The Basel Committee has published the latest assessment by supervisors of G-SIB compliance with the Principles for effective risk data aggregation and risk reporting (also known as “BCBS 239” after the numbering of the Basel Committee paper in which the Principles were set out).
The latest assessment (based on a survey of supervisors undertaken in July 2016) is not good.
Only one G-SIB (out of thirty) fully complied with the Principles (with one more expected to do so by the time the results were announced), even though the implementation deadline for G-SIBs was back in January 2016.
None of the eleven Principles were met by all G-SIBs. The highest rate of non-compliance was found for Principle 2 (data architecture and IT infrastructure), where half the G-SIBs were materially non-compliant. This is of particular concern to supervisors because Principle 2 is regarded as one of the two preconditions (the other is on governance) to ensure compliance with the other Principles.
As in previous assessments, G-SIBs were most compliant on risk management reporting (Principle 11) – but the problem here is without adequate data and IT there can be no assurance that these risk reports are accurate and timely.
Key challenges for (some or most) G-SIBs remain:
Supervisors expect many G-SIBs to take another two to three years to achieve full compliance with the Principles, with a high level of execution risk in achieving even this heavily delayed timetable.
The Basel Committee reminds supervisors that they should also be applying the Principles to D-SIBs, of which there are seven in Ireland, and that it might be wise to begin the implementation process as early as possible, given the experience with G-SIBs. Already through supervisory interactions, we see that the CBI is de facto moving to impose these requirements on the large local banks.