A BI vendor surveyed banks in in December 2013 in Europe, North America and Asia-Pacific to explore data governance initiatives, highlights the need for Board-level representation and ownership to ensure that data governance frameworks meet the business objectives. Data governance has become more important following the global financial crisis, yet over two thirds (63%) of financial industry executives do not consider it to be a Board-level issue. .
The study also showed that one third (31%) of financial institutions do not have defined roles and responsibilities in the data governance space. despite the many business drivers for data governance in the financial world.
Achieving regulatory compliance and r educing regulatory risk .was recognized by 94% of banking executives as a business driver, followed closely by ensuring data consistency across the enterprise (88%) .and improving transparency of financial data and information (63%). Why the change of heart?
The Basel Committee on Banking Supervision’s BCBS 239 principles paper was introduced to transform the way risk data management and reporting is carried out internationally. It requires that be underway to meet their January 2016 deadline.
Originally released for comment in June 2012, the 14 principles of BCBS 239 cover a lot of ground, addressing areas ranging from IT infrastructure and governance arrangements, to the way that risk management departments generate ad hoc reports.
The BCBS 239 principles also affect G-SIBS (those subject to additional capital requirements), and additional D-SIBS requirement defined by local central banking authorities, who will only have three years to meet compliance.
The list of principles may seem overwhelming, and time is running out. Covering everything from IT infrastructure to governance and timeliness, the principles are an opportunity for firms to renovate, innovate, and proof their business with the most effective people and processes in place.
Three questions, to help you decide on an action plan for compliance on schedule and to also support growth and productivity.
1. Current status?
What are your real Strengths and Weaknesses, Opportunities and Threats on data risk management compliance?. In future supervisors will require documentation and proof, and this means you need a formal system and processes.
2. Which IT systems do you use now – are those adequate?
Near real-time aggregated data is key for timely alert to risk. BCBS’s report, ‘Progress highlights that banks feel they do have a compliant with strong IT infrastructure and data architecture.
Is your technology efficient and effective? Scalable and agile?
3. Do you have the right people on the job?
Risk management comes down to people. Technology can maximize their essential productivity in processing data, and reduce errors with in-built validations and standard data transformation and aggregation , with comments, logs, version controls and audit trials, risk. Help them better to manage risk by turning data into timely intelligence with kpis to manage, report and inquire on information.
The BCBS 239 framework can be broadly categorised into 4 main pillars.
“Pillar 1 Governance and Infrastructure.”
Governance entails implementing appropriate organisational and process structures to ensure that risk aggregation receives the same strategic importance of any of the bank’s other business critical processes.
This encompasses day to day management structures and the senior management and C-level ownership of risk data.
This Pillar requires organisations to put in place the right kind of technology and process infrastructure, not only for risk aggregation requirements, but also to offer an extensible framework that will allow easy incorporation of newer forms of risk and sudden spikes in computation capabilities in stress or crisis scenarios.
Pillar 2 “Risk aggregation” .
A bank must ensure that it has in place the right capability and resources to provide:
◾Accuracy and reliability via data quality processes
◾Adherence to an “enterprise data dictionary”
◾Well documented unambiguous processes – either automatic or manual
◾Completeness in terms of data usage and coverage
◾Consistent latency for aggregating risk within agreed SLAs
◾Flexibility and adaptability to provide new aggregations easily
Pillar 3 “Risk reporting”
The supervisors will need to be confident confident that the bank has a suitable risk reporting infrastructure that is:
◾Accurate with appropriate data quality processes
◾Comprehensive – covering all the agreed risk across agreed organisational entities i.e. asset classes, organisational structures, locations, counterparties, etc.
◾Clear, intuitive and useful for the end users to easily comprehend
◾Available and refreshed at agreed frequencies
◾Distributed to the users using appropriate content distribution processes
Pillar 4 “Review, Collaborate and Act”
Timely reports on aggregated risk data should be available. Supervisors require appropriate means to review the aggregated risk output, to inquire further and to make any remedial changes as part of the workflow.
Data Accuracy
Another essential factor to consider is data accuracy. Most big banks tell us they still struggle with data quality issues. Large global banks are often the product of complex mergers, that involves its own set of data and technology challenges. Banks have multiple systems introduced often ad hoc for new revenue streams from different asset classes. The systems were never designed to capture the data in a manner to support the reporting required by regulators. There is often very little integration in the front office and there are often more than 50 systems and subsystems that hold data. Each desk has its own: trading, booking, pricing and reporting systems. New product are then built on those legacy systems and copy data from middle-office risk aggregation systems and may receive risk in more than one data channel for the same asset class,. Risk managers need to know what is the real risk and it is not practical to do this efficiently or in a timely manner form front office systems aggregate din Excel.
The completeness and quality of data in the back office is more important than the mathematics underlying risk calculations in the front office. If you don’t have the right information, at the right time about a position, (or don’t even know it exists) then your risk calculations are irrelevant. IT investment in integrating and normalising banks data is even more important than updating risk engines. Consider whether your reporting solution should embed a risk engine maintained by the software author in lien with regulatory requirements.
BCBS requires board level review of the risk data aggregation for new product approval and also for other strategic business decisions such as: mergers, spinoffs and acquisitions. The uncertain nature of financial markets, makes it both more difficult and more important for investment banks to build an agile infrastructure and reporting capabilities to make faster and better informed investment and decisions.
There is an overlap of what BCBS 239 prescribes and similar initiatives supporting other regulatory frameworks (e.g. Basel III, MIFID II, COREP, CRD IV, etc.). Forward-looking finance executives are using high-performance technologies to create fundamentally superior, compliant risk reporting processes which also help executives meet their goal of sustainable profitability.
Buy vs Build?
KPMG’s Managing the data challenge in banking advises that firms needs to ask themselves whether they have a clear Data Architecture to support the principles of Risk Data Aggregation and whether they are able to create future data capabilities that will enable them to comply with the BCBS principles by the required deadline of 1 Jan 2016.
In Deloitte’s 2013 global risk management survey, only 31 percent of respondents said that their data quality efforts were effective and only 20 percent were confident in their data management and maintenance efforts. Their advice? Automation.
Ask us about BRSAnalytics – purpose built for bank regulatory reporting.
Hasan: 0097143365589
