Tom Mardon, MD of Hutton, discusses high-profile banks entering the modern technology arena; and how their take on managing sensitive data is measuring up against their peers
Which of the following is more topical in 2015?
Ok, so for much of the rest of the world - 2) and here's hoping JJ Abrams. For banking risk and governance professionals, the answer is, 3). If it is neither of those, this article is probably an alien concept.
So why does BCBS239, a series of letters and numbers matter so much right now? Simply because it is the edict that brings banking under the jurisdiction not just of Basle, but of the technology revolution it was swift to underwrite, syndicate and generally make great fees from, but was understandably, if illogically, slow to apply to its own machinations.
239 is the Basle release on, ahem, the "Principles for Effective Risk Data Aggregation and Risk Reporting'. Innocuous sounding, but it sets down the guidelines for how businesses capture, curate, use and report the financial and non-financial data that govern and catalyse their business dealings and risk therein. And that involves entering the modern technology arena and being judged by its standards.
And it's an issue for two reasons.
One, banks' systems are the fruits of countless mergers, reboots, political wars between divisions and MASH. Some resemble Frankenstein's monster, then there are the bad ones. There is a lot to do.
Two, the guidelines are very inconveniently written as principles. That's a problem because business folks like certainty. It allows predictability and that allows investors to feel comforted. Principles are creeping up all over the place, governing stress testing under the PRA, covering conduct risk. It's highly inconvenient. And why? It's because as well as being a bedrock for certainty, it's always easier to find a way past or around a rule, if you have enough money, time and brain power.
That may be a little too cynical but I'm also a somewhat bottom feeding alumnus of the big 4 - and one of the few points I remember was the debate over what model of governance in accounting worked best. U.S GAAP was a fiercely doctrinaire system with quantified rules for all manner of situation; UK GAAP was a principles based system. So far, so deeply unsexy, until you come to a real world example like Enron that makes sense of why principles can have a compelling foundation.
Enron had a subsidiary company called Joint Energy Development Investment Ltd. On a very basic level, this entity made hollow profits and hid losses, big ones. They wanted however to keep this business going and to hide its losses from Enron's main accounts so they created an 'independent' company Chewco (yes, it's JEDI and Chewbacca - Star Wars nerds exist in big business too!) who took a 3% stake in the vehicle and was potentially able therefore - under the hard number of 3% under U.S. GAAP - to report the loss through its own accounts. Eventually, the sheer momentum and scale of the Enron fraud caught up with all concerned, but the argument of the time was under a principles based audit Arthur Andersen (there used to be a big 5 for those under 35) would have been unable to sign off their biggest revenue client's financial engineering. The principle would have broadly said - don't create an illusion of control to hide your losses. Maths doesn't come into it.
So on the one hand, the flexibility of principles creates a very sticky web for the unfortunate fly. But very legitimately, banks are concerned with the idea of being judged on hopefully well intentioned, multi-million pound revamps of their systems without knowing what they will be judged on. More detail-orientated and persuasive individuals will explain the real operational dilemmas of this, but upon taking the temperature of the relevant professionals, it is running high and getting higher.
When coupled to the rest of the regulatory burden it provides another big and seemingly Everest-like obstacle to driving banking forward. It also has the disrupters rubbing their hands with glee, as new technologies already established in the wider fintech world, such as Blockchain, are highlighted as the solution to the data issue. They probably will be from a regulatory conformity perspective - but by the time banks have created their Blockchain businesses such as the new data company that JPM, MS and GS are establishing, the commercial tech cutting edge will have moved elsewhere and what is good for the regulator will likely be hopelessly outmoded to compete versus the retail and potentially wider finance giants. And make no mistake, this means Amazon and Google who under their sophisticated marketing veneer will be every bit as rapacious as the banks - and already are leading in areas such as payment systems.
Maybe gloomy sounding, but then again bank-based finance is still backed at the highest commercial, political and entrenched cultural levels, and at some point the social barometer will swing back a little too towards finance, probably on the back of the first major tech firm related finance bloodbath. Hope isn’t lost for the banks yet!