2014 is a year of change for banking supervision in Europe. The European Central Bank (ECB), national supervisory authorities and banks are busy preparing for the Single Supervisory Mechanism (SSM), which is scheduled to take responsibility for the prudential supervision of banks in the Eurozone from November 2014.

The current focus of preparations is rightly on getting ready for the start of the new supervisory regime. But if the SSM is ultimately to be a success, preparations need to begin now to tackle the strategic challenges that will become increasingly important in the medium‑term.

We believe that data and analytics (the technological solutions and mathematical techniques that support supervisors in analysing data) should be priorities for strategic investment. They could be the differentiating factors that determine whether or not the SSM delivers on the aspirations that have been set for it: to enhance the quality of supervision and policy making, to identify and implement best practice, and to be ambitious and innovative. Operating on the basis of the status quo could quickly become unsustainable.

This paper is intended to stimulate a debate as to where the ECB in particular might go in tackling these issues over the next few years. It is produced on the basis of Deloitte's experience helping many banks with a wide range of data challenges, and assisting banking authorities to develop their supervisory capabilities.

Responsibility for establishing the new benchmark for data and analytics standards naturally lies with the ECB and national supervisory authorities, but responsibility for delivering the new standards will be borne jointly by banks and supervisors. It is therefore crucial that banks in the SSM engage with supervisors in the process of developing the route map for data and analytics. While we discuss these in the paper with reference to the SSM, the precepts are also relevant to supervisors in other countries (not least because of the prospect of convergence in this area) and to firms that face demands for data from supervisors.

The best outcome will not simply be a re‑engineering of technology and practices around the status quo, but could involve a fundamental rethink of the relationship between banks and supervisors. If innovation in data and analytics can be applied to the production, management and interrogation of data, it will enable the balance of supervisory time to shift further towards addressing problems rather than merely identifying them.

Investment in data and analytics could also help supervisors better handle issues stemming from the increased complexity in banking. For example, how much of supervisory stress testing should be done by banks rather than supervisors? How far will 'modelling' approaches to capital requirements continue as at present, or will they be supplemented by various floors derived from standard formulae? One could even envisage a position where supervisors take greater ownership of the calculation of risk‑weighted assets (RWAs) themselves, for example by gaining direct access to banks' systems to source 'raw' data to double‑check calculations, rather than relying solely on banks. In the process, they could address concerns about opacity and complexity, as well as facilitate supervisory challenge. All these options would reflect changes in the costs and limitations of technology and data that in the past have prevented supervisors from using their own data‑intensive methods.

Making the case to prioritise data and analytics

Of course, data, and to a lesser degree advanced analytics, already lie at the heart of banking supervision. SSM supervisors will have ready access to data reported under the EU supervisory framework, for example, which are extensive in their coverage and will form the bedrock of the SSM approach. Guidelines on the Pillar 2 Supervisory Review Process set expectations about supplementary data requirements.1 At issue now are the steps that can be taken to improve the accuracy and comparability of data that are received; whether and how data requirements should go beyond standard supervisory reporting; and how the information can best be analysed and shared.

The SSM supervisory framework and approach, which will be important in scoping data and analytics requirements, are in development. It is already clear from existing best practice and insights from the ECB's comprehensive assessment exercise what the key features will be. In particular, supervisors require:

  • ready access to complete, high quality, reliable and timely data;
  • comparable data across firms, to support system‑wide and peer group analysis – including the construction of relevant peer groups on a cross‑border basis, and to streamline analysis of individual firms;
  • the ability to perform 'deep dives' on areas of concern at an individual bank, peer group or banking sector level; and
  • the ability to deploy advanced analytical techniques to detect trends and pin‑point areas of concern, to enable supervisors to be forward looking and proactive.

The precise requirements will be further informed by international guidelines, such as the Basel Committee on Banking Supervision's Core Principles for Effective Banking Supervision, which set data requirements for systemically important financial institutions (SIFIs), and by regulatory initiatives in train internationally. For instance, the revised Capital Requirements Directive (CRD IV) and the European Market Infrastructure Regulation (EMIR) have important implications for data.

Data and analytics have been found wanting in the past. For example, the recent financial crisis emphasised the need for ready access to timely, accurate and complete data – and highlighted that many banks and supervisory authorities experienced difficulties in providing that. As supervisors sought to tackle problems, their efforts were hampered at times not only by a lack of data, but also by gaps in understanding of the quality of data available, or by difficulties scaling up their analytical infrastructure to quickly perform a 'deep dive' analysis on a particular area of concern at a bank, or across several banks. These experiences illustrated how, in some respects, technology and data governance processes had not kept pace with the growth and increased complexity of banks and banking, even if adequate analytical techniques had been available.

