08 Mar3 ways the regulators are making banks suffer for control weaknesses. Stuff worth knowing from The Bankers’ Plumber

$321 billion. That is how much banks have forked over to regulators since 2008. That is half the GDP and 1.75x the annual tax take of Switzerland. Wow. At the same time, the regulatory demands are increasing and the level of scrutiny is increasing.

Suddenly, the quality of the Operational level controls really matters. A few thoughts on where the weak spots are.

The fines really hurt: Coutts & Co in Switzerland fined CHF 6.5 million for failings in connection with Malaysian sovereign wealth fund 1MDB. Multiple offences:

“…The bank failed to adequately clarify the circumstances surrounding a number of business relationships and unusually large, high-risk transactions. In addition, it did not follow up on relevant internal information and, despite the existence of substantive evidence, failed to report any suspicions to the Swiss authorities until the spring of 2015. Given the inadequacy of the bank’s anti-money laundering controls in this particular case, Coutts was in serious breach of its duty to ensure proper business conduct …”

Here, there were some controls that revealed evidence, but the follow-up was inadequate. It is not clear whether internal audit knew and failed and, or whether the Chairman knew and failed. Internally reviews said: “It’s ok”.  Not following up properly is negligent and in the case of Coutts,  FINMA, the Swiss regulator, is considering enforcement action against individuals.

The demands for data becomes more onerous: Banks normally do so called Large Exposure reporting. This is for the 50 or so largest client exposures. In Europe, banks will soon be subject to a new regulation in the same space: AnaCredit asks for data on any client with exposure above EUR 25k and for 89 data fields. For your reporting function, it means the process has to be straight through. Spotting anomalies and fixing them “at the end of the line” is not going to work.

Scrutiny.  The supplementary questions get trickier: The world’s biggest banks, the 23 so called G-SIBs, have to do weekly reporting on their top 50 exposures plus exposures to other G-SIBs and include information on the LEIs, the Legal Entity Identifiers. Imagine you are Goldman Sachs; you need to pull together data on your aggregate exposure to all things Citibank, globally. Many accounts, many systems. “Can be done, requires careful planning”, would be the right expression. Now, the increasingly canny folk at the regulators take all that data and create a list of the “usual suspects”, the common counterparts of all these 23 banks and then just to test they say to the banks’; “Here is a list of identifiers / LEIs. Please tell us which ones you have a relationship with and what the exposure is.”The list is long, with over 1’000 different LEIs. You have do work backwards to your data, in parallel to normal reporting. Very difficult.

Lessons Learned: 

Controls over both processes and data quality are more essential than ever. He with the best process wins.

#1 You must not make a business decision that ignores legal & regulatory requirements

In the Coutts case there were repeated issues. The bank was too ready to keep counting Assets under Management (AuM) and fees.

#2 Data Quality Assurance is essential

Ideally, all systems would be configured so data is correct, or at least plausible at source. For example, for every field, there is a drop down list to choose from. That is hard to do. The next best is to use an exception process that gives feedback immediately to the right people. This is essential if you want to avoid having to fix data at the end of the line.

#3 Systems with solid foundations are needed

If your G-SIB process involves a lot of manual stitching together, then these tricky supplementary questions will be very painful to answer and you will have to reconcile to what you reported on the original reports. That means ensuring hierarchies are in place and LEI code are captured where they exist.

About the Author: I help banks master their post trade processing; optimising, re-engineering, building.

I understand the front-to-back and end-to-end impact of what banks do. That allows me to build the best processes for my clients; ones that deliver on the three key dimensions of Operations: control, capacity and cost.

Previous Posts 

Are available on the 3C Advisory website, click here.

Publications

The Bankers’ Plumber’s Handbook

How to do Operations in an Investment Bank, or not! Includes many of the Blog Posts, with the benefit of context and detailed explanations of the issues. True stories about where things go wrong in the world of banking. Available in hard copy only.

Cash & Liquidity Management

An up to date view of the latest issues and how BCBS guidance that comes into force from Jan 1 2015 will affect this area of banking. Kindle and hard copy.

Hard Copy via Create Space: Click here

Amazon UK: Click here

Amazon US: Click Here