The third paper in the series examines data and reporting requirements as well as the cybersecurity risks; likewise the challenges that banks face in meeting these requirements and expectations of the clients, customers and investors along with the demands of regulators. In particular why high quality data and effective technology should be at the heart of a profitable and sustainable bank strategy.
The regulatory reporting burden on banks has increased massively over the last few years, and is set to increase even further over the next few years. Increased regulatory requirements and more intensive supervision have driven an almost insatiable appetite for data among regulators – to monitor adherence to regulatory requirements; to support stress testing; to answer one-off information requests; to provide the raw materials for recovery and resolution planning; to open a lens on non-bank financial channels; and to access system-wide data for macro-prudential policy purposes.
In addition, regulators have focused increasingly on the public disclosure of information to enhance comparability, market discipline and market trading and price formation; on risk data aggregation and reporting within banks; and on alternative sources of data to underpin revised standardized approaches to credit and market risk that are more risk-based and less dependent on external credit ratings.
Finally under the regulatory heading, the various regulatory initiatives on know your customer, sanctions, tax, data protection and the treatment of both retail and wholesale customers all carry significant implications for data and technology, while the sharper spotlight on off-shoring risk and cyber security and resilience will surely be converted into further regulatory requirements on data and technology in due course. This regulatory intervention raises fundamental questions about the data and technology that the senior management of banks should be using to run their businesses. In part the issue here is whether banks have the systems and data architecture required to meet regulatory requirements. But there is also an issue here about the widening gap between the internal models currently used by many banks for capital planning, pricing and risk management, and the new regulatory perspectives on how banks should be run, including regulatory constraints on the use of internal models to calculate risk weights.
High quality data and data analytics are key to servicing customer needs, unlocking commercial value and supporting good risk governance. Many banks could – and need to – improve customer experience through better use of data to design products and services, and to identify and meet customer needs more effectively. But there is also a regulatory question lurking here – will concerns about mis-selling, data privacy and cyber security lead regulators to constrain the extent to which banks are allowed to collect, store and analyze customer-specific ‘big data’?
Data and data analytics can also unlock commercial value. Banks need to understand better the relative performance of their business activities in terms of viability, sustainability and resolvability; and thereby to develop new strategies and business models. Data are also critical to effective risk governance. Banks cannot identify and monitor their risks effectively without high quality data and the upward reporting of meaningful management information.
All these uses of data require the accurate and timely recording of data, effective processes for the use of data, and clear governance and ownership of data and data processes.
Efficient and effective technology is key to meeting customer demands to access products and services though digital channels, reducing costs, maintaining and improving operational resilience, and supporting good data management and risk management. Customers of banks are increasingly expecting a digital service that matches the best non-banking digital channels. Banks with the technological ability to deliver such services can gain a clear competitive advantage.
Technology is also one critical component to delivering cost reductions, or at least to avoiding the costs arising from a low level of operational resilience. Banks need to focus on the overall resilience of their provision of critical economic functions, in response to both commercial and regulatory pressures. This can include such measures as retail deposit-taking and payment and settlement systems. Banks with multiple and fragmented IT systems, in particular where these have been outsourced, are exposed to falling seriously behind the game and failing to secure a viable and sustainable future.
These banks therefore need to develop a clear strategic vision, and a clear road map of how technology can drive improvements in customer service and risk management; how technology can – together with simpler business activities and simpler legal and operational structures – drive cost reductions; and how a governance framework and IT strategy can deliver operational resilience through high standards of service delivery, IT infrastructure, operational continuity and cyber security. Banks need to overcome any lack of leadership, expertise and confidence to make the necessary changes. The cost of inaction will eventually exceed the cost of investing for the future, even during a sustained period of low returns.
© 2021 KPMG Central Services, a Belgian Economic Interest Grouping ("ESV/GIE") and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.