Insights and News /

27 July 2017

Brexit: The guaranteed test of BCBS 239 compliance

The next couple of years will be a rollercoaster of political and economic uncertainty as the UK thrashes out its Brexit deal with the EU.

There will be many periods along this Brexit journey – some lasting just a few days, others more protracted – in which banks’ Risk and Treasury functions will need to trigger crisis reporting processes in order to provide up-to-the-minute reporting on their risk profile to enable their management teams to respond rapidly and decisively to:

  • Market and liquidity risk as markets and customers adjust their view of the future
  • Credit risk as the real economy reacts to the Brexit negotiations and any final settlements that are reached
  • Operational risk as, for example, ongoing negotiations trigger resignations of key UK personnel as they revise their view of their employment prospects.

These crisis reporting periods will be a key test of whether banks have met the crisis reporting requirements embedded in BCBS 239.

BCBS 239 itself contains 22 instances of the word “crisis.”  Three of these are references to the 2008 financial crisis; the remaining 19 instances describe crisis reporting capabilities that banks are required to demonstrate.  Briefly, banks must:

  • Be able to generate risk data and reports much faster during crisis periods – potentially intraday for credit, market and liquidity risk
  • Codify the required completeness, accuracy, timeliness and frequency of crisis reporting
  • Ensure the adaptability of their reporting capabilities in a crisis
  • Run regular tests of their crisis reporting capabilities.

Three key features have distinguished those programmes that have been most successful in developing their crisis reporting capabilities:

  1. A holistic crisis reporting framework for each individual risk type, setting out crisis governance, management information (MI) required, and the data quality tolerances associated with that MI
  2. Driven as a commercial initiative, with crisis reporting requirements driven by the business end users and risk managers who will be responsible for management of the risk in a crisis
  3. A recognition that quite different data and reports may be required in a crisis than in the business-as-usual reporting cycle to enable clear decision-making in a crisis.

If the banks are deemed unable to report their exposures reliably when the next crisis occurs – more than 18 months after the supposed deadline for BCBS 239 compliance – both regulators and banks will have difficult questions to answer regarding their BCBS 239 efforts.