Following the financial crisis and global economic meltdown of 2008-2009, banks have been thrust into an ever-intensifying regulatory environment and face a whole host of new compliance requirements pertaining to risk management. And a seemingly endless string of new regulatory guidelines means the compliance baselines a bank must meet are almost a moving target.
The Dodd-Frank Wall Street Reform and Consumer Protection Act, drafted as a direct response to the financial crisis, and other, similar U.S. laws designed to strengthen the way banks manage their risk in order to prevent another global economic catastrophe contain hundreds of provisions. On the international front, banks will be navigating the new standards implemented over the next few years by the Basel Committee on Banking Supervision known as Basel III.
But there is an opportunity amidst the crush of new regulations. The technology used to help banks meet these new compliance requirements can help mold their organizations into more efficient machines, according to experts. With so many of the new regulations still lacking clarity, however, many banks have been cautious about investing in systems intended to ensure compliance.
Undoubtedly, the Dodd-Frank bill has driven the biggest risk management changes for banks; Dodd-Frank's 2,300-plus pages contain hundreds of new rules and spell out dozens of studies and reports that regulators are required to conduct. But many of the law's new regulations have yet to be implemented or, in some cases, still remain undefined. And many of the new rules don't have a set implementation date.
That -- along with factors such as the pending retirement of the bill's co-sponsor, Barney Frank, and the uncertainty around which political party will control the White House and U.S. Congress in 2012 -- has led many banks to take a wait-and-see approach to implementing some of the changes, according to Michael Versace, global risk research director for IDC Financial Insights (Framingham, Mass.). "It's given them further cause for pause," he says.
Versace estimates that just 38 of the bill's 400 or so specific actions have been implemented thus far. And the uncertainty around when the remaining requirements will go into effect, he says, is keeping many banks in a planning stage.
Concerns about keeping their capital positions defensible per the requirements of Basel III also are keeping banks in a holding pattern, Versace adds. The Basel III Accords were designed to strengthen bank capital requirements and create a new global regulatory standard for liquidity. Among other things, it increases the minimum common equity requirement for banks from 2 percent to 4.5 percent. In addition, banks will be required to hold a capital conservation buffer of 2.5 percent to withstand future periods of stress.
Despite the uncertainty, though, most banks are setting aside cash to pay for new technology for when the regulatory picture does clear up, Versace says. "We are fairly confident that money is being set aside in budgets for regulatory initiatives for when they do go into effect," he comments.
In fact, an IDC report written by Versace predicts that financial services IT spending pertaining to risk functions will reach more than $74 billion by 2015. Further, growth in IT spending on risk management will outpace the growth of overall IT spending and will top 15 percent of total IT spending in financial services in 2012, the research concludes.
According to Versace, that figure includes money spent on the entire scope of risk management, not just on compliance specifically. "Although our macro-economic assumptions continue to point to downward pressure on overall IT spending in financial services, in our estimation, the risk technology market is large and still growing at a good clip," he says.
Get Your Data in Order
So what risk management technology will banks be spending all this money on? Versace says data quality and data governance technologies are "really in full swing," especially as many new regulations that have already gone into effect deal with market and reference data reporting and reducing cycle times. "The industry is moving away from traditional business intelligence and ETL [extract, transform, load] technologies, and is building more operational data stores," he notes. "This will produce more timely and accurate reports."
Daniel Simpson, CEO of Cadis, a financial enterprise data management (EDM) vendor based in London, also believes that quality data monitoring and retention are key to meeting the new and varied compliance standards. But they are a good business practice to boot, he adds. "We are seeing that data is in fact really what most people mean when they refer to regulation," he says. "It's about, 'Can you demonstrate that you know X?' -- whether that is your exposure to counterparty risk, liquidity risk or whatever it might be. You have to measure your exposure in real time."
Many financial institutions, however, have different reporting standards across different divisions and lines of business, which can be detrimental in achieving this task, Simpson says. "Firms need to be more integrated in their data reporting, but usually the case is that each division takes a best-of-breed approach," he contends. "Just the simple act of understanding counterparty risk sounds easy, but most firms are struggling with that. People still don't have that information right at hand. In some cases, you're looking for paper in a filing cabinet."