Although the direction of travel is now clear, there is still work to be done in meeting these standards. For example, the Basel Committee's progress report on adoption of its Principles for effective risk data aggregation and risk reporting, published in December 2013, said that awareness had increased, and banks had taken steps towards fully implementing the principles, but "many banks are facing difficulties in establishing strong data aggregation governance [and] architecture and processes ... Instead, they resort to extensive manual workarounds". Although the principles are targetted at SIFIs, other banks should consider them as part of their approach to risk data.

Box 1. Case study: Data and the ECB's comprehensive assessment exercise

Banks involved in the ECB's comprehensive assessment exercise have had first‑hand experience of how data‑intensive the new supervisory approach could be. In late 2013 the largest banks received two data requests (excluding interim field tests and pilot exercises) connected to the first two stages of the exercise: the supervisory risk assessment, and the portfolio selection step in the asset quality review (AQR). These required banks to populate hundreds of data fields.

Having been close to banks through this process, Deloitte has seen the types of issue banks faced with those requests (which are likely to arise again in 2014 as the exercise continues) and how the ECB and national supervisors would like data to be captured on an ongoing basis.

For example, the portfolio assessment template required banks to produce at a summary level a stratification of their banking book, to highlight key risk areas. The issues banks encountered in doing this included:

  • the data required needed to come from a variety of different systems within the bank;
  • in order to manipulate the data to fit the template, a significant numbers of assumptions and interpretations were needed;
  • due to tight time constraints, there was very little opportunity to discuss these issues with the regulatory bodies; and
  • banks that had significant exposures in subsidiaries, especially outside the Eurozone, faced consistency issues – the accounting treatment of loans can be open to interpretation based on local regulations or direction.

The exercise highlighted that banks would have to make major changes to how they collect and store data (and quite possibly in improving the consistency of their processes more generally). Any guidelines adopted in future will also likely necessitate an assessment of and investment in banks' IT infrastructure and business processes (for example, in managing counterparty or product reference data centrally).

These requests were not a one‑off exercise. Much more data will be requested during the next steps of the AQR, under which the quality of the selected portfolios is to be reviewed. And under recently published European Banking Authority (EBA) guidelines, an annual AQR exercise will become a standard part of the supervisory framework across the European Union.

Moreover, the challenges that supervisors encounter will not necessarily be resolved once banks comply with international principles. In part that is because the principles do not cover the breadth of factors – from producing, managing and sharing data; through forming a consistent view; to obtaining analytical insights – that have a bearing on this topic (Box 2). But it is also because what is needed is a shift in culture, beyond pure compliance.

Clearly, these requirements are not unique to the SSM; the difficulties are inherent to banking supervision. The challenge in addressing them, however, is exacerbated by the scale and geographical reach of the SSM, its size, and the disparate activities of the thousands of banks it will supervise. The SSM will encompass around 6000 banking entities in 18 countries. Although only a portion of those by number will be supervised directly by the ECB, the ECB will monitor the activities of all banks (and Eurozone supervisory authorities) on an ongoing basis, and wants to be able to escalate quickly supervisory oversight if the financial condition of any bank deteriorates. It therefore needs a system of early warning indicators to facilitate the monitoring of firms, built around an extensive, reliable data set.

In addition, the SSM will adopt a hub and spoke structure, with centralisation of decision‑making power at the ECB, but a distributed approach across national supervisory authorities regarding day‑to‑day supervision. The ECB will also need to coordinate its activities with resolution authorities, the EBA and the European Systemic Risk Board, and overseas supervisors. Managing this structure will necessitate large and frequent information flows.

In parallel to these requirements, technology is evolving rapidly and data and analytics are ripe for investment. Failure to think strategically now about medium‑term capabilities may leave supervisors and banks increasingly behind the curve and it will be significantly harder and more costly to make changes once other approaches have become embedded. It will also be a missed opportunity to drive convergence across the banking industry in data and technology standards (and to the extent lack of convergence leads to inefficiencies, the cost of banking and financial services will be higher – a cost that ultimately will fall on households and the real economy).

Box 2. Understanding the challenges

Producing, managing and sharing data

A lack of structure, the absence of common definitions and poor quality can contribute to making data difficult to understand, manage and share. Regulatory reports provide some structure and a schedule for submission (most commonly at the end of each quarter), but supervisors need to request information on an ad hoc and ongoing basis for all manner of reasons. The granularity and frequency of data requested will vary across banks, in particular as the size and impact of their activities vary. That said, it is likely that the approach to less significant banks will be more data‑driven than for significant banks, which would create a proportionately higher demand for data granularity, relative to the size of the banks.

