Victor Lopez Hernandez
Senior Consultant, Data Management Practice , Synechron, The Netherlands
Data
Over the past 15 years, the financial sector has been subject to intense regulatory pressure from supervisory bodies, with much of the burden being placed on data. Key regulations such as BCBS 239 have been focused directly on requirements around data, causing banks to thoroughly redesign their data functions to achieve compliance with these texts. Others, such as Sustainable Finance Disclosure Requirements (SFDR) or Anti-Money Laundering regulations (AML), impose strict reporting requirements and, therefore, indirectly require banks to transform their operating models, procedures, and policies into data-driven ones. Whether through direct or indirect data-focused regulations, requirements on data have been included in all major regulatory texts in the financial sector.
Despite this intense scrutiny, banks have largely been unable to meet regulatory expectations. As of 2023, the implementation of BCBS 239 principles, adherence to adequate data aggregation and reporting practices, as well as mature data chains that allow for effective SFDR and AML disclosures remain the exception. More importantly, the sub-par compliance levels with regulatory requirements have evidenced the deeper problem of weak data management capabilities, which in turn pose regulatory, operational, and competitive challenges.
These limitations have caused a new wave of regulatory focus in an already complex and changing data landscape. For example, regulators like the European Central Bank (ECB) have launched intense audit campaigns over the 2023-2025 period and, in some cases, levied direct sanctions. Strategic thinking and a forward-looking mindset on the part of banks will therefore be critical to meet the new wave of regulatory expectations around data.
This article presents an overview of the current challenges and identifies many banks’ inabilities to meet current regulatory requirements. We believe this is why banks need to be forward-looking.
Today, banks face steep challenges in meeting regulatory compliance requirements and implementing mature data management capabilities.
Inability to Meet Regulatory Compliance
While compliance levels with data regulations such as BCBS 239 and SFDR vary across jurisdictions and institutions, banks have generally not been able to comply in a timely manner with regulatory expectations.
For instance, supervisory bodies covering SFDR compliance levels observed poor adherence with required disclosure levels and their underlying data challenges, with supervisors noting that firms miss robust data management frameworks around their sustainability related data. In turn, this causes poor quality of underlying data, and thus incorrect classification of funds. Similarly, for AML regulations, Dutch banks have not complied as expected with WWFT regulations, particularly due to the challenges in aggregating, analyzing, and reporting customer data.
More generally, meeting regulatory expectations around mature data aggregation and reporting capabilities as set out in BCBS 239 have not been achieved by any bank to date. Instead, following an On-Site Inspection (OSI) campaign, the ECB reports sub-par adherence to BCBS 239 principles observed across banks, including a high number of findings raised and an ongoing high number of open supervisory measures. (See Figure 1).
To comply with these regulations, banks have been required to make substantial changes in their governance structures, data and IT infrastructures, and operating models. The complexity of meeting these expectations, combined with the hefty investments in time, people, and processes that are required, has meant that banks have generally not been able to meet relevant regulatory requirements.
Dissatisfied regulators across the banking sector have escalated their oversight to reverse this trend. For instance, between 2020 and 2022, On-Site Inspections increased year-on-year, and are expected to continue following the extension of the OSI campaign. (See Figure 2).
Source: European Central Bank
Supervisory bodies have also made clear that continued non-compliance may force regulators to use any of the options of the supervisory toolkit, including sanctions. In the Netherlands, capital add-ons have already been levied for some banks for limited compliance with BCBS 239, and non-compliance with AML reporting requirements.
Shortcomings in Data Management Capabilities
The failure to meet regulatory compliance largely stems from shortcomings in data management capabilities, impacting the ability to remain competitive and operate efficiently in the financial industry. With regulatory compliance, banks’ key data management challenges can be grouped into three dimensions:
These challenges reveal that banks are not prepared to face the new wave of regulatory requirements. Regulators impose strict requirements for Data Governance, Architecture and Quality. Yet, this is also here where banks face acute challenges. For example, across a global sample of banks, gaps between current and required capabilities to achieve compliance remain highest for these dimensions (See Figure 3).
The Need to be Forward-Looking
The threat of increased regulatory intensity, coupled with the potential for business value, means that banks need to be forward-looking and anticipate the new wave of regulatory requirements. Anticipation ensures that meeting new expectations will become seamless, and organizations that overcome their data management challenges can derive business value from their data and survive in changing business landscapes. Mature data capabilities are not only a compliance necessity, but the key enabler of efficient operational and competitive organizations.
Watch for our upcoming article, “RegData in the Spotlight: Becoming future proof now” explaining what we foresee will be the new wave of regulatory expectations, and how banks can best prepare to meet their data management challenges.
Rising to the challenge: the role of boards in effective bank governance. (2023).
Review of SFDR Delegated Regulation regarding PAI and financial product disclosures. (2023).
Banking on resilience: navigating persistent and emerging issues. (2023).
Data for 2020-2022 is retrieved from ECB Banking Supervision: SSM supervisory priorities. (2023). Data for 2023-2025 is calculated from own linear forecast.
ABN AMRO discloses preliminary outcome of capital requirements for 2024. (2023).
ING pays 775 million due to serious shortcomings in money laundering prevention. (2023). and ABN AMRO pays EUR 480 million on account of serious shortcomings in money laundering prevention. (2023).
The Synechron Data Management Research Center is comprised of experienced individuals with years of deep expertise in all aspects of data management, including the critical need for full regulatory compliance. Have a question for our experts? Reach out via email to Victor.