The Basel Committee on Banking Supervision’s (BCBS) ‘Principles for effective risk data aggregation and risk reporting’ (the Principles) were published in January 2013 and are designed to strengthen risk data aggregation and risk reporting practices at banks. The BCBS and the Financial Stability Board expect banks identified as global systemically important banks (G-SIBs) to comply with the Principles by 1 January 2016. The BCBS also strongly suggests that national supervisors apply the Principles to domestic systemically important banks within three years of their designation as such.
The BCBS is monitoring G-SIBs’ progress towards meeting the 2016 deadline and has now published a report regarding the progress made in adopting the Principles. Notably, of the 31 participating banks, 14 have reported that they will be unable to fully comply with the Principles by the 2016 deadline. The key Principles are summarized below:
- Governance: “A bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements…” Principle 1
- Data architecture and IT infrastructure: “…should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata)…” Principle 2. §33
- Accuracy and Integrity: “…a bank should have a “dictionary” of the concepts used, such that data is defined consistently across an organization” Principle 3. §37
- Completeness: “Supervisors expect bank’s data to be materially complete, with any exceptions identified and explained.” Principle 4. §43
- Timeliness: “A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principles relating to accuracy and integrity, completeness and adaptability.” Principle 5
- Adaptability: “…capabilities should be flexible and adaptable to meet ad hoc requests,” Principle 6. §48
- Accuracy: “Automated and manual edit and reasonableness checks, including an inventory of the validation rules that are applied to quantitative information.” Principle 7. §53 (b)
- Comprehensiveness: “…reports should cover all material risks within an organization.” Principle 8.
- Clarity and usefulness: “A bank should develop an inventory and classification of risk data items…” Principle 9. §67
- Frequency: “Some position/exposure information may be needed immediately (intraday) to allow for timely and effective reactions.” Principle 10. §71
- Distribution: “Procedures should be in place to allow for rapid collection and analysis of risk data and timely dissemination of reports to all appropriate recipients” Principle 11. §72
Interestingly, the three Principles with the lowest reported compliance were Principle 2 – data architecture/IT infrastructure, Principle 3 – accuracy/integrity and Principle 6 – adaptability, as almost half of the G-SIBSs reported material non-compliance on these Principles. Compared to the 2013/14 self-assessment results, many G-SIBSs continue to encounter difficulties in establishing strong data aggregation governance, architecture and processes. G-SIBSs reported that they often rely on manual workarounds in these activities.
Similar to the results of the 2013/14 self-assessment, many G-SIBSs failed to recognise that governance and infrastructure Principles are important prerequisites for facilitating compliance with the other Principles. Paragraph 26 of the Principles states that a strong governance framework, risk data architecture and IT infrastructure are in most cases, “preconditions to ensure compliance with the other Principles”. Additionally, Paragraph 35 of the Principles asserts that “meeting data aggregation Principles is necessary to meet reporting expectations”.
Indeed, on reading the report in detail, it becomes apparent that some of the G-SIBSs have tackled the ‘low hanging fruit’, but have made little progress on the Principles which require significant changes to their core data infrastructures. Consistent with the 2013/14 results, the G-SIBs identified Principle 2 (data architecture/IT infrastructure) as the most challenging. Only two G-SIBs reported compliance with the Governance Principle, and no G-SIBs fully comply with the Data Architecture and IT Infrastructure Principle. Of particular note, six G-SIBs downgraded their ratings for each of these Principles as compared with their self-assessment ratings from 2013/14.
Less than half of the G-SIBs (43%) rated themselves materially compliant with the data architecture and IT infrastructure Principle. Whilst seven rated themselves “2”, (materially non-compliant or needing significant actions to meet the requirement) for the Governance Principle, and more than half of the G-SIBs (57%) rated themselves a “2” for the data architecture and IT infrastructure Principle.
Several G-SIBS reported that they do not expect to achieve full compliance with these two Principles by the January 2016 deadline. In fact, the number of G-SIBs expected to miss the deadline for compliance has increased since 2013/14 self-assessment. At least nine G-SIBs do not expect to meet Principle 2 by January 2016, and three do not expect to meet Principle 1 by January 2016 (compared to eight and one, respectively, in 2013/14).
With respect to Principle 2, G-SIBs report the following needed action steps:
- Improving IT infrastructure so that more frequent data are available for certain risk areas (credit risk and liquidity risk);
- Process improvements to infrastructure so as to reduce reliance on manual workarounds and to automate aggregations;
- Simplifying current IT architecture and data flows across departments and legal entities to streamline the aggregation process and to enable quick aggregation of risk data during times of stress;
- Ensuring that consistent and integrated data taxonomies and dictionaries exist at the group level, and throughout the organization;
- Identifying and defining “data owners” to improve accountability.
With less than a year to the deadline it is clearly time for less talk and more action at the G-SIBSs. As the BCBS asserts that supervisory authorities should continue to actively exchange information on how they intend to facilitate compliance, or remedy non-compliance.
High quality risk management reports rely on the existence of strong risk data aggregation capabilities, and sound infrastructure and governance ensures the information flow from one to the other. There is value in data quality: If the G-SIBSs do not have the necessary infrastructure or expertise to remedy the deficiencies with the Principles, then they must turn to experienced consultants and data companies like RIMES who can guide them through the Principles and provide timely solutions to their data governance and data processing requirements.
There are clearly still data governance challenges within the industry, such as lack of standards, aggregation difficulties and data content which must be tackled urgently. For firms to satisfy the supervisory authorities for numerous regulations, it must be demonstrable that their data is accurate, appropriate and complete.
How RIMES can help
The RIMES Data Governance Service allows for the creation of a directory of data fed from both RIMES’ and the client’s systems. This directory will enable reports to be generated in support of the governance process. While governance is a journey each firm has to make in a large part by its own efforts, there is now a framework upon which firms can build and out of which they can generate their master report as well as control, usage and fund usage reports.
The Progress in adopting the principles for effective risk data aggregation and risk reporting, 23 January 2015 is available here.
The Principles for effective risk data aggregation and risk reporting, January 2013 is available here.
Progress in adopting the principles for effective risk data aggregation and risk reporting – Data Aggregation Table 2