for data customisation to users’ needs (eg dashboards,key takeaways, anomalies), to drill down as needed, and to produce quicksummary reports;(c) Capabilities to incorporate new developments on the organisation ofthe business and/or external factors that influence the bank’s risk profile;and(d) Capabilities to incorporate changes in the regulatory framework. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  31. 31. P a g e | 3150. Supervisors expect banks to be able to generate subsets of data basedon requested scenarios or resulting from economic events.For example, a bank should be able to aggregate risk data quickly oncountry credit exposures as of a specified date based on a list of countries,as well as industry credit exposures as of a specified date based on a list ofindustry types across all business lines and geographic areas.III. Risk reporting practices51. Accurate, complete and timely data is a foundation for effective riskmanagement.However, data alone does not guarantee that the board and seniormanagement will receive appropriate information to make effectivedecisions about risk.To manage risk effectively, the right information needs to be presented tothe right people at the right time.Risk reports based on risk data should be accurate, clear and complete.They should contain the correct content and be presented to theappropriate decision-makers in a time that allows for an appropriateresponse.To effectively achieve their objectives, risk reports should comply withthe following principles. Compliance with these principles should not beat the expense of each other in accordance with paragraph 22 of thisdocument.Principle 7Accuracy - Risk management reports should accurately and preciselyconvey aggregated risk data and reflect risk in an exact manner. Reportsshould be reconciled and validated. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  32. 32. P a g e | 3252. Risk management reports should be accurate and precise to ensure abank’s board and senior management can rely with confidence on theaggregated information to make critical decisions about risk.53. To ensure the accuracy of the reports, a bank should maintain, at aminimum, the following:(a) Defined requirements and processes to reconcile reports to risk data;(b) Automated and manual edit and reasonableness checks, including aninventory of the validation rules that are applied to quantitativeinformation.The inventory should include explanations of the conventions used todescribe any mathematical or logical relationships that should be verifiedthrough these validations or checks; and(c) Integrated procedures for identifying, reporting and explaining dataerrors or weaknesses in data integrity via exceptions reports.54. Approximations are an integral part of risk reporting and riskmanagement.Results from models, scenario analyses, and stress testing are examples ofapproximations that provide critical information for managing risk.While the expectations for approximations may be different than for othertypes of risk reporting, banks should follow the reporting principles inthis document and establish expectations for the reliability ofapproximations (accuracy, timeliness, etc) to ensure that managementcan rely with confidence on the information to make critical decisionsabout risk.This includes principles regarding data used to drive theseapproximations. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  33. 33. P a g e | 3355. Supervisors expect that a bank’s senior management should establishaccuracy and precision requirements for both regular and stress/crisisreporting, including critical position and exposure information.These requirements should reflect the criticality of decisions that will bebased on this information.56. Supervisors expect banks to consider accuracy requirementsanalogous to accounting materiality.For example, if omission or misstatement could influence the riskdecisions of users, this may be considered material.A bank should be able to support the rationale for accuracy requirements.Supervisors expect a bank to consider precision requirements based onvalidation, testing or reconciliation processes and results.Principle 8Comprehensiveness - Risk management reports should cover all materialrisk areas within the organisation.The depth and scope of these reports should be consistent with the sizeand complexity of the bank’s operations and risk profile, as well as therequirements of the recipients.57. Risk management reports should include exposure and positioninformation for all significant risk areas (eg credit risk, market risk,liquidity risk, operational risk) and all significant components of thoserisk areas (eg single name, country and industry sector for credit risk).Risk management reports should also cover risk-related measures (egregulatory and economic capital).58. Reports should identify emerging risk concentrations, provideinformation in the context of limits and risk appetite/tolerance andpropose recommendations for action where appropriate. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  34. 