Loosely, data generated by a bank can be separated into data that supervisors will always want to collect on a periodic basis; data which they want to have the ability to collect on an ad hoc basis; and data which they believe they will never need. Regulatory reports provide a common set of definitions for banks, but only cover a relatively small set of data. The total set of data collected on a regular or ad hoc basis seldom changes except when there is a substantial change in supervisory approach or responsibilities, for example the one we have been witnessing since 2008. The split though between data collected on a regular basis and data collected on an ad hoc basis might well change. And there is also the potential that on occasion supervisors will unexpectedly ask for information in the 'never' category, and/or insist on different formats from those they have hitherto used.

In the absence of common definitions, it is more time consuming for supervisors to make ad hoc data requests and to compare data across different banks because of potential differences in definitions or naming conventions. For banks, the lack of common definitions often means they manage multiple descriptions of the same data across their business, including across risk and finance, as well as for supervisors. During the banking crisis supervisors were surprised by how hard it was for some banks to produce data that should have been core to those banks' own risk management. Often the difficulties were to some significant degree due to different definitions between a bank's own internal view and that of the supervisor, underlining the need for agreeing definitions upfront.

Standardisation of data structure and definitions is essential if the ECB is to achieve the sought‑after harmonisation of supervision across the Eurozone, as well as ensure it can supervise banks on its preferred terms. If the problems were fixed, supervisors might need to collect or retain less data. While significant improvements might be required before the quality of data is sufficiently improved, if supervisors had more confidence in the data they saw and found it simple and quick to access additional data, they might conclude less data were needed upfront.

Forming a consistent view

Clearly, supervisors should be able to form a consistent view on the firms that they supervise, drawing together all of the information they have available. However, in practice it is often difficult to do so. Information about a firm can come from several different sources, through a variety of channels, in different formats and to a number of different supervisors. That is not necessarily a reflection of a disorganised system. On the contrary, a well‑organised supervisory authority with specialists pursuing a number of leads and monitoring a range of information sources, and experienced supervisors digging into different issues through whatever sources of information a bank has (board packs, management information, risk data), would find itself in that situation.

The emphasis the SSM places on peer group analysis adds another dimension to the aggregation problem. Not only will SSM supervisors want to be able to compare banks with similar business models, but they will need to be able to do so for banks in different countries. Language differences across the 18 Eurozone members compound the problem. The geographical breadth of the Eurozone means SSM supervisors are likely to have to process data in several different languages. Can they be sure, for example, that definitions of 'willingness to pay' mean the same in every one of these?

Even once the problems of structure and language have been addressed, data would typically still be held in a variety of places. Supervisors can spend a significant amount of time manipulating and pulling together data. In some circumstances data in disparate locations may not be known, or the costs of pulling them together may be too costly to be practical. A tool that could bring these data together would also have application to thematic reviews or macro prudential supervision, given that the former relies heavily on comparison between firms and the latter on aggregating (hopefully consistent) data.

Analytical insights

A third challenge is a supervisor's ability to draw analytical insights from data – and in particular the ability to anticipate problems rather than reacting to them once they have crystallised. Judgement‑based supervision requires an inquisitive, analytically strong supervisory team whose work extends beyond receiving information on how banks comply with the requirements they are subject to, and an operating model that supports the team in testing hypotheses.

Early warning indicators – using and learning from historical data and extrapolating current trends to make comparisons over time and across peers, and identify outliers – is an important example. The SSM will be uniquely placed to monitor trends across Eurozone countries at a level of granularity which is not available to other institutions. Indicators can look at a number of variables across capital, funding, risk‑taking and earnings, both in absolute terms and in terms of growth rates. This of course is not a new idea, but it is typically difficult to establish and maintain the right suite of tests and calibration of threshold. Developing a system that is manageable and remains core to day‑to‑day supervision would be a significant and important achievement.

Finally, there is the question of how best to automate the 'mechanised' part of the supervisory process, which uses quantitative data to assess key risk factors and metrics before supervisory judgement is applied. An effective technological solution could free up a substantial amount of time for supervisors.

The need to work with the ECB and its supervisory approach can be an impetus for firms to review their existing analytical tools and processes. In particular, the ECB will be elaborating its requirements for risk appetite setting and risk management, which may well be more rigorous than some of those set by national supervisors. At the very least banks will be asked to confirm (with evidence) that their current analytical capabilities are sufficient.

