As large banks design resolution plans, or “living wills,” to allow regulators to break them up safely if they become insolvent, they are finding IT to be a significant concern. While IT systems have traditionally been developed or bought based on business needs, with little thought to the ownership of the systems, resolution plans will split banks up along legal-entity lines and ownership will be an important issue. Financial institutions’ efforts to address this dichotomy have highlighted four main challenges so far.
The first is the need to catalogue all major systems within the financial institution and determine which legal entity actually owns each of them, regardless of which entity employs it. For systems that are used by a business unit that crosses legal entity boundaries, this process can be onerous. For example, there may be shared servers, shared accounting, treasury, trading, risk management and compliance systems, and shared market data feeds. In the current environment, no single user of each system literally “owns” it. This ownership must be settled up front as part of the resolution planning process so that there is no ambiguity during a resolution. Banks may arrange shared services agreements or joint ownership of systems, but this requires careful forethought because there may be appreciable tax, legal, operational and human resources implications, especially for cross-border movement of assets from one legal entity to another. Likewise, banks must determine which entity will own the valuable data that financial IT systems accumulate — it is not always the case that data should follow systems — since privacy and cross-border questions need to be taken into account.
The second issue is data quality. During the financial crisis, regulators discovered that they did not have access to all the necessary, relevant, legal entity-level data. In a number of high-profile cases, the data was of poor quality, lacked the required level of granularity and was unavailable in a timely manner. This led to regulators being unaware of the exposures of all the banks’ legal entities until it was too late.
Take a hypothetical example in which Bank A has exposures to Bank B, which is nearing insolvency. Within Bank A, there may be dozens of different Bank B exposures across various legal entities, business units and geographies that need to be analyzed — swaps, loans, letters of credit, portfolios, repos and so forth — all of which may be governed by different legal agreements. Determining Bank B’s exposures legal-entity-by-legal-entity within Bank A and aggregating that information may not be a trivial exercise for many institutions. Further, in the event that regulators split up Bank B, Bank A will need to understand its exposures to every legal entity of Bank B, thus compounding the level of complexity involved in a crisis environment.
The challenge is further complicated by the fact that most financial institutions do not consistently track ownership of transactions by legal entity, but rather by booking entity and/or business unit as portfolios are managed by business units, not by legal entities. Hence, for example, even though a swap transaction with an external counterparty may be booked within a certain legal entity, the true ownership of the transaction may actually lie within a different legal entity that initiated the transaction for its own purposes. This type of situation proved to be a major challenge during the crisis.
The third issue is the need to sort out vendor and lessor contracts. As with the problem above, a large portion of leased IT infrastructure — from PCs to servers — will be shared by several legal entities. The bank must determine which of them “owns” the contract, and consider the possible ramifications for the other units if a resolution occurs. Potentially centralizing vendor management to a single central legal entity or small number of entities may create other unintended problems. For example, to the extent that vendor agreements that extend across legal entities are moved from one legal entity to another, it may trigger renegotiation of existing contracts with vendors causing untold angst for financial institutions.
The final issue involves risk management reporting. While most institutions have appropriate financial reporting at the legal-entity level, they may not have appropriate level of risk reporting for all legal entities. Risk is usually managed at the business-unit level, and to the extent a business unit spans legal entities, risk reports at the legal-entity level may not make a whole lot of sense since the risk exposures and the mitigants may not lie within the same legal entity. Having the processes, systems and technology capability to develop risk reporting at the legal-entity level is a requirement facing a lot of resistance at many financial institutions.
Bank leaders are not accustomed to thinking in terms of legal entities; they devise and execute strategies by business line. But the potential IT ramifications of a resolution should focus their attention on these legal and logistical concerns, which must be solved before a coherent, long-term strategy, consistent with the terms of a living will, can be formulated.
Dilip Kumar is a Principal and Sandeep Mangaraj is an Executive in the Financial Services Office of Ernst & Young LLP.