34. P a g e | 34Risk reports should include the current status of measures agreed by theboard or senior management to reduce risk or deal with specific risksituations.This includes providing the ability to monitor emerging trends throughforward-looking forecasts and stress tests.59. Supervisors expect banks to determine risk reporting requirementsthat best suit their own business models and risk profiles.Supervisors will need to be satisfied with the choices a bank makes interms of risk coverage, analysis and interpretation, scalability andcomparability across group institutions.For example, an aggregated risk report should include, but not be limitedto, the following information: capital adequacy, regulatory capital, capitaland liquidity ratio projections, credit risk, market risk, operational risk,liquidity risk, stress testing results, inter- and intra-risk concentrations,and funding positions and plans.60. Supervisors expect that risk management reports to the board andsenior management provide a forward-looking assessment of risk andshould not just rely on current and past data.The reports should contain forecasts or scenarios for key market variablesand the effects on the bank so as to inform the board and seniormanagement of the likely trajectory of the bank’s capital and risk profilein the future.Principle 9Clarity and usefulness - Risk management reports should communicateinformation in a clear and concise manner.Reports should be easy to understand yet comprehensive enough tofacilitate informed decision-making. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  35. 35. P a g e | 35Reports should include meaningful information tailored to the needs ofthe recipients.61. A bank’s risk reports should contribute to sound risk management anddecision-making by their relevant recipients, including, in particular, theboard and senior management.Risk reports should ensure that information is meaningful and tailored tothe needs of the recipients.62. Reports should include an appropriate balance between risk data,analysis and interpretation, and qualitative explanations.The balance of qualitative versus quantitative information will vary atdifferent levels within the organisation and will also depend on the level ofaggregation that is applied to the reports. Higher up in the organisation, more aggregation is expected andtherefore a greater degree of qualitative interpretation will be necessary.63. Reporting policies and procedures should recognise the differinginformation needs of the board, senior management, and the other levelsof the organisation (for example risk committees).64. As one of the key recipients of risk management reports, the bank’sboard is responsible for determining its own risk reporting requirementsand complying with its obligations to shareholders and other relevantstakeholders.The board should ensure that it is asking for and receiving relevantinformation that will allow it to fulfil its governance mandate relating tothe bank and the risks to which it is exposed.This will allow the board to ensure it is operating within its risktolerance/appetite.65. The board should alert senior management when risk reports do notmeet its requirements and do not provide the right level and type of _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  36. 36. P a g e | 36information to set and monitor adherence to the bank’s risktolerance/appetite.The board should indicate whether it is receiving the right balance ofdetail and quantitative versus qualitative information.66. Senior management is also a key recipient of risk reports and it isresponsible for determining its own risk reporting requirements.Senior management should ensure that it is receiving relevantinformation that will allow it to fulfil its management mandate relative tothe bank and the risks to which it is exposed.67. A bank should develop an inventory and classification of risk dataitems which includes a reference to the concepts used to elaborate thereports.68. Supervisors expect that reports will be clear and useful.Reports should reflect an appropriate balance between detailed data,qualitative discussion, explanation and recommended conclusions.Interpretation and explanations of the data, including observed trends,should be clear.69. Supervisors expect a bank to confirm periodically with recipients thatthe information aggregated and reported is relevant and appropriate, interms of both amount and quality, to the governance anddecision-making process.Principle 10Frequency – The board and senior management (or other recipients asappropriate) should set the frequency of risk management reportproduction and distribution.Frequency requirements should reflect the needs of the recipients, thenature of the risk reported, and the speed, at which the risk can change, as _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  37. 37. P a g e | 37well as the importance of reports in contributing to sound riskmanagement and effective and efficient decision-making across the bank.The frequency of reports should be increased during times ofstress/crisis.70. The frequency of risk reports will vary according to the type of risk,purpose and recipients.A bank should assess periodically the purpose of each report and setrequirements for how quickly the reports need to be produced in bothnormal and stress/crisis situations.A bank should routinely test its ability to produce accurate reports withinestablished timeframes, particularly in stress/crisis situations.71. Supervisors expect that in times of stress/crisis all relevant and criticalcredit, market and liquidity position/exposure reports are availablewithin a very short period of time to react effectively to evolving risks.Some position/exposure information may be needed immediately(intraday) to allow for timely and effective reactions.Principle 11Distribution - Risk management reports should be distributed to therelevant parties while ensuring confidentiality is maintained.72. Procedures should be in place to allow for rapid collection andanalysis of risk data and timely dissemination of reports to all appropriaterecipients.This should be balanced with the need to ensure confidentiality asappropriate.73. Supervisors expect a bank to confirm periodically that the relevantrecipients receive timely reports. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  38. 38. P a g e | 38IV. Supervisory review, tools and cooperation74. Supervisors will have an important role to play in monitoring andproviding incentives for a bank’s implementation of, and ongoingcompliance with the Principles.They should also review compliance with the Principles across banks todetermine whether the Principles themselves are achieving their desiredoutcome and whether further enhancements are required.Principle 12Review - Supervisors should periodically review and evaluate a bank’scompliance with the eleven Principles above.75. Supervisors should review a bank’s compliance with the Principles inthe preceding sections.Reviews should be incorporated into the regular programme ofsupervisory reviews and may be supplemented by thematic reviewscovering multiple banks with respect to a single or selected issue.Supervisors may test a bank’s compliance with the Principles throughoccasional requests for information to be provided on selected risk issues(for example, exposures to certain risk factors) within short deadlines,thereby testing the capacity of a bank to aggregate risk data rapidly andproduce risk reports.Supervisors should have access to the appropriate reports to be able toperform this review.76. Supervisors should draw on reviews conducted by the internal orexternal auditors to inform their assessments of compliance with thePrinciples.Supervisors may require work to be carried out by a bank’s internal auditfunctions or by experts independent from the bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  39. 39. P a g e | 39Supervisors must have access to all appropriate documents such asinternal validation and audit reports, and should be able to meet with anddiscuss risk data aggregation capabilities with the external auditors orindependent experts from the bank, when appropriate.77. Supervisors should test a bank’s capabilities to aggregate data andproduce reports in both stress/crisis and steady-state environments,including sudden sharp increases in business volumes.Principle 13Remedial actions and supervisory measures - Supervisors should haveand use the appropriate tools and resources to require effective and timelyremedial action by a bank to address deficiencies in its risk dataaggregation capabilities and risk reporting practices.Supervisors should have the ability to use a range of tools, including Pillar2.78. Supervisors should require effective and timely remedial action by abank to address deficiencies in its risk data aggregation capabilities andrisk reporting practices and internal controls.79. Supervisors should have a range of tools at their disposal to addressmaterial deficiencies in a bank’s risk data aggregation and reportingcapabilities.Such tools may include, but are not limited to, requiring a bank to takeremedial action; increasing the intensity of supervision; requiring anindependent review by a third party, such as external auditors; and thepossible use of capital add-ons as both a risk mitigant and incentiveunder Pillar 2.80. Supervisors should be able to set limits on a bank’s risks or the growthin their activities where deficiencies in risk data aggregation andreporting are assessed as causing significant weaknesses in riskmanagement capabilities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  40. 40. P a g e | 4081. For new business initiatives, supervisors may require that banks’implementation plans ensure that robust risk data aggregation is possiblebefore allowing a new business venture or acquisition to proceed.82. When a supervisor requires a bank to take remedial action, thesupervisor should set a timetable for completion of the action.Supervisors should have escalation procedures in place to require morestringent or accelerated remedial action in the event that a bank does notadequately address the deficiencies identified, or in the case thatsupervisors deem further action is warranted.Principle 14Home/host cooperation - Supervisors should cooperate with relevantsupervisors in other jurisdictions regarding the supervision and review ofthe Principles, and the implementation of any remedial action ifnecessary.83. Effective cooperation and appropriate information sharing betweenthe home and host supervisory authorities should contribute to therobustness of a bank’s risk management practices across a bank’soperations in multiple jurisdictions.Wherever possible, supervisors should avoid performing redundant anduncoordinated reviews related to risk data aggregation and risk reporting.84. Cooperation can take the form of sharing of information within theconstraints of applicable laws, as well as discussion between supervisorson a bilateral or multilateral basis (eg through colleges of supervisors),including, but not limited to, regular meetings.Communication by conference call and email may be particularly usefulin tracking required remedial actions.Cooperation through colleges should be in line with the BaselCommittee’s Good practice principles on supervisory colleges. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  41. 