Can a globally endorsed business identity code be the answer to risk data aggregation?

Abstract

That the financial system was vulnerable to global systemic risk was revealed to the general public and, more importantly the regulatory community, when Lehman Brothers filed for bankruptcy in 2008. It was further revealed that neither Lehman Brothers nor its clients, creditors, counterparties and regulators had a common understanding of the risk exposure that existed in the collapse of Lehman. In the complex, technology driven ecosystem of global finance that common understanding required a common identifying code that computer software could interpret as Lehman Brothers. That this did not exist over all of the generations of technology that financial systems evolved through was a revelation that drove a newly appointed global standards body, the Financial Stability Board (FSB) to sanction a series of global data standards initiatives. This included the establishment of a legal entity identifier (LEI), a unique, unambiguous and universal code for business entities participating in the financial system. Another significant lesson learned from the global financial crisis was that banks’ information technology and data architectures were inadequate to support management of financial risks. Because of weak risk data aggregation capabilities, many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. This required a more granular view of risk, a view at the transaction level to complement the position and balance sheet levels that were the cornerstone of the global risk agenda to that point. This issue was taken up by an existing risk standards body, the Bank for International Settlements (BIS) through its Basel Committee on Banking Supervision (BCBS). It proposed to use the LEI in its risk and data aggregation framework now being implemented by the global systemically important banks (G-SIBs). This paper describes the implications of these new regulatory mandates on the technology and data management infrastructure underpinning risk management systems, within single financial enterprises and across multiple financial institutions and financial market utilities (FMUs). The paper traces the decisions that led to revising this infrastructure and offers suggestions to overcome remaining issues that have already been recognised. It argues for some redirection of implementations yet to be finalised, whose strategies were laid out with legacy infrastructure concepts remaining as best practice. This is occurring while the digital transformation of finance is well underway and promises less costly, less risk prone solutions. Significant operational risk capital reduction and cost reduction incentives are identified and quantified.