Shared challenges; diverging interests

The challenges do not only lie at the door of supervisors. Banks share an interest in addressing them and should be ready to engage in understanding the issues and finding workable solutions. That said, bankers' and supervisors' interests will diverge at some point. For example, priorities or preferred solutions might diverge because of different views on the appropriate time frame for delivery, or perceived synergies. The cost of data harmonisation will differ by bank, depending on how their current state diverges from proposed 'templates'. Or details may be difficult to agree because of the different perspectives from which banks and supervisors come to problems. Ultimately, the agreed solution will be the product of negotiation and compromise on both sides.

There are many different ways the challenges could be tackled. Some of those will be more cost effective than others for banks. For example, is it better for the ECB to go it alone on stress testing or try to co‑ordinate with US and UK initiatives? Is it better to build on the Basel Committee's risk data aggregation principles than do something different? Is complete standardisation realistically achievable? If it isn't, where would standardisation add the most value?

Banks and supervisors could both benefit from a more efficient supervisory process. Banks should provide high quality, consistent data in line with regulatory and supervisory specifications. Supervisors need to improve the specification of the data required from banks. While this may not necessarily result in a less intense supervisory approach, it could enable banks and supervisors to utilise available resources better, deriving more accurate insights from data which are already being requested and collected.

There could also be indirect benefits. For example, the same tools that enable banks to efficiently share information with supervisors, and enable supervisors to analyse banks' business models and risk profiles effectively and in a timely manner, could also be utilised to improve risk management or management information sharing within banks themselves. In many ways, the objectives which a supervisor will have in its data management are similar to the objectives a firm will have internally and there is no reason why the two processes cannot often inform and complement each other.

Banks need to get better at producing and processing the data needed for firm‑specific internal use in line with their strategy, business model and related risk‑management needs. Regulatory submissions have too often in the past been seen as an overhead, but data submitted to supervisors can provide insights to the firm. Separately, the costs of 'getting it wrong' on supervisory reporting are steadily increasing. And in future, supervisors and resolution authorities will want legal entity data; in the past banks have often run their business in a way that cuts across legal entities so that forming a legal entity view of risks has been difficult.

Supervisors and banks need to identify a forum where the issues can be discussed. Too often data and analytics have been relegated to 'backroom' issues. They now need leadership, and a collaborative approach between banks and supervisors. Stakeholders need to build a business case for change, so that projects can be properly considered against other demands for resources and investment.

To put data and analytics on a sustainable footing for the future, it is important that the process of cooperation not only delivers an agreed specification of data to be reported, but also a better understanding of the limitations of data, and where bank‑specific (or national or regional) differentiation is necessary. Whilst common standards and principles will be useful in tackling the problems, in the detail, a one‑size‑fits‑all approach applied indiscriminately across the SSM will be counterproductive.

Realising the ambitions – what might the solutions look like?

There are a number of tools and technologies – and methods and approaches – that could be applied to address the problems identified. Some of the difficulties and confusion may be inevitable or irreducible. But there are certainly some areas where progress can and should be made, to ensure that the supervisory apparatus has the right building blocks and the flexibility to evolve in future to keep pace with developments in banking.

The solutions we suggest are intentionally ambitious. The ECB and national supervisory authorities should start with pilot studies, running a proof of concept stage and building the business case. Using best practice for project design, development and management will further increase the chances of success. In the intervening years, whilst strategic solutions are being developed, steps should be taken to limit the further accumulation of problems – for example, by focusing efforts to restrict the growth of unstructured data.

Producing, managing and sharing data

Bringing greater structure and quality to data should be a priority and should feature early in any strategic plan. It is crucial to set the right foundations, as data are generated or collected, in order to maximise the effectiveness of the down‑stream analytical processes. Greater structure will also provide a common language for banks and supervisors to discuss data, and understand data needs.

Key to bringing structure is to develop a common data hierarchy (to support the organisation of data) and data dictionary (capturing meanings, relationships, usage and format). These are familiar concepts (even if the terminology might not be) and there are many examples of existing systems that offer at least some elements of a hierarchy or dictionary. In supervision, regulatory returns (such as the EU's Common and Financial Reporting frameworks, COREP and FINREP), or data templates for recovery and resolution planning, are organised around defined data frameworks; there is a global initiative to agree a Legal Entity Identifier (LEI) system that would give each entity a unique reference code; and various industry groups coordinate collaborative efforts to develop standardised frameworks for particular financial instruments or business activities (such as the Financial Industry Business Ontology being developed by the Enterprise Data Management Council and its members).