41. P a g e | 4185. Supervisors should discuss their experiences regarding the quality ofrisk data aggregation capabilities and risk reporting practices in differentparts of the group.This should include any impediments to risk data aggregation and riskreporting arising from cross-border issues and also whether risk data isdistributed appropriately across the group.Such exchanges will enable supervisors to identify significant concerns atan early stage and to respond promptly and effectively.V. Implementation timeline and transitional arrangements86. Supervisors expect that a bank’s data and IT infrastructures will beenhanced in the coming years to ensure that its risk data aggregationcapabilities and risk reporting practices are sufficiently robust andflexible enough to address their potential needs in normal times andparticularly during times of stress/crisis.87. National banking supervisors will start discussing implementation ofthe Principles with G-SIB’s senior management in early 2013.This will ensure that banks they develop a strategy to meet the Principlesby 2016.88. In order for G-SIBs to meet the Principles in accordance with the 2016timeline, national banking supervisors will discuss banks’ analysis of riskdata aggregation capabilities with their senior management and agree totimelines for required improvements.Supervisory approaches are likely to include requiring self-assessmentsby G-SIBs against these expectations in early 2013, with the goal ofclosing significant gaps before 2016.Supervisors may also engage technical experts to support theirassessments of banks’ plans in respect of the 2016 deadline. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  42. 42. P a g e | 4289. The Basel Committee will track G-SIBs progress towards complyingwith the Principles through its Standards Implementation Group (SIG)from 2013 onwards.This will include any observations on the effectiveness of the Principlesthemselves and whether any enhancements or other revisions of thePrinciples are necessary in order to achieve the desired outcomes.The Basel Committee will share its findings with the FSB at least annuallystarting from the end of 2013.Annex 1Terms used in the documentAccuracyCloseness of agreement between a measurement or record orrepresentation and the value to be measured, recorded or represented.This definition applies to both risk data aggregation and risk reports.AdaptabilityThe ability of risk data aggregation capabilities to change (or bechanged) in response to changed circumstances (internal or external).ApproximationA result that is not necessarily exact, but acceptable for its given purpose.ClarityThe ability of risk reporting to be easily understood and free fromindistinctness or ambiguity.CompletenessAvailability of relevant risk data aggregated across all firms constituentunits (eg legal entities, business lines, jurisdictions, etc)ComprehensivenessExtent to which risk reports include or deal with all risks relevant to thefirm. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  43. 43. P a g e | 43DistributionEnsuring that the adequate people or groups receive the appropriate riskreports.FrequencyThe rate at which risk reports are produced over time.IntegrityFreedom of risk data from unauthorised alteration and unauthorisedmanipulation that compromise its accuracy, completeness and reliability.Manual workaroundsEmploying human-based processes and tools to transfer, manipulate oralter data used to be aggregated or reported.PrecisionCloseness of agreement between indications or measured quantity valuesobtained by replicating measurements on the same or similar objectsunder specified conditions.ReconciliationThe process of comparing items or outcomes and explaining thedifferences.Risk tolerance/appetiteThe level and type of risk a firm is able and willing to assume in itsexposures and business activities, given its business and obligations tostakeholders. It is generally expressed through both quantitative andqualitative means.Risk Data aggregationDefining, gathering, and processing risk data according to the bank’s riskreporting requirements to enable the bank to measure its performanceagainst its risk tolerance/appetite.This includes sorting, merging or breaking down sets of data. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  44. 44. P a g e | 44TimelinessAvailability of aggregated risk data within such a timeframe as to enable abank to produce risk reports at an established frequency.ValidationThe process by which the correctness (or not) of inputs, processing, andoutputs is identified and quantified. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  45. 45. P a g e | 45Vice Chair Janet L. YellenAt the American EconomicAssociation/American Finance AssociationJoint Luncheon, San Diego, CaliforniaInterconnectedness and Systemic Risk:Lessons from the Financial Crisis andPolicy Implications Thank you, Claudia, and thanks to the American Economic Associationand the American Finance Association for the opportunity to speak to youon a topic of growing interest to our profession and of great importance tounderstanding the causes and implications of the financial crisis. Everyone here today, Im sure, is familiar with the tumultuous eventsthat introduced many Americans to the concept of systemic risk.To recap briefly, losses arising from leveraged investments caused a fewimportant, but perhaps not essential, financial institutions to fail.At first, the damage appeared to be contained, but the resulting stressesrevealed extensive interconnections among traditional banks, investmenthouses, and the rapidly growing and less regulated shadow bankingsector.Market participants lost confidence in their trading partners, and, as thecrisis unfolded, the financial sector struggled to cope with a massivewithdrawal of liquidity, the collapse of one of its most prominentinstitutions, and a 40 percent drop in equity prices.The effects of the crisis were felt far beyond the financial sector as creditdried up and a mild recession became something far worse.You are also, no doubt, familiar with the political response to that crisis.After considerable debate, the Congress passed sweeping reform _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  46. 46. P a g e | 46legislation designed to place the nations financial infrastructure on amore solid foundation.Im referring, of course, to the banking panic of 1907.The legislation that President Wilson signed in December 1913 createdthe Federal Reserve, providing the nation with a lender of last resort torespond to such crises.As we approach the centennial of the Federal Reserve System, it isstriking how many of the challenges of that era remain with us today.In 1907, the correspondent banking networks that helped concentratereserves in New York and other money centers also made the bankingsystem highly interconnected.Today, our capability to monitor and model financial outcomes is vastlygreater, and the tools available to the Federal Reserve are vastly morepowerful, than the private capital and moral suasion that financier J. P.Morgan summoned in 1907 to stabilize the banks and trusts.But as we learned during the recent crisis, the financial system has alsogrown much larger and more complex, and our efforts to understand andinfluence it have, at best, only kept pace.Complex links among financial market participants and institutions are ahallmark of the modern global financial system.Across geographic and market boundaries, agents within the financialsystem engage in a diverse array of transactions and relationships thatconnect them to other participants.Indeed, much of the financial innovation that preceded the most recentfinancial crisis increased both the number and types of connections thatlinked borrowers and lenders in the economy.The rapid growth in securitization and derivatives markets prior to thecrisis provides a stark example of this phenomenon. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  47. 47. P a g e | 47As shown in figure 1, between 2000 and 2007, the notional value ofcollateralized debt obligations outstanding increased from less than $300billion to more than $1.4 trillion.From 2004, the earliest date for which comprehensive data are available,to 2007, the outstanding notional amount of credit default swap (CDS)contracts increased tenfold, from $6 trillion to $60 trillion.This incredible growth in securitization and derivatives markets reflects asignificant increase in the number, types, and complexity of networkconnections in the financial system. Financial economists have long stressed the benefits of interactionsamong financial intermediaries, and there is little doubt that some degreeof interconnectedness is vital to the functioning of our financial system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  48. 48. P a g e | 48Economists take a well-reasoned and dim view of autarky as the path togrowth and stability.Banks and other financial intermediaries channel capital from savers,who often have short-term liquidity demands, into productiveinvestments that typically require stable, long-term funding.Financial intermediaries work with one another because no singleinstitution can hope to access the full range of available capital andinvestment opportunities in our complex economy.Connections among market actors also facilitate risk sharing, which canhelp minimize (though not eliminate) the uncertainty faced by individualagents.Yet experience--most importantly, our recent financial crisis--as well as agrowing body of academic research suggests that interconnectionsamong financial intermediaries are not an unalloyed good.Complex interactions among market actors may serve to amplify existingmarket frictions, information asymmetries, or other externalities.The difficult task before market participants, policymakers, andregulators with systemic risk responsibilities such as the Federal Reserveis to find ways to preserve the benefits of interconnectedness in financialmarkets while managing the potentially harmful side effects.Indeed, new regulations required by the Dodd-Frank Wall Street Reformand Consumer Protection Act of 2010 (Dodd-Frank Act) and changes insupervisory practices by the Federal Reserve and other financialregulators are intended to do just that. In my remarks, I will discuss a few of the major regulatory andsupervisory changes under way to address the potential for excessivesystemic risk arising from the complexity and interconnectedness thatcharacterize our financial system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  49. 