The Bank of England has urged investment banks to get a grip on operational resilience, telling the industry bluntly that a “mere sliver” of earnings after a hugely profitable decade would help prepare them for a potentially turbulent future characterised by growing counterparty, technology, and climate risk.
In a pointed speech this week, the BOE’s regulatory technology and international supervision boss Nat Benjamin urged boards to “make sure they understand the risks from new technology and that operational resilience becomes part of the fabric of their decision making” – adding that “I want to emphasise that it is the role of the independent boards to kick those tyres and ask those tough (and sometimes existential) questions.”
See also: BoE plans tough new rules on cloud “concentration risk”
Hinting that regulatory patience was wearing thin with excessive risk taking by investment banks -- which had seemed on the brink of death for a short moment in September 2008 before what authors Simon Johnson and James Kwak have dubbed an "extraordinary gift from the government, on behalf of taxpayers, to the financial sector" -- Benjamin said (in keeping with his speech's "new tides" theme) "although you might feel you have been doing well in the swimming pool, once you are in open waters you’d better truly be a good swimmer."
The speech to UK Finance by Benjamin – BOE’s former CFO, who holds a doctorate in applied probability – is the latest in a steady drumbeat of exhortations from the central bank about operational resilience, as the financial climate shifts away from a generation of easy money and into choppier economic waters. It also comes amid ongoing concern among regulators about the potential concentration risk posed by increasingly high levels of dependence by banks on a limited number of critical infrastructure providers like cloud hyperscalers.
He was also critical of the investment banking world's cavalier approach to counterparty risk, pointing to the Archegos collapse and a recent chaos in the nickel market and saying bluntly that "unfortunately we have again seen banks’ counterparty risk concentrations not appropriately identified or controlled." (A US pension fund is suing investment bank Credit Suisse for its failures over the Archegos collapse, saying "the fundamental problem was that CS's board did not provide the resources, people, technology, systems, and controls needed to comprehend the overall risk the bank was taking on, much less manage that risk," in a suit launched in April 2022.)
Follow The Stack on LinkedIn
The Bank of England's Nat Benjamin added: “Established banks must not let commercial pressure to adopt new technologies or enter digital asset markets get in the way of first ensuring that they can properly understand and manage the associated risks… In the new world, relationships with critical third-party suppliers are becoming as important as the relationships with large financial counterparties that international banks had established over many years. That is a sign of the rising prominence of operational vs. financial matters in that new world… So your CEOs may need to start making different types of phone calls. The financial sector can also work together on the development of extreme and multidimensional systemic stress scenarios, and assessing the impact of shocks from one firm to another. We are arguably now still in the foothills of this new digital era."
His speech comes months after retail banks were also criticised by the Bank of England for poor risk controls. Metro Bank, in particular, was singled out for risk processes that suffered “multiple gaps in the controls framework at every stage of the process, from data sourcing through to report generation”.
One leading CTO, Bloomberg's Shawn Edwards, recently told The Stack that "“If you’ve talked to enough technologists that work at banks, no matter how great you are, and how well you do, you’ll know you’re always a cost centre” -- a quick look at recent earnings shows that of Goldman Sachs' 2021 opex, $17 billion was on compensation and benefits, $1.5 billion was on IT and associated communications spending. Make of that what you will.