Canada EN

RegData in the Spotlight: Banks must be forward-looking

Victor Lopez Hernandez

Senior Consultant, Data Management Practice , Synechron, The Netherlands

Data

Data Reality: Regulatory Scrutiny Deepens

Over the past 15 years, the financial sector has been subject to intense regulatory pressure from supervisory bodies, with much of the burden being placed on data. Key regulations such as BCBS 239 have been focused directly on requirements around data, causing banks to thoroughly redesign their data functions to achieve compliance with these texts. Others, such as Sustainable Finance Disclosure Requirements (SFDR) or Anti-Money Laundering regulations (AML), impose strict reporting requirements and, therefore, indirectly require banks to transform their operating models, procedures, and policies into data-driven ones. Whether through direct or indirect data-focused regulations, requirements on data have been included in all major regulatory texts in the financial sector.

Despite this intense scrutiny, banks have largely been unable to meet regulatory expectations. As of 2023, the implementation of BCBS 239 principles, adherence to adequate data aggregation and reporting practices, as well as mature data chains that allow for effective SFDR and AML disclosures remain the exception. More importantly, the sub-par compliance levels with regulatory requirements have evidenced the deeper problem of weak data management capabilities, which in turn pose regulatory, operational, and competitive challenges.

These limitations have caused a new wave of regulatory focus in an already complex and changing data landscape. For example, regulators like the European Central Bank (ECB) have launched intense audit campaigns over the 2023-2025 period and, in some cases, levied direct sanctions. Strategic thinking and a forward-looking mindset on the part of banks will therefore be critical to meet the new wave of regulatory expectations around data.

This paper presents an overview of the current challenges and identifies many banks’ inabilities to meet current regulatory requirements. We believe this is why banks need to be forward-looking.

The Current State: Regulatory Compliance and Data Management Capabilities

Today, banks face steep challenges in meeting regulatory compliance requirements and implementing mature data management capabilities.

Inability to Meet Regulatory Compliance

While compliance levels with data regulations such as BCBS 239 and SFDR vary across jurisdictions and institutions, banks have generally not been able to comply in a timely manner with regulatory expectations.

For instance, supervisory bodies covering SFDR compliance levels observed poor adherence with required disclosure levels and their underlying data challenges, with supervisors noting that firms miss robust data management frameworks around their sustainability related data. In turn, this causes poor quality of underlying data, and thus incorrect classification of funds. Similarly, for AML regulations, Dutch banks have not complied as expected with WWFT regulations, particularly due to the challenges in aggregating, analyzing, and reporting customer data.

More generally, meeting regulatory expectations around mature data aggregation and reporting capabilities as set out in BCBS 239 have not been achieved by any bank to date. Instead, following an On-Site Inspection (OSI) campaign, the ECB reports sub-par adherence to BCBS 239 principles observed across banks, including a high number of findings raised and an ongoing high number of open supervisory measures. (See Figure 1).

Diagram 1

To comply with these regulations, banks have been required to make substantial changes in their governance structures, data and IT infrastructures, and operating models. The complexity of meeting these expectations, combined with the hefty investments in time, people, and processes that are required, has meant that banks have generally not been able to meet relevant regulatory requirements.

Dissatisfied regulators across the banking sector have escalated their oversight to reverse this trend. For instance, between 2020 and 2022, On-Site Inspections increased year-on-year, and are expected to continue following the extension of the OSI campaign. (See Figure 2).

Diagram 2

Source: European Central Bank

Supervisory bodies have also made clear that continued non-compliance may force regulators to use any of the options of the supervisory toolkit, including sanctions. In the Netherlands, capital add-ons have already been levied for some banks for limited compliance with BCBS 239, and non-compliance with AML reporting requirements.

Shortcomings in Data Management Capabilities

The failure to meet regulatory compliance largely stems from shortcomings in data management capabilities, impacting the ability to remain competitive and operate efficiently in the financial industry. With regulatory compliance, banks’ key data management challenges can be grouped into three dimensions:

  • Data Governance -- Data strategy, policies and procedures, and data ownership are typically not at mature levels of adoption across banks. Crucially, these weaknesses manifest throughout the entire data chain. Managing bodies have not shown the required level of ambition to address these challenges, which undermines the remediation of the regulatory compliance issues.
  • Data Architecture -- Banks face highly fragmented IT and data environments. This slows down the collection, processing and consumption of data and reports, and makes the implementation of principles around governance, data aggregation, quality, and lineage challenging.
  • Data Quality -- Inaccurate, inconsistent, and incomplete data sets remain common place across banks. Limitations in governance and architecture trickle down and limit data quality capabilities, particularly as banks suffer from legacy systems, End-User Computing, and undefined data ownership.

These challenges reveal that banks are not prepared to face the new wave of regulatory requirements. Regulators impose strict requirements for Data Governance, Architecture and Quality. Yet, this is also here where banks face acute challenges. For example, across a global sample of banks, gaps between current and required capabilities to achieve compliance remain highest for these dimensions (See Figure 3).

Diagram 3

The Need to be Forward-Looking

The threat of increased regulatory intensity, coupled with the potential for business value, means that banks need to be forward-looking and anticipate the new wave of regulatory requirements. Anticipation ensures that meeting new expectations will become seamless, and organizations that overcome their data management challenges can derive business value from their data and survive in changing business landscapes. Mature data capabilities are not only a compliance necessity, but the key enabler of efficient operational and competitive organizations.

Watch for our upcoming article, “RegData in the Spotlight: Becoming future proof now” explaining what we foresee will be the new wave of regulatory expectations, and how banks can best prepare to meet their data management challenges.

The Author

Rachel Anderson, Digital Lead at Synechron UK
Victor Lopez Hernandez

Senior Consultant, Data Management Practice

Victor is a Senior Consultant in the Data Management Practice in Amsterdam. He has 4 years of consulting experience in the financial service sector, across the finance, risk, and compliance domains of Dutch banks. He has worked in data warehousing, analytics, and reporting projects, as well as the implementation of principle-based data regulations like BCBS 239. In these projects, Victor has helped clients improve their data outcomes by delivering data strategies, maturity assessments, data lineage, data quality controls, and achieve compliance with regulatory data requirements.

To learn more, please contact him at: Victor.Hernandez@synechron.com

The Synechron Data Management Research Center is comprised of experienced individuals with years of deep expertise in all aspects of data management, including the critical need for full regulatory compliance. Have a question for our experts? Reach out via email to Victor.

See More Relevant Articles