49. P a g e | 49The design of an appropriate regulatory framework entails tradeoffsbetween costs and benefits, and to illustrate them, I will discuss in somedetail proposals currently under consideration to mitigate risk inover-the-counter (OTC) derivatives, which proved to be an importantchannel for the transmission of risk during the recent crisis.I am quite aware that some reforms in the wake of the financial crisis,including those pertaining to derivatives, have been controversial.In connection with recent rulemakings--and, more broadly, in the arenaof public debate--critics have asked whether complexity andinterconnectedness should be treated as potential sources of systemicrisk.This is a legitimate question that the Federal Reserve welcomes and itselfseeks to answer in its roles of researcher, regulator, and supervisor.Let me say at the outset, though, that a lack of complete certainty aboutpotential outcomes is not a justification for inaction, considering the sizeof the threat encountered in the recent crisis.Responsible policymakers try to make decisions with the bestinformation available but would always like to know more.With that in mind, Ill begin by briefly surveying research that highlightsways in which network structure and interconnectedness can give rise toor exacerbate systemic risk in the financial system.The Economics of Interconnectedness and Systemic RiskAcademic research that explores the relationship between networkstructure and systemic risk is relatively new.Not surprisingly, interest in this field has increased considerably since thefinancial crisis. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  50. 50. P a g e | 50A search of economics research focusing on "systemic risk" or"interconnectedness" since 2007 yields 624 publications, twice as manyas were produced in the previous 25 years.Thats not to say that economists were blind to the importance ofnetworks before the financial crisis.In 2000, Franklin Allen and Douglas Gale, for example, developed animportant model of financial networks that provides insight into hownetworks can influence systemic risk.In the model studied by Allen and Gale, systemic risk arises throughliquidity shocks that can have a domino effect, causing a problem at onebank to spread to others, potentially leading to failures throughout thesystem.In their model, interbank deposits are a primary mechanism for thetransmission of liquidity shocks from one bank to another.Allen and Gale compare two canonical network structures: a "complete"network, in which all banks lend to and borrow from all other banks, andan "incomplete" network, in which each bank borrows from only oneneighbor and lends to only one other neighbor. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  51. 51. P a g e | 51Figure 2, panel A, presents an example of a complete network, and figure2, panel B, an example of an incomplete network. In the case of the complete network, banks benefit from diversifiedfunding streams. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  52. 52. P a g e | 52A liquidity shock at one bank is less likely to cause the bankruptcy ofanother bank since the shock can be distributed among all banks in thesystem.In the incomplete network, funding is not diversified.A liquidity shock at one bank is more likely to cause liquidity problems atother connected banks because the same shock is spread over fewerbanks and is therefore larger and more destabilizing.The principle behind this result is familiar and basic to economics:Diversification reduces risk and improves stability.While this idea is compelling, both economic research and the events ofthe financial crisis suggest that it is incomplete. In their classic paper on bank runs, Douglas Diamond and Philip Dybvigshowed how rational and prudent actions by individual depositors to limittheir own risks may be highly destabilizing to an institution designed totransform short-term liabilities into long-term assets.Xavier Freixas, Bruno Parigi, and Jean-Charles Rochet show that asimilar kind of collective action problem can arise in a network akin to amodern check-clearing system in which credit extensions among banksallow claims on one institution to be fulfilled by another.Such a system is socially useful because it allows depositors to shift fundsamong banks without forcing banks to sell illiquid assets, thus enablingsociety as a whole to undertake more productive, long-term investment.But in times of stress or uncertainty, such systems can be subject tocoordination failures:A "gridlock" equilibrium can arise in which depositors at each bankwithdraw funds early in order to avoid losses arising from creditextensions to other banks whose depositors are also expected to force anearly liquidation of assets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  53. 53. P a g e | 53In Freixas, Parigi, and Rochet (2000), interbank credit extensions, whileuseful, can result in institutions that are "too interconnected to fail."These models underscore that the pattern of connections throughout afinancial network determines the systemwide implications of liquidityshocks or other financial stresses in one part of the network.This finding is one reason why efforts to collect more and better data onthe precise linkages among financial institutions are so important.Without such comprehensive and detailed data, it is simply not possibleto understand how stress in one part of the network may spread and affectthe entire system. Networks that are more interconnected are inherently more complexthan those in which market participants have fewer links to one another,and complexity can exacerbate the kinds of coordination problemshighlighted by Diamond and Dybvig and by Freixas, Parigi, and Rochet.Of course, "complexity" is difficult to define in a completely systematicand satisfactory manner, but one way emphasized in recent work byHyun Song Shin is to consider the number of links required to connectsavers to borrowers.Shins analysis of interconnectedness among financial institutions isbased on the idea that the ultimate amount of lending and borrowing thatcan occur in an economy is determined by economic fundamentals suchas income growth, which change only slowly over time, whereasinterbank claims can grow or contract far more quickly.Of course, claims within the entire financial system net out to zero, butthey do affect the leverage of the institutions involved.In Shins model, financial institutions seek to take on more leverageduring a boom, when banks have strong capital positions and risks areperceived to be low, but can increase leverage, in the aggregate, only byborrowing and lending more intensively to each other. