The 2016 supervisors’ assessment questionnaire was completed by all seven supervisors / supervisory regimes that had G-SIBs under their supervision.
- The report found that G-SIBs’ level of compliance with the Principles is unsatisfactory, notwithstanding that G-SIBs have made some progress in implementing the Principles in 2016.
- Only one G-SIB fully complied with the Principles within the January 2016 deadline
- All Principles except Principle 2 (data architecture and IT infrastructure) were largely or fully complied with by over half of the assessed banks
- Principle 2 is one of the two preconditions (together with Principle 1 on governance) to ensure compliance with the other Principles
- The average delay in implementation of individual Principles ranges from 2.22 to 2.75 years
- Banks would take about 5 to 6 years to fully comply
- Some banks view implementing the Principles as a one-time compliance exercise rather than a dynamic and ongoing process
- In this regard, banks need to periodically assess and make needed improvements to IT systems, policies and processes to effectively implement the Principles
- There should be a regular independent validation of risk data aggregation and reporting processes
- Some supervisors used fire drills to perform ad-hoc assessments of banks abilities to respond in a timely manner
- Appendix 2 provide a set of examples regarding compliance to principles
Challenges faced by banks
- Difficulties in execution and management of complex and large-scale IT and data infrastructure projects
- Overreliance on manual processes and interventions to produce risk reports
- Incomplete integration and implementation of bank-wide data architecture
- Weaknesses in data quality control
New recommendations
- Development of clear road map to achieve full compliance
- Compliance should be on an ongoing basis
Recommendations from previous review still holding
- Banks and supervisors should continue to promote understanding of the principle
- Banks should clearly articulate risk data aggregation and risk reporting expectations
- Banks should have efficient governance arrangements
- Banks should critically examine their data architecture and adaptability capacity
- In case of non compliance at the deadline provide remedy plan