Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Financial Markets

Risk Data Aggregation

advertisement 
Risk Data Aggregation
AHMAD EL RADI
METAC BANKING SUPERVISION ADVISOR
BEIRUT, LEBANON
JUNE 2-4, 2015
Risk Data Aggregation

One of the most significant lessons learned from the global
financial crisis that began in 2007 was that banks’ information
technology (IT) and data collection were inadequate to
support the broad management of financial risks.

Many banks lacked the ability to aggregate risk exposures and
identify concentrations quickly and accurately at the bank
group level, across business lines and between legal entities.

This had severe consequences on the banks themselves and
on the stability of the financial system as a whole.
2
Risk Data Aggregation

Basel Committee on Banking Supervision issued in
January 2013 a set of principles to strengthen banks’ risk
data aggregation and consolidation and internal risk
reporting practices.

Implementing these principles is expected to enhance risk
management and decision-making processes at bank’s
group level.
3
Risk Data Aggregation

Risk data aggregation is an important process in
consolidated and cross-border supervision.

This necessitates defining, gathering and processing risk
data of a parent bank and its subsidiaries and affiliates, and
having access on all information and data for controlling
banking group risks.
4
Risk Data Aggregation

Risk data collection and aggregation requires clear policy
and procedures that banking group should follow in order
to have overview on the group’s risks. Adopting these
policy and procedures will:

enhance the flow of reporting key information,
particularly that used by the board and senior
management to identify, monitor and manage risks;
 Improve
the decision-making process throughout the
banking group;
5
Risk Data Aggregation
 Enhance
the management of information across legal
entities, while facilitating a comprehensive assessment of
risk exposures at a consolidated level;
 Reduce
the probability and severity of losses resulting
from risk management weaknesses;
6
Risk Data Aggregation
 Improve
the speed at which information is available and
hence, decisions can be made on timely basis; and

7
Improve the group’s quality of strategic planning and the
ability to manage risks on a consolidated level.
Risk Data Aggregation
A bank should have in place:




a strong governance framework,
risk data architecture and
IT infrastructure.
In particular, a bank’s board should oversee senior
management’s ownership of implementing risk data
aggregation and risk reporting procedures to meet the
bank’s strategy.

8
Risk Data Aggregation

Banks should develop forward looking reporting system to
provide early warnings of any potential breaches of risk limits
on a stand alone as well as on a consolidated basis that may
exceed the bank’s risk tolerance/appetite.

The risk reporting system should also allow banks to conduct
a flexible and effective stress testing which is capable of
providing forward-looking risk assessments.

Supervisors expect risk management reports to enable banks
to anticipate problems and provide a forward looking
assessment of risk.
9
Governance and Infrastructure

A bank’s board and senior management should review
and approve the bank’s group risk data aggregation and
risk reporting framework and ensure that adequate
resources are deployed to ensure timely information and
data flow.
10
Governance and Infrastructure

A bank’s risk data aggregation and risk reporting practices
should be:

Fully documented and subject to high standards of validation.

Commensurate and appropriate for the bank's group risk
profile.
11
Governance and Infrastructure

A bank’s senior management should:

Be fully aware of and understand the limitations that prevent
full risk data aggregation, in terms of coverage (e.g. risks not
captured or subsidiaries not included), or in legal terms (legal
impediments to data sharing across jurisdictions).
12
Governance and Infrastructure

Ensure that the bank’s IT plan includes ways to improve risk
data aggregation capabilities and risk reporting practices and to
remedy any shortcomings.

IT plan should also identify data critical to risk management
and IT infrastructure, and support it through the allocation of
appropriate levels of financial and human resources.
13
Governance and Infrastructure

A bank’s board of directors is responsible for determining
its own risk reporting requirements and should be aware
of limitations that prevent full risk data aggregation in the
reports it receives.
14
Risk Data Aggregation Capabilities

A bank should be able to generate accurate and reliable
risk data to meet normal and stress/crisis reporting
accuracy requirements. Data should be aggregated on a
largely automated basis so as to minimize the probability
of errors.
15
Risk Data Aggregation Capabilities

Risk data should be reconciled with bank’s sources,
including accounting data where appropriate, to ensure
that the risk data is accurate.

A bank’s risk personnel should have sufficient access to
risk data to ensure they can appropriately aggregate,
validate and reconcile the data to risk reports, and hence
effectively manage the banking group’s risks.
16
Risk Data Aggregation Capabilities

There should be an appropriate balance between
automated and manual systems. Where professional
judgments are required, human intervention may be
appropriate. For many other processes, a higher degree of
automation is desirable to reduce the risk of errors.
17
Risk Data Aggregation Capabilities

Supervisors expect banks to document and explain all of their
risk data aggregation processes whether automated or manual.