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  54. 54. P a g e | 54This causes the resulting network of intertwining claims to extend furtherand further.Conversely, when fundamental conditions or market sentiments changeand financial institutions prefer to shed risk, they can deleverage in theshort term only by withdrawing credit from one another.Such deleveraging can be particularly destabilizing in longerintermediation chains as debt claims that are called by one financialintermediary to shore up its own assets adversely affect the liability sidesof other institutions balance sheets.As deleveraging accelerates and more and more financial institutionshoard liquidity, other institutions may become concerned that their ownfunding may dry up and may preemptively withdraw funding from others.Fundamentally strong institutions are forced to liquidate assets at fire saleprices, which results in more deleveraging and instability. More-complex network structures are likely to be more opaque than lesscomplex ones.For example, as the number of intermediaries standing betweenborrowers and lenders grows, it becomes increasingly difficult tounderstand how one member of the network fits into the overall system.The well-publicized difficulties that some mortgage borrowers have hadin simply figuring out who owns their mortgages illustrates the extent towhich lengthening intermediation chains have increased the complexityof the financial system.Moreover, in many cases, market participants may have strong incentivesnot to disclose their connections to one another.If a bank has a profitable relationship with a borrower, it may be unwillingto disclose it to other banks for fear that competitors will reduce oreliminate the rents that it earns. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  55. 55. P a g e | 55 Ricardo Caballero and Alp Simsek illustrate how a lack of informationcan create systemic risk in financial networks.In a model that is structurally similar to the incomplete interbank networkmodel of Allen and Gale, Caballero and Simsek examine how banksmight respond to news of a liquidity shock when each bank knows theidentities of its own counterparties but not the identities of itscounterparties counterparties.The authors posit that banks deal with this uncertainty by appealing tothe "maximin principle": Each seeks to maximize profits under theassumption that the network is configured in the worst possible mannerfrom its own perspective.Because each behaves as though the network structure is "stackedagainst it," when banks learn of an adverse liquidity shock, each tends tosell more of its illiquid assets and withdraw more funding from itscounterparties than it would if it had access to complete informationabout the structure of interbank credit relationships.As in Shins model, this excessive deleveraging can create a vicious cycle,magnifying the effects of the initial shock.The four models weve discussed thus far are aimed at exploring generalfeatures of financial networks.As such, they are necessarily somewhat abstract.With a few narrow exceptions, they treat all market participants as similarin size and in range of activities, and they use relatively simplistic networkstructures.In the past few years, research on financial networks has moved beyondstylized models of interbank relationships to examine the propagation ofshocks in more-realistic settings. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  56. 56. P a g e | 56Recent research by Gai, Haldane, and Kapadia and by Cont, Moussa, andSantos examines how shocks propagate in network structures in whichsome banks are larger and more interconnected than others. Using numerical simulations, Gai, Haldane, and Kapadia show that, inconcentrated networks, contagion occurs less frequently and is less severefor low degrees of network connectivity.Contagion is significantly more likely at higher levels of connectivity.In a concentrated financial network with a few key players, and whenliquidity shocks are targeted at the most connected institutions, distressat highly connected banks spreads widely through the rest of the system.In this sense, the intuition of Allen and Gale--that highly connectednetworks are resilient to systemic shocks--can be misleading.In an empirical study of 3,000 Brazilian banks, Cont, Moussa, and Santosfind that, not surprisingly, institutions with larger interbank exposurestend to be more systemically important.But, critically, they also find that an institutions position within thefinancial network plays a significant role.A bank that does business with a large number of relatively weakcounterparties may have greater systemic importance than an institutionwith a similar number of counterparties that are better equipped tomanage potential losses.The work of Gai, Haldane, and Kapadia and that of Cont, Moussa, andSantos suggest that detailed and comprehensive data on the structure offinancial networks is needed to understand the systemic risks facing thefinancial system and to gauge the contributions to systemic risk byindividual institutions.I will describe in a moment how the Federal Reserve is using such data toenhance its understanding of the OTC derivatives market. