Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management

02:04 PM
Connect Directly

Major Banks Resolution Plans Cite Data Systems and Planning

In part two of this blog series, it is clear that data governance is part of many of the major bank's resolution plans.

The Federal Deposit Insurance Corporation (FDIC) and the Board of Governors of the Federal Reserve recently released the public sections of the annual resolution plans for eleven systemically important financial services firms. The plans1 describe the companies' strategy for rapid and orderly resolution in the event of material financial distress or failure.

While the plans vary widely in their approach and level of specificity, the framework provided by the regulators requires each institution to provide a "Description of material management information systems" as a separate section of the public summary. This allows an interesting opportunity to find out how these firms are approaching complex issues like risk management, management reporting and data governance through the lens of planning for worst-case scenarios. In the first article in this series, I highlighted the submission of Citi. Here, I summarize interesting aspects of some of the remaining filings.

One common theme among the remaining filings is the creation and/or reuse of detailed IT asset inventories (including applications, systems, infrastructure and interfaces) to develop dependency mappings to the business entities, business lines and critical business operations defined in the plans.

JPMorgan Chase

JPMorgan Chase claims to maintain "a comprehensive set of management information surrounding its risk, liquidity, financial and regulatory reporting and monitoring" and that its "risk management framework and governance structure are intended to provide comprehensive controls and ongoing management of the major risks inherent in its business activities." The filing highlights the nine major risk types identified in the business activities of the bank: liquidity risk, credit risk, market risk, interest rate risk, country risk, private equity risk, operational risk, legal and fiduciary risk, and reputation risk. Details on liquidity risk management are provided.

In addition, JPMorgan references its IT services model as a way to "create scale, increase control and reduce duplication and cost."

Goldman Sachs

Goldman's filing is possibly strongest in its statement of the architectural advantages of its data management platform. In the filing, Goldman claims "In most cases, a single application or information system supports a given function across businesses, product lines and entities; this allows for a significant level of consistency in the functionality and reporting available."

Goldman notes that the majority of the software applications used by the firm are internally developed proprietary applications and that they "devote significant time and resources to our risk management and financial reporting technology to ensure that it consistently provides us with complete, accurate and timely information, not only on an aggregated GS Group view, but also at an entity and a business line level."

Goldman further claims: "Our MIS have extensive ad hoc reporting capabilities, and most of our systems include legal entity information as part of the data they manage. As a result, we do not believe that there are material gaps or weaknesses in our ability to provide relevant data in a crisis scenario. Our MIS are overseen by an extensive governance framework, with documented policies, standards and procedures."

Goldman Sachs also emphasizes its business resilience program, designed to ensure that all critical applications are available for use in crisis scenarios.


UBS followed the common practice described above in the preparation of their response: "…the UBS Group identified the key management information systems and applications used for risk management, accounting, and financial and regulatory reporting. The UBS Group has compiled detailed inventories identifying the systems or applications and mapped these systems to Material Entities, Core Business Lines and Critical Operations."

Another interesting aspect of UBS's filing is that its has "included processes and protocols designed to permit regulators direct access to … key management information systems in partnership with the UBS Group at a time of financial crisis."

Morgan Stanley

Morgan Stanley states that its plan "leverages … business continuity and disaster recovery plans to help identify systems and applications deemed important to the ongoing operation of the Firm's businesses and MIS capabilities. These systems and applications are classified by tier ratings indicating the order in which they should be returned to service in the event of a failure."

Morgan Stanley also cites its policies and procedures that govern the IT control environment including information security requirements and infrastructure, application infrastructure, software development lifecycle, change management, security of systems and applications and business continuity.

Deutsche Bank

Deutsche Bank's filing highlights its common set of reporting solutions, managed through a global production support and infrastructure model and its global application repository, which stores and manages information for DB Group–owned and third-party systems and applications. The filing also describes Deutsche Bank's business continuity management as "an integral part of the DB Group's normal business operations and risk management." Jennifer L. Costley, Ph.D. is a scientifically-trained technologist with broad multidisciplinary experience in enterprise architecture, software development, line management and infrastructure operations, primarily (although not exclusively) in capital markets. She is also a ... View Full Bio

Register for Wall Street & Technology Newsletters
5 Things to Look For Before Accepting Terms & Conditions
5 Things to Look For Before Accepting Terms & Conditions
Is your corporate data at risk? Before uploading sensitive information to cloud services be sure to review these terms.