The recent failure of African Bank, and the subsequent Moody’s downgrading of all South African banks, indicates a serious lack of trust in the compliance culture of our banking system.
Realistically, no other South African bank suffers from the systemic rot that seems to have been in play at African Bank over the last several years. According to a recent exposé in Die Burger, African Bank has been guilty of over two hundred transgressions of the National Credit Act – including reckless lending, and abuses related to the in duplum rule – over the last few years.
This raises the question of why the failure of the bank was not predicted some time ago, whether by the auditors, the National Credit Regulator (NCR) or the South African Reserve Bank, and why meaningful action was not taken to stop these practises when they were first uncovered.
Moody’s downgrade is harsh, and arguably, uncalled for. It will add significantly to the cost of capital for the banks, and for government – costs that will be passed on to the tax payer and the borrower. One must assume that it is based on their belief that African Banks’ lending practises, and the lack of any significant consequence prior to the collapse may be replicated in other lenders.
Compliance projects are grudge purchases.
Executive management has a fiduciary responsibility to minimise unnecessary costs and, in some cases, this may lead to a culture of compliance with the bare minimum letter, rather than the spirit of the law. The complexity of risk management, combined with the need to allow each bank to adapt to their unique circumstances, means that the specifics of compliance, particularly related to the specifics of risk reporting, are open to interpretation.
For many banks, data governance and data quality are still seen as tactical solutions, delivered by IT in the data warehouse, rather than as strategic initiatives designed to ensure trust in the banking system. Once trust has been lost, these disciplines may be part of the solution to winning trust back.
Documented and shared data policies define the culture of the organisation. Under what circumstances may a loan be granted and what data must be captured to ensure these circumstances have been met? Data quality rules can be implemented to identify and deal with transgressions immediately, or to prove compliance and reduce the monthly reporting burden.
The failure of African Bank may herald an increased focus on enforcement of legislation, as both auditors and regulators seek to regain the trust of the international community. For banks, customer data quality may need to be improved to ensure accurate total exposures can be measured, and to ensure accurate daily reporting to the credit regulators. New international legislation such as Foreign Account Tax Compliance Act (FATCA), Dodds Franks and the Basel III BCBS 239 “Principles for effective risk data aggregation and risk reporting” are adding to the compliance burden.
An international trend that I am seeing replicated in South Africa is the appointment of a Chief Data Officer (CDO) to take responsibility for data compliance. Yet, this role may prove to be a poisoned chalice if the CDO has to rely on IT for data quality and governance support. Data management is a specialist skill that is not often a characteristic of the typical IT professional.
Internationally, the CDO drives Data Governance and Data Quality as a business function that relies on key business stakeholders to define and implement data governance policies, data quality rules and the like. The CDO cannot afford to place her success in the hands of IT but must find tools that are accessible to business data owners and stewards. The reasons are simple – external reporting burdens require flexibility, agility and, most importantly, urgency. Business must be able to interpret changes in risk results on a month-by-month basis, adapt existing reports to meet changing circumstances, measure and report on risk data quality, and explain variations to regulators in order to regain trust.
There is no reason to panic. South African banks are well regulated and we should not expect another catastrophic failure similar to African Bank any time soon. However, the reputation of the South African banking system must be restored.
The data management aspects of compliance can no longer be regarded as surplus to requirements. Banks must improve the way in which they govern and manage the quality of key risk data if they are to restore international trust.
Register for the Improving Risk Reporting in Banking webinar for a discussion on best practice and key challenges for risk reporting, from a panel of four industry experts.