What if we treated regulators like clients?

Managing regulatory risk is more important than ever for banks. Data integration across silos such as Risk and Finance may be the key to keeping risk in check by giving regulators the same redcarpet treatment top clients receive and in turn achieving competitive differentiation. Is there any question that regulators hold more sway over banks today than at any time in recent memory? Still, many banks are giving them the same treatment as always, as if nothing has changed inefficiency is the rule rather than the exception when it comes to providing integrated data to different regulatory stakeholders. Regulators such as the SEC, FDIC, and OCC generally receive different data sets from banks, even when they make the same request, that too often dont reconcile with one another. In fact, in February 2010, Daniel Tarullo, member of the Board of Governors of the Federal Reserve System, testified on systemic risk before the U.S. Senate, regarding the need for improved data integration and standardization for institutions as well as across the industry: The recent financial crisis revealed important gaps in data collection and systematic analysis of institutions and markets.... Greater standardization of data than exists today is required. Standardized reporting to regulators in a way that allows aggregation for effective monitoring and analysis is imperative 1 While regulators obviously dont provide revenue, they have a big impact on capital, liquidity, brand and reputation. Regulatory provisions such as Living Wills in the DoddFrank Act or Basel II/III economic capital calculation require data integration across silos such as Risk and Finance. Regulators have also started advocating data standardization through creation of Office of Financial Research (OFR) and using standards such as the Legal Entity Identifier (LEI) when tracking counterparties in swap. Post-financial meltdown, organizations are responding to regulatory pressures and making a bigger effort to manage their risk. Currently though this response is reactive and has resulted in point solutions that are often tactical fixes and require manual reconciliations. Sometimes these fixes are done at the reporting end and do not tie back to the source data. In many cases, current reporting practices across Finance, Risk and Compliance simply collect finished/processed data for their reporting, management and regulatory needs from countries or businesses. These point solutions do not address the key elements of data quality and data ownership which are essential to provide transparency to regulators and key stakeholders. Have we seen this before? Twenty years ago, banks were highly specialized and focused on offering a few products and service to customers e.g. branch banking, deposits, consumer lending. Banks were regulated at the product level and market level, and their strategies for managing regulatory relationships were correspondingly siloed. As time passed, these pockets of regulatory acumen became great at managing regulatory risk at the product level. But at the entity level, not so much. And at the industry level well, a quick survey of the post-crisis landscape of the past few years tells the story. Thats why regulators are seeking ways to collaborate with a goal of sharing data and insights in a more frequent, effective and

efficient manner. Theyre sharing more data and reports, cross-checking information, trying to get broad picture of the banking organizations they regulate. Just as important, theyre trying to develop a better understanding of how individual banks are affected by market risks, and how they influence one another. In fact, achieving a more holistic view of the financial sectors was one of the specific goals of the Dodd-Frank Act. Losing the trust of a big customer can be devastating. Losing the trust of a regulator can throw your business into a tailspin. As banks consolidated and diversified their product and service offerings, they invested in capabilities to provide customers, householders and institutions with a differentiating experience. Customer analytics began to play a big role in helping banks understand what customers needed, and how to serve them better. And along the way they created an infrastructure that was equally well-suited to analytics approaches; with consolidated data and processes, the groundwork was set. Banks that are able to flex those same muscles to create a better understanding of what regulators and other stakeholders such as investors really need consolidated infrastructure to provide transparency and better understanding of risk adjusted performance can gain the edge over their competitors. Analytics using consolidated data infrastructure such as stress testing scenarios, efficient capital management using financial and non-financial risk to improve risk adjusted performance can provide competitive differentiation to banks. Weve been here before. Consolidate infrastructure to create clarity Several financial institutions have grown through mergers and acquisitions, but have not spent the time or capital to fully integrate their data. They are now unable to link interrelated information across the enterprise, such as legal entity, product, etc.. When regulators cant determine the legal structure of a bank, they start to get antsy. Investors also expressed similar concerns both during the 2008 financial crisis, as well as the recent European sovereign debt crisis. This means that regulators have a lot of work to do before they can get down to the business of understanding more pressing issues such as

counterparty risks and exposure concentrations. Thats where banks can take a page from their customer playbook, where they have a single identifier for each customer and the ability to connect interdependent customers using family trees, affinity groups, house holding and more. What if banks created a single legal entity identifier and consolidated legal entity hierarchy to help regulators understand the landscape more quickly? That way everyone could avoid a big data cleansing and merging drill in favor of moving directly to risk modeling and analytics. Redirecting existing spend towards integrated, cross-functional, and cross-sector initiatives to create consolidated infrastructure may provide long term reduction in technology and data management spend through data standardization and resolution of common data challenges. The approach to consolidate data infrastructure across the enterprise should be modular and aligned to a defined target state to maintain continuity and flexibility. Initiatives such as opportunistic data interface rationalization at control point(s) in the target state architecture and automating manual reconciliation processes can satisfy core needs of the functions as well as provide hooks to incrementally progress towards the target state. Help them trust what theyre seeing A decade ago, customers logging into their online banking portal couldnt be sure that their account information was as accurate as an account summary printed up by a teller earlier that day. Today its a different story, with customers expecting their account summary to be accurate to the minute and most banks being able to provide that level of up-to-the-minute detail. Just as important, they assume accuracy regardless of the channel used whether its a mobile phone, a website, or an in-person visit at a branch. Today, regulators dont always trust the numbers theyre getting. And who can blame them? They often dont have access to the underlying numbers that make up their view of the data. Thats where a healthy dose of transparency through data integration and data quality initiatives can help. If regulators know where the data is coming from and can

verify quality of data they can apply analytics with more confidence. Now is the time Look hard enough and you can find plenty of reasons not to change your banks approach to sourcing, managing, analyzing and distributing regulatory and compliance-related data. To be sure, the cost and effort involved can be significant. But the costs of not changing can outweigh the cost of this effort. With Dodd-Frank and Basel II and Basel III rules, the regulatory environment is changing, introducing mandates for more data integration, and better insights into whats going on just below the surface of the bank. Regulators were always important, but - to borrow a term - theyve gone from being a mid-tier customer to the very top-tier. Consolidated infrastructure created to support regulatory demands may also provide competitive differentiation by providing a single source of information to make consistent decisions about the financial consequences and risks associated with a given activity or product line. Additionally, operational efficiencies can be gained by reducing manual reconciliation efforts and reducing hand-offs in the process. Chances are new regulatory changes in the form of the Dodd-Frank Act, Basel III, IFRS, FDIC Bank Modernization and others are already causing your bank to rewire its approach to providing information to regulators. Financial and risk systems are in line for big upgrades already. These are already big, important projects. Additionally, simplifying and consolidating data infrastructure may help gain operational

efficiencies and provide competitive differentiation through analytics. If now isnt the time to put data infrastructure consolidation and analytics on the table, when is? Sources 1 Tarullo, Daniel K. (2010). Equipping Financial Regulators with the Tools Necessary to Monitor Systemic Risk, statement before the Subcommittee on Security and International Trade and Finance, Committee on Banking, Housing, and Urban Affairs, U.S. Senate, February 12. http://www.federalreserve.gov/newsevents /testimony/tarullo20100212a.htm

Contacts:
For additional information, please contact: Brian Johnston Banking Consulting National Leader, Principal Deloitte Consulting LLP Bjohnston@deloitte.com Omer Sohail Director Deloitte Consulting LLP Osohail@deloitte.com Tim Walsh Principal Deloitte Consulting LLP Tiwalsh@deloitte.com

This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2011 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited