The FSB's Global Risk Data Aggregation Initiative: A Review and Update
Uneven acceptance of the legal entity identifier (LEI) hinders systemic risk monitoring
Friday, June 28, 2019
By Allan D. Grody
After the financial crisis, regulators rightly concluded that they needed more granular and standardized transaction data to oversee the risks inherent in financial institutions and in financial markets. The legal entity identifier (LEI) and other universal standard identifiers were to be created and then embedded in financial transactions and used to identify and aggregate financial transaction data. This would make possible the long-sought means to efficiently aggregate data into meaningful and timely input for analyzing any single firm's enterprise risk and, ultimately, multiple firms' systemic risk. Systemic risk was now to be understood as a global issue, as activities and risks of global financial institutions transcended sovereign boundaries of regulation. The G20 took up the cause and assigned its implementation to the Financial Stability Board.
A fundamental observation in the aftermath of the financial crisis is that the financial industry has evolved to where it is almost completely reliant on a technology-based ecosystem. Information technology has increasingly replaced human involvement in the life cycle of financial transactions, with software applications operating across globally networked computers. This level of automation gives the appearance of a smoothly functioning, digital-age industry where straight-through processing rules, human interaction is minimized, algorithms control trading, and risk models mitigate risk.
In reality, the smooth functioning of all of these automated processes is dependent on improvements in a fundamental pillar of finance: data standards. Multiple handoffs of financial transaction data amongst and between financial institutions, multiple regulators, and hundreds of financial market utilities relies on translating thousands of non-standard data elements, including hundreds of different identifiers for the same financial market participant. Hundreds of data vendors add to the complexity using proprietary codes for these same entities.
The Lehman Lesson
In the aftermath of Lehman Brothers' failure in 2008, it was revealed that nether Lehman nor its regulators, nor its clients, creditors and counterparties had a common understanding of the risk exposure that existed at Lehman. That common understanding required a common identifying code that computer software could interpret as Lehman Brothers'. That this did not exist, over all of the generations of technology that financial systems had evolved through, was a revelation to all.
This revelation drove the Group of Twenty's (G20's) newly appointed global standards body, the Financial Stability Board (FSB), in 2010 to sanction a series of global data standards initiatives. This included the global legal entity identifier (LEI) initiative - a unique, unambiguous and universal code for business entities participating in the financial system as a standard to eventually replace all proprietary codes used to identify business entities across the global financial supply chain.
LEI's first implementation was to be in the newly regulated OTC derivatives markets. Thereafter it was to be implemented in securities markets, within payment and trade finance supply chains, and in Know Your Customer (KYC) and anti-money-laundering (AML) applications. It would become the definitive global financial market identifier for credit, market, regulatory and systemic risk analysis.
Cumulative Issuance of LEIs (end-of-quarter figures)
Shortcomings of IT
Another significant lesson from the global financial crisis was that banks' information technology and data architectures were inadequate to support management of financial risks. Because of weak risk data aggregation capabilities, many banks were unable to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. This required a more granular view of risk, a view at the transaction level to complement the position and balance sheet levels that were the cornerstone of the global risk agenda to that point.
Without computers knowing the precise digital fingerprint, the “financial barcode” of a transaction, too many automated processes fail, manual reconciliation intervenes, delays in payment occur, risk and costs increase, and the vision of a seamless automated supply chain remains unfulfilled.
To compound the problem, a formal discipline of risk management had been imposed by regulators on a mainly unintegrated technology ecosystem that embodies legacy software applications running back-, middle- and front-office operations of both financial services firms and financial market utilities. Data mapping of thousands of non-standard digital fingerprints between these systems adds to quality deficiencies in risk data, additional costs and significant time delays in risk reporting.
Data Aggregation Principles
The Bank for International Settlements' Basel Committee on Banking Supervision (BCBS) has stepped in and asked regulators to oversee formal technology-upgrade programs and data aggregation processes for financial institutions. The initiative, known as BCBS239 (Principles for effective risk data aggregation and risk reporting), has generated new and significant demands for data standards and technology upgrades at financial institutions. It suggested that using the LEI would facilitate the risk data aggregation framework now being implemented by global systemically important banks (G-SIBs).
In the U.S., proposed legislation H.R.1530 - 115th Congress (2017-2018): Financial Transparency Act calls for common identifiers for information reported to financial regulatory agencies or collected on behalf of them. This includes a common entity identifier (presumably the LEI but not specifically referenced in the legislation) and common data formats. Prior attempts to have each of the eight major regulatory agencies under the Financial Stability Act of 2010 (also known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) initiate their own mandates proved unmanageable.
In summary, LEI adoption remains low outside securities and derivatives markets and uneven across countries.
LEI coverage is concentrated in Canada, the European Union and the United States, where it spans from 2% to 7% of all eligible legal entities in their respective territories, and is much lower elsewhere. In these areas, the FSB states that the LEI has come the closest to meeting the G20's objective.
However, the initial and single most important use of the LEI in trade aggregation reporting across sovereign borders was to be in the OTC derivatives markets. Trades with the LEI included, along with associated financial transaction data, are being reported to one of 25 trade repositories. Aggregation across these repositories is not yet functional, even though 1.4 million LEIs have been issued, mainly for participants in the OTC derivatives markets.
A broader adaption of the LEI is necessary, along with standardization and use of a unique product identifier (UPI) and unique transaction identifier (UTI). These three identifiers, along with critical data elements comprising the components of an OTC derivatives trade, are required to be reported to these trade repositories.
Several FSB jurisdictions - particularly in Asia and emerging economies - have not taken steps to mandate use of the LEI in any area, or have adopted rules requiring LEI use only if the entity already has one. Few jurisdictions have plans for new strategies to increase adoption. The FSB states that without regulatory mandates, such low issuance limits the ability to effectively support further regulatory uses.
Regulatory uses were set for the LEI by the G20 when it requested “global adoption of the LEI to support authorities and market participants in identifying and managing financial risks.” To realize this objective, each financial transaction, originated within a FSB member jurisdiction, must contain the LEI code of each financial counterparty, each financial reference entity and the LEI of the transactions' supply chain participants. Without such a common financial market participant identity, universally applied, the buildup of a contagion leading to systemic risk cannot be detected, nor can individual risks of financial institutions' common counterparties be assessed.