The Australian Prudential Regulation Authority (APRA) is about to demand more of the deposit-taking institutions it supervises. Credit risk is the immediate subject of interest, expressed through an updated prudential standard, but heightened scrutiny on a range of issues almost certainly will arrive in due time.
In line with longstanding trends in global financial supervision, Reporting Standard ARS 220 Credit Risk Management will require more granular data collection and analysis, with some information required at individual-deal level. That means more data will need to be analyzed, and in greater detail than firms are probably accustomed to, and they will have to manage all that newly gathered information in more complex ways, in particular by integrating key functions across an organization, notably risk and finance.
Significant changes in how data is reported are also on the way. Most important, once ARS 220 is up and running – the scheduled start date is 1 January 2022 – banks will have to submit reports in a machine-readable format through the APRA Connect system. The timelines are very intimidating when compared to similar granular reporting expeditions seen in other regulatory regimes. This coupled with the striking ambiguities in the consultation will require a well architected plan to meet the mandate.
The broad goals of the updated standard are to ensure more accurate and consistent results in regulatory reporting, and to bring Australia into line with other jurisdictions where regulators are guiding banks to appraise and manage credit risk more effectively by gathering more and better data. These aims underpin such initiatives as the European Banking Authority’s AnaCredit, the Hong Kong Monetary Authority’s Granular Data Repository project, and the Thailand Credit Risk Dataset.
Another ambition of ARS 220, in the spirit of the Basel IV guidelines, is to right-size regulation by making demands of banks consistent with their size, activities and the risk they may pose to the financial system.
Compliance with ARS 220 will be a burdensome undertaking, but firms that approach it in the right way will find it manageable. Indeed they may reap benefits beyond compliance by leveraging their work to meet commercial objectives, too.
A focus on credit risk … and more
ARS 220 is ostensibly about credit risk. It calls upon deposit-taking institutions to introduce credit management policies and practices that are appropriate to a firm’s size, complexity and mix of business lines. The requirements seem rather generic at first, including devising a credit risk management strategy that aligns with a firm’s risk profile, basing lending criteria on a holistic appraisal of each borrower’s creditworthiness, a heightened ability to detect potential impairments and so forth.
Perhaps more important are the intentions it signals concerning APRA’s broad approach to regulation. Reading between the lines, ARS 220 will compel banks to be more forward looking – anticipating adverse events instead of reacting to them – by gathering more data at multiple levels, aggregating and centralizing it in the interest of greater accuracy and consistency, and exercising tighter controls over how the data is compiled and presented for scrutiny.
To meet new demands, not just the ones introduced in ARS 220 but others likely on the way as APRA’s supervisory philosophy is articulated through new initiatives, institutions will have to make significant changes in how they handle data and even in how their businesses are structured. In particular, they will have to dismantle operational silos, if they have not heeded the persistent advice of supervisory bodies over the last decade or longer to make this a priority.
Many firms continue to isolate key functions, allowing each to perform internally developed calculations and analyses on data from different sources, perhaps using different systems acquired at different times from different vendors. This can produce inaccurate, inconsistent results and an inability to take a holistic and forward-looking view of their operating environments. That may increase risk – what regulators especially care about – and it also may limit profit potential – what banks especially care about.
A key to ARS 220 compliance will be to break teams out of their silo mentality, and to do roughly the same with data systems. Legacy systems assembled piecemeal and with no overarching plan are incompatible with a goal of eliminating functional silos. Systems must be reconfigured not just to handle more granular calculations but to centralize data storage and standardize models and processes.
Going hand in hand with system integration is system automation. The greater burdens imposed by ARS 220 create a need to eliminate manual processes where practical, as does the move to automated submissions to APRA.
The need for speed
Integration and automation will speed up and streamline work, which is essential when it comes to ARS 220 compliance. Not only does the extraordinary granularity of the data to be compiled put a premium on speed. The mandate in the updated standard to reconcile results across different levels of aggregation – companywide, deal by deal, and in between – will require many checks and validations, an unacceptably time-consuming process with slower, more cumbersome technology.
A centralized data repository and uniform processes allow validations to be executed more swiftly. The fact that errors and reconciliation issues are reduced in the first place increases speed, too, of course.
Silos and the inaccuracies, inconsistencies and slower pace of progress that emerge from them do not just hinder a bank’s regulatory compliance and reporting effort. Business also suffers.
The implicit prodding in ARS 220 to break down silos therefore may yield commercial advantages to banks that embrace the work ahead of them. If they manage their response correctly – not just to ARS 220, but to the new rubrics that are sure to follow – they will be able to improve business as they make their compliance procedures more rigorous. As they contemplate the headaches that lie ahead, at least the executives responsible for bringing their firms into line with the new order can console themselves in that bit of knowledge.
Precursor analytics provides a good illustration of how greater system integration and automation used to manage data for regulatory submissions can help create higher-order business insights, too. An effective system will facilitate quality checks, identifying trends and variances across different dimensions – geography, say, or business line – and at different levels of aggregation, before submitting regulatory reports. The same information can contribute to a fuller understanding of the potential risks and rewards of different asset portfolios to help develop an optimal capital budget.
A data system with common processes and centralized data storage is essential for handling the key demands of ARS 220, and of a tricky competitive environment. Perhaps the most important advantage of an integrated system, however, is the room it provides for growth and change. An integrated architecture that builds in flexibility, adaptability and scalability is critical because ARS 220 will not be the last word from APRA. The authority is playing catch-up with its peers around the world, and there is no hint that its project to remake financial supervision has ended.