After establishing the proper processes for risk data collection, you can work toward creating an optimal risk reporting framework. BCBS 239’s third section – which contains principles seven through 11 – outlines various best practices for risk reporting.
III Risk reporting activities
7) Accuracy – Accuracy is integral to risk data reporting. Without this level of quality, organizations’ senior managers and boards of directors cannot make well-informed risk management decisions.
8) Clarity and utility – To provide maximum value to recipients, reports should be clear and provide useful information. They should contain data that is comprehensive enough to support informed decision making.
9) Comprehensiveness – Risk management reports should include all areas where material risks could reside. These documents should contain risk type, any concentrations and exposure for all important risk areas, such as market risk, credit risk and operational risk.
10) Distribution – Circulating risk management reports revolves around two important objectives, maintaining confidentiality and timely distribution.
11) Frequency – Key recipients – including senior management and the board – should determine how often staff will generate and distribute risk management reports. The type of risk, how rapidly it could change, recipient requirements and how much the reports could impact risk management should all factor into frequency.
To be ready for the enhanced needs that come with crisis or stress situations, financial institutions should regularly test their ability to generate accurate reports within specific intervals. This will help them meet the expectations of supervisors, which dictate that the organizations should be able to generate reports quickly and use them to responding to changing risk situations.
4 stages of maturity
Once institutions have applied BCBS 239’s 11 principles, they can generate even stronger results by combining these guidelines with the four stages of maturity, which were outlined in RIMES’ The Data Governance Best Practice Handbook. Investment managers, custodial banks and pension funds can use this guide, created in collaboration with Investit, to develop an ideal set of information policies and procedures.
In addition, these buy-side firms can use the four stages to ascertain where they are, and what they must do next to develop more mature data governance frameworks.
- Non-existent: This phase is for companies that have yet to establish their information policies and procedures.
- Emergent: This stage includes firms that have just started creating their data governance frameworks.
- Work in progress: Many organizations have reached this stage, which requires them to put some due diligence into developing the optimal infrastructure.
- Mature: To attain this level, companies must get key stakeholders at all levels of a business on-board. They must also put an ongoing effort into bolstering their data governance framework.
Building better guidelines
Want to bring your institution’s data governance to a higher level? Take a look at the 11 principles set forth in BCBS 239. If meeting these guidelines seems a little much, try using them as a benchmark.
At either rate, determining your level of maturity is crucial if you want to develop an ideal data governance framework. It’s impossible to get to your destination if you don’t know where you are, so take advantage of these tools.