What is lacking is a common, comprehensive framework for banking supervision that could be applied to define any piece of information that a supervisor needed to request. That would be an ambitious task, but one where progress is possible. The solution might lie in developing or consolidating some existing frameworks. Or it might lie in an alternative approach, where the structure and framework are agreed in advance, but at least some of the detail is allowed to evolve organically.

In combination, the quality of data should be addressed, in particular by raising the completeness and accuracy of the associated meta data. These are 'data about data', which describe the content and context of data. One component, reference data, includes items such as currency, and the name and location of the counterparty. When transaction data are created, they need to be 'tagged' with unique identifiers based on the relevant reference data fields for that transaction. Reference data are most useful when they are based on commonly adopted terms, and banks and supervisors should encourage the development of, and subscribe to, the same central bodies managing these data. The LEI initiative is a good case in point. Good data management requires investment in technology, governance and processes to create and maintain consistent and accurate data.

Forming a consistent view

Data formats can create a significant obstacle, whether over time, across a peer group, or even across what should be complementary information on a single firm or issue. In particular, unstructured data – data found in, for example, reports, emails, board packs – is difficult to process. The information is typically text heavy, but also often contains important quantitative information.

In practice, it is time consuming and inefficient to manage unstructured data in its raw form. Techniques such as text analytics or data mining can be used to extract information that can then be stored in a structured way, and in turn processed more easily. This could be achieved in part by integrating this technology within a portal through which banks submit data to supervisors.

Another barrier to comparing data, which is particularly pertinent to the SSM given its geographical reach, is differences in language. Banks will be permitted to communicate with the ECB in any of the official languages of the European Union. Much of the raw data, in particular for 'deep dive' assessments, will be in the local language. Text analytics or data mining tools can also be applied to these problems, although the scale required for the SSM will be novel. Text mining libraries are typically set up by a combination of topical and linguistic experts and would capture the same concepts in different languages.

Also important in forming a consistent view is the ability to bring different information sets together. The new generation of visualisation tools (such as Qlikview, Tableau, Microstrategy and Spotfire, amongst others) enable relatively quick construction of visual reports. These visualisation tools are generally very good at showing concentration and correlations quickly or for analysing trends over time, and are easily accessible from anywhere in the world. For example, it is possible to create reports, and place them on a server for access by multiple users at any time from mobile devices such as tablets, eliminating the need for carrying reams of confidential reports and paper. An additional benefit of these visualisation tools is their drill‑down capability, which would enable supervisors to quickly examine potential problem areas.

Analytical insights

Applying some of the changes considered above, supervisors will have access to a large, high quality data set, ripe for applying many of the 'big data' tools that have become mainstream in a number of other settings and industries. These tools can be applied to interrogate data, and identify trends and patterns, or to make predictions. They could be used to generate novel insights for supervisors, in particular by leveraging the unique perspective supervisors have across peer groups or the banking sector as a whole, or to provide a reality‑check against analysis provided by banks.

The idea of applying mathematical and statistical techniques to data collected by supervisors is not novel, but the sophisticated algorithms now available that power big data analytics could deliver a step‑change in the quality of the insights compared to traditional data applications. For example, 'intelligent algorithms' could be deployed to 'learn' about typical trends and deviations in data, both across peer groups and over time, in order to be able to identify where changes represent a material deviation for a particular bank or peer group, as a prompt for further investigation. Or mathematical techniques for finding patterns in data could be used to simplify the complex array of information that supervisors collect on firms.

Pulling all this together

We return to where we began. 2014 is a year of change for prudential supervision in Europe. This paper is intended to stimulate debate as to how issues around data and analytics might be tackled over the next few years. The SSM provides a unique opportunity to address these challenges from a (largely) clean sheet.

Although responsibility falls to the ECB to take forward the discussion in this area, data and analytics are a key issue of shared interest between all banks and their supervisors. Getting it right will require coordination and cooperation, to develop a shared understanding of the challenges, and potential benefits. The outcome will have a material influence on the success of the SSM, and how effectively banks meet supervisory expectations in this area. Through smart, ambitious adoption of technology and best practice, supervisors and banks could not only make success more likely, but also enhance risk management and fundamentally change the supervisory relationship around data for the better.

Footnote

1. See, for example, the Basel Committee on Banking Supervision's paper on 'International convergence of capital measurement and capital standards', http://www.bis.org/publ/bcbs128.pdf. Supervisors are required to "review and evaluate banks' internal capital adequacy assessments and strategies ... and take appropriate supervisory action if they are not satisfied with the result of this process"

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.