Few of us are likely to forget the banking crash that started in late 2007. As a result of that crash, the Basel Committee on Banking Supervision (BCBS) came up with a set of principles for effective risk data aggregation and risk reporting, created to enhance a bank’s ability to identify, as well as manage bank-wide risks. All Global Systematically Important Banks (G-SIBs) will need to adopt these principles by January 2016, and Domestically Systematically Important Banks (D-SIBs), are required to comply within three years of being classified as a D-SIB.
BCBS defines risk aggregation as a way to measure a bank’s performance against its risk tolerance/appetite. The principles consider data confidentiality, integrity, and availability as part of the risk management framework and asks that banks define, gather and process risk data according to its risk reporting requirements. BCBS 239 is a model change in risk management planning.
The principles apply to a bank’s risk management data and group risk management processes, but don’t just include market, credit, or counterparty risks. They apply to all key internal risk management models, which includes data that is critical to enabling the bank to manage the risks it faces. These principles are expected to support a bank’s efforts to:
- Improve infrastructures to report key information that identifies, monitors, and manages risk. These reports should be used by board and senior management.
- Improve decision-making processes throughout the banking organization. It is not limited to internal processes, but should be applicable to processes outsourced to third party vendors.
- Enhance management of data across legal entities, while enabling a comprehensive valuation of risk exposure(s) at the global consolidated level.
- Reduce the possibility and severity of loss stemming from improper risk management.
- Provide access to real-time data thereby allowing decisions to be made at a quicker pace.
- Improve the organization’s quality of strategic planning while impacting the ability to manage the risks that new products and services create.
Reports should include a balance between risk data, analysis, and interpretation, and qualitative explanations. The Basil Committee stresses that bank alignment to the principles are just as important as regulations applied to accounting data.
The actual 239 publication from BCBS can be read here: BCBS 239. There are 14 principles broken into four key topics. Accenture wrote a very thorough, yet easy to read, explanation of those principles, which can be read here: BSBC 239 Risk Aggregation & Reporting. The four key topics are:
- Overarching Governance and Infrastructure – Requires a good, strong governance framework, risk data architecture, and IT infrastructure.
- Risk Data Aggregation Capabilities – Ensures risk management reports reflect risks in a reliable way (e.g. meeting data aggregation expectations is necessary to meet reporting expectations).
- Risk Reporting Practices – Right information needs to be presented to the right people at the right time with accurate, clear, and complete reporting.
- Supervisory Review, Tools, and Cooperation – Should review compliance to determine whether the principles are achieving their desired outcome, or whether further enhancements are required.
It is also strongly encouraged that banks consider enhancing their existing capabilities, or implement new ones:
- Inter-Linkage/Adoption – Extended across all legal entities and divisions of the bank and implemented simultaneously.
- Forward-Looking and Early Warnings for Risk Control – Create risk management reports to increase visibility to anticipate problems and provide a forward-looking assessment of risk.
- Incomplete Data – Understand how this could impact the bank’s risk analysis and reporting operations, as more controls, resources, and additional processes would be implemented.
While there will be a few challenges to implementing these new principles, the destination far outweighs the travel. Board oversight needs to be very involved in order to enhance existing functions while approving the investment needed to enhance the infrastructure. However, the completeness of the automated data will allow for faster, timelier reporting. Accuracy will also be very important while making the data adaptable to make the best possible decisions. BCBS 239 proposes a clear set of actions that allow the board, the bank, and the market to make a vivid impact on the quality of risk management through one necessary dimension: data. Implementing an automated data analysis solution can lead to data quality you can trust if you
- Have the software controls in place to monitor your data integrity and accuracy throughout the entire workflow process, end-to-end
- Create the necessary visibility reports for upper management to review issues like fraud, trends, and overall marketplace propensities
- Use managed services if you’re a resource-constrained organization struggling to meet compliance deadlines.
Banks can either look at BCBS 239 as just another regulation, or they can use it to align operations and directly change organizational priorities. Looking at BCBS 239 as a roadmap to improving your IT architecture will provide the opportunity to modernize systems, automate your data, and improve procedures and approaches to risk management. Meeting compliance will take the required principles, offer benefits far beyond compliance, and deliver business value. Identifying the necessary tools to not only provide the deliverables necessary to bring your risk management up to par, but provide insight to your financial future will be the keys to success.