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  57. 57. P a g e | 57This line of research suggests that a one-size-fits-all approach to theregulation of financial intermediaries may not be appropriate. So, what have we learned from this brief tour through recent research oninterconnectedness and systemic risk?We have seen how interconnectedness can be a source of strength forfinancial institutions, allowing them to diversify risk while providingliquidity and investment opportunities to savers that would not beavailable otherwise.But more-numerous and more-complex linkages also appear to make itmore difficult for institutions to address certain types of externalities,such as those arising from incomplete information or a lack ofcoordination among market participants.These externalities may do little harm or may even be irrelevant in normaltimes, but they can be devastating during a crisis.The Global Policy Response to Reduce Systemic RiskGovernments around the globe have responded to the financial crisis byadopting a strong, multifaceted, and coordinated reform agenda aimed atreducing systemic risk.At a meeting in Pittsburgh in September 2009, governments in the Groupof Twenty (G-20) endorsed work already under way in the BaselCommittee on Banking Supervision to improve capital and themanagement of liquidity risk in the banking system.Ill briefly review several Basel Committee initiatives that addressinterconnectedness and systemic risk, but first, let me focus on one inparticular: higher capital requirements for global systemically importantbanks (GSIBs).Enhanced capital standards for GSIBs serve to limit the risks undertakenby the largest, most interconnected institutions whose distress has the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  58. 58. P a g e | 58greatest potential to impose negative externalities on the broaderfinancial system.A framework of higher minimum regulatory capital standards for theseinstitutions was issued by the Basel Committee in November 2011, andindicators of interconnectedness account for a significant proportion ofthe overall score used to determine whether a bank will be subject tohigher standards.As shown by Gai, Haldane, and Kapadia, among others, highlyinterconnected firms can transmit shocks widely, impairing the rest of thefinancial system and the economy.We saw, for example, that when Lehman Brothers failed, the shock wastransmitted through money market mutual funds to the short-termfunding and interbank markets.While some participants in each of these sectors had direct exposures toLehman, many more did not.Moreover, even in cases in which direct exposures to Lehman weremanageable, the turmoil caused by Lehmans failure added stress to thesystem at a particularly unwelcome time.In this way, the failure of a highly interconnected institution such asLehman imposes costs on society well in excess of those borne by thefirms shareholders and direct creditors.Accordingly, tying enhanced capital requirements to interconnectednessimproves the resilience of the system.Of course, higher capital requirements are not costless; they may raisefinancing costs for some borrowers, and they have the potential to induceinstitutions to engage in regulatory arbitrage.An important ongoing agenda for research and policy is the design andimplementation of data-based measures of interconnectedness to ensure _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  59. 59. P a g e | 59that our understanding of financial system interconnections evolves intandem with financial innovation.While enhanced capital standards for GSIBs are an important tool formanaging systemic risk that arises through interconnectedness, they arenot the only tool.The Basel Committees program contains a number of initiatives that willhelp manage interconnectedness and systemic risk.These measures include countercyclical capital buffers, liquidityrequirements, increased capital charges for exposures to large financialinstitutions, large exposure rules, and deductions from capital for equityinvestments in banks.These and other initiatives will all play a role in managing the effect ofcomplexity and interconnectedness on financial stability.In fact, the multifaceted nature of the reform program is an importantdesign principle.One of the lessons of the recent financial crisis was that capital alone isnot sufficient to prevent or stem a crisis. Multiple channels for reforminitiatives will enhance systemic stability.Managing Tradeoffs between Reducing Systemic Risk andIncreasing Costs: OTC Derivatives Market Reforms In addition to the banking reforms I just discussed, the G-20 alsocommitted to reduce risk in OTC derivatives markets by enacting reformsto improve transparency and decrease counterparty exposures amongmarket participants.These policies must be considered carefully, as they are apt to increasethe cost of financial intermediation and that of hedging risk.To illustrate the tradeoffs policymakers and regulators must managewhen crafting such policies, Ill next discuss in some detail a set of _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com

×