NEW YORK (Reuters) - U.S. regulators are sending some of the biggest global banks verbal warnings as they crack down on the firms' poor grasp of their own weaknesses, and push for rapid improvements in risk assessment, according to two sources familiar with the matter.
The firms who received the warnings are among the largest banks in the world, but the sources declined to name individual firms because the enforcement actions are not public. Given the regular contact between supervisors and bank officials, the warnings could have come in meetings, phone calls, or letters.
Banks are responding to the stepped-up pressure by hiring people with experience in data governance and analytics. One of the sources said recruitment calls have spiked in the last 18 months as regulators have issued more non-public enforcement actions.
The world's largest banks have only grown bigger since the 2007-2009 financial crisis, and now contain even more separate entities involved in a dizzying web of credit obligations and trading positions. Banks, hobbled by what regulators believe is poor risk-management data, are struggling to get a handle on the full scope of their trading activities and asset quality.
The result is that six years after the financial crisis, regulators and the industry they oversee cannot confidently assess big-picture threats to the U.S. financial system.
And what was once viewed as an issue for data geeks has now been elevated to a safety-and-soundness concern that could eventually lead to restrictions on bonuses, dividends and share repurchases.
"The information that external investors and supervisors have about these firms is essentially hostage to the quality of the data management within these firms," said Lewis Alexander, who between 2010-2011 helped lead the U.S. Treasury's effort to set up the Office of Financial Research, or OFR.
Alexander is now U.S. chief economist at Nomura and also chairs the OFR's advisory committee.
Regulators have been taking a two-pronged approach. Publicly, officials including Federal Reserve Governor Daniel Tarullo and Comptroller of the Currency Thomas Curry have issued warnings that banks with more than $50 billion in assets need to fix shoddy infrastructure that prevents them from identifying, measuring, monitoring and controlling risk.
Curry in particular has hammered at this theme, especially after JPMorgan Chase & Co's (JPM.N) risk models in 2012 failed to capture the dangers of its "London Whale" derivatives trades that led to a $6.2 billion loss.
And privately, regulators have been issuing enforcement actions in recent months.
A senior bank supervisor said in an interview that these warnings a part of a "heightened expectations" program in which U.S. regulators have clamped down on the largest U.S. banks and foreign bank units with tougher risk management rules.
For example, the New York Fed sent a letter to Deutsche Bank (DBKGn.DE) in December that criticized the U.S. divisions of Germany's largest bank for producing financial reports that were "low quality, inaccurate and unreliable," said a source familiar with the letter.
These private enforcement actions appear to build on some weaknesses that were made public as part of the Fed's annual stress tests of the largest banks.
Bank of America (BAC.N) in April was forced to resubmit a capital plan, and had to suspend planned increases in shareholder pay-outs, after it had incorrectly reported data used to calculate capital ratios to the Fed.
A plan by Citigroup (C.N) was rejected altogether, with the Fed saying the bank's internal examination process did not sufficiently consider how its sprawling business across the world would weather a hypothetical crisis scenario.
The increased risk scrutiny from U.S. regulators is playing out on the international stage as well.
The Basel Committee of bank regulators in December said only one-third of the world's 30 largest banks would have a sufficient grip on their data by 2016. Another third would not be ready by the deadline, while the remainder said they would be ready, but their national regulators were skeptical.
And in January, a report by the Senior Supervisors Group, which reports to the G20, also issued a warning about data, saying regulators should prioritize this issue and make clear to their firms it was paramount that they were able to spot risk on their books at all times.
Stacy Coleman, who headed the New York Fed's bank operational risk group until last year, said regulators have been frustrated that firms haven't made more progress in quickly compiling their credit exposures, in some cases taking several days.
"The process wasn't very automated," said Coleman, former member of a Basel task force on systemically important banks, who is now at advisory firm Promontory Financial Group. "Even today I think there is a lot more manual processing required to compile the information than supervisors want there to be."
Part of the problem is the sheer number of legal entities contained in large banks. Another is the lack of a universal language to describe the highly-specialized securities and many transactions the firms have employed, obscuring any bird's-eye view of how vulnerable the world remains to another crisis.
A paper by the Basel committee of banking supervisors in December also seemed to show "growing frustration" from regulators who want to push hard now to get results, said David Schraa, regulatory counsel at the Institute of International Finance.
"That's probably not an altogether bad thing, to push banks when budgets are constrained," he said, "provided the regulators are realistic about the need to balance all the other demands on IT and data-development resources."
Reporting by Jonathan Spicer in New York and Douwe Miedema in Washington; Editing by Karey Van Hall and John Pickering