“In this world nothing can be said to be certain, except death and taxes.” If Benjamin Franklin were alive in today’s post-financial crisis world, he might have added “compliance” to his statement. The raft of banking regulations introduced around the world after the 2007-08 crash continue to shape the financial-services sector today. From Markets in Financial Instruments Directive 2 (MiFID2) to Dodd-Frank in the US, financial institutions have to manage a challenging set of reporting requirements that incur hefty expenses as well as fines for non-compliance.
Yet, while compliance does pose a substantial up-front investment, it is also being viewed by some financial institutions as an opportunity to derive business advantages.
Let’s take operational risk as an example. Prior to the financial crisis, the focus tended to be on identifying sufficient capital to cover “inevitable” liabilities. In today’s banking environment, some institutions are using the increased focus on operational risk to get a better picture of vulnerabilities across the firm’s entire operations and proactively put in place improved processes to prevent them in the future.
As financial institutions move towards this new approach to operational risk, they quickly realize that enterprise-wide visibility and transparency is essential. Not only do they need to have an enterprise-wide view of each type of risk, they also require a central location to collectively assess and manage the entire universe of operational risks across the organization.
Yet banks’ legacy technology can seriously hamper efforts to achieve this enterprise-wide view of operational risk. The typical assortment of numerous point solutions designed to manage one specific type of operational risk limits the ability of financial institutions to quickly identify and address emerging issues.
What’s more, the spaghetti-type collection of point solutions means banks are grappling with a complex information technology (IT) environment that is costly to run and maintain. Given that some global financial institutions have more than 15 different governance, risk and compliance (GRC) systems in place, the scale of the complexity facing banks soon becomes clear.
Forward-looking financial institutions are looking to improve the management of risks, controls, obligations and processes by creating a single, unified GRC framework that breaks down legacy silos and provides a single organizational-wide view of operational risk.
To deliver on these requirements, the unified environment must include a single data foundation, robust integration platform, comprehensive set of risk-management applications, and powerful analytical layer with extensive reporting capabilities and actionable dashboards.
In addition to delivering enterprise-wide visibility that can help to stem operational losses and prevent damage to an organization’s reputation, this unified framework can help financial institutions to cut the total cost of IT ownership by reducing point solutions and the need to license and maintain them.
A unified platform can also be instrumental in helping financial institutions to implement the advanced measurement approach (AMA) methodology for capital calculation under Basel II, the most sophisticated and complex of the four options that banks can use to calculate regulatory capital for operational risk. The AMA can deliver several benefits, including a reduction in the amount of regulatory and economic capital that banks must set aside. Achieving AMA certification, however, requires extensive data, as well as sophisticated modeling and analysis capabilities that only a unified platform can support.
While achieving compliance can be a complex and costly process, it can also provide vital information to help reduce risk and foster future growth, as we can see in the area of operational risk.
A single view in action
So, what does an infrastructure that enables a 360-degree view of a bank look like? The key traits are end-to-end automation within an integrated environment that includes a number of characteristics:
- Staging Area ‒ Compliance reporting requires data from many different source systems, including core banking, accounts, customer information, general ledger, central libraries for risk and much more. To counter the effects of siloed systems, banks need a platform that will consolidate all required data, creating a golden source for customer, performance and regulatory information. The creation of a single repository and unified staging environment is the first step in addressing reporting data integrity and complexity issues.
- Processing Environment ‒ This forms the analytical core, powered by data from the staging area. It includes the analytical applications required to complete calculations for regulatory reporting, including operational, liquidity, market and credit risks; Basel regulatory and economic capital; and anti-money laundering, to name just a few.
- Results Production – Capturing the metrics and analysis from the processing phase, the reporting environment automatically populates reporting templates and manages distribution and submission. Report production is often the point at which manual intervention reaches its peak due to the need to validate, reformat and even rekey data. Tight integration between the processing and reporting environments can lead to truly automated reporting, helping to drive down costs, accelerate submissions and free up more time for analysis.
- Governance Layer – The creation of a golden source of data is a first step in improving data integrity, but it is not the sole solution. Data must be interrogated throughout the analytical and reporting processes. As such, banks require an integrated governance environment that supports general-ledger reconciliation, enables additional data-quality checks, defines issues and action plans, and identifies key indicators, such as assets reported at fair value.
Many financial institutions have made incremental progress on integration within and between some of these functional areas. As institutions move towards greater end-to-end automation and a 360-degree view of all risk types, including operational risk, they will not only find compliance with the raft of regulations more straight-forward, but they will also derive significant benefits from greater insight and intelligence into their businesses.