Documentation should include an explanation of the
appropriateness of any manual workarounds, a description of
their criticality to the accuracy of risk data aggregation and
proposed actions to reduce their impact.
18
Risk Data Aggregation Capabilities

Supervisors expect banks to measure and monitor the
accuracy of data and to develop appropriate escalation
channels and action plans to be in place to rectify poor
data quality.
19
Risk Data Aggregation Capabilities

The bank should be able to capture and aggregate all
material risk data across the banking group including
those that are off-balance sheet.

Data should be available by business line, legal entity,
asset type, industry, region and other groupings, as
relevant for the risk in question, that permit identifying
and reporting risk exposures, concentrations and
emerging risks at a group’s wide level.
20
Risk Data Aggregation Capabilities

Supervisors expect banks to produce aggregated risk data
that is complete and to measure and monitor the
completeness of their risk data.

Where risk data is not entirely complete, the impact
should not be critical to the bank’s ability to manage its
risks effectively.

Supervisors expect banks’ data to be materially complete,
with any exceptions identified and explained.
21
Risk Data Aggregation Capabilities

A bank should be able to generate aggregate and up-todate risk data in a timely manner while also meeting the
accuracy and integrity, completeness and adaptability of
this data.

The precise timing will also depend on the bank-specific
frequency requirements for risk management reporting,
under both normal and stress/crisis situations, based on
the characteristics and overall risk profile of the bank.
22
Risk Data Aggregation Capabilities

Critical risks include but are not limited to:

(a) The aggregated credit exposure to a large corporate borrower;

(b) Counterparty credit risk exposures;

(c) Trading exposures, positions, operating limits, and market concentrations by
sector and region data;

(d) Liquidity risk indicators such as cash flows/settlements and funding;

(e) All data to compute LCR and NSFR; and

(f) Operational risk indicators that are time-critical (e.g. systems availability,
unauthorized access).
23
Risk Data Aggregation Capabilities

A bank should be able to generate aggregate risk data to
meet a broad range of on-demand, ad hoc risk
management reporting requests, including requests during
stress/crisis situations, requests due to changing internal
needs and requests to meet supervisory queries.
24
Risk Data Aggregation Capabilities

Supervisors expect banks to be able to generate and split
data based on requested scenarios or resulting from
economic events.

For example, a bank should be able to aggregate risk data
quickly on country credit exposures at a specified date
based on a list of countries, as well as on industry credit
exposures based on a list of industry types across all
business lines and geographic areas.
25
Risk Reporting Practices

To manage risk effectively, the right information needs to
be presented to the right people at the right time.

Risk reports based on risk data should be accurate, clear
and complete.

They should contain the correct information and be
presented to the appropriate decision-makers in a time
that allows for an appropriate response.
26
Risk Reporting Practices

To effectively achieve their objectives, risk reports should
comply with the following:

Risk management reports should be accurate and precise to
ensure a bank’s board and senior management can rely with
confidence on the aggregated information to make critical
decisions about risk .
27
Risk Reporting Practices

To ensure the accuracy of the reports, a bank should
maintain, at a minimum, the following:

(a) Defined requirements and processes to reconcile reports
to risk data;

(b) Integrated procedures for identifying, reporting and
explaining data errors or weaknesses in data integrity.
28
Risk Reporting Practices

Supervisors expect that a bank’s senior management is
able to obtain data on timely basis for both regular and
stress/crisis reporting, including critical position and
exposure information.

Supervisors expect banks to consider accuracy
requirements similar to accounting materiality. For
example, if omission or misstatement could influence the
risk decisions of users, this may be considered material.
29
Risk Reporting Practices

Risk management reports should include exposure and
position information on consolidated basis for all
significant risk areas (e.g. credit risk, market risk, liquidity
risk, operational risk) and all significant components of
those risk areas (e.g. single name, country and industry
sector for credit risk.
30
Risk Reporting Practices

Reports should identify emerging risk concentrations, provide
information in the context of limits and risk appetite/tolerance and
propose recommendations for action where appropriate.

Risk reports should include the current status of measures agreed by the
board or senior management to reduce risk or deal with specific risk
situations. This includes providing the ability to monitor data trends
through forward-looking forecasts and stress.
31
Risk Reporting Practices

A consolidated risk report should include, but not be
limited to, the following information:
o
o
o
o
o
o
o
o
o
32
capital adequacy,
regulatory capital,
credit risk,
market risk,
operational risk,
liquidity risk,
stress testing results,
risk concentrations,
and funding positions and plans.
Risk Reporting Practices

Supervisors expect that risk management reports to the
board and senior management provide a forwardlooking assessment of risk and should not just rely on
current and past data.

The reports should contain forecasts or scenarios for key
market variables and the effects on the bank so as to
inform the board and senior management of the likely
trend of the bank’s capital and risk profile in the future.
33
Risk Reporting Practices

Risk management reports should communicate
information on consolidated basis in a clear and concise
manner.

Reports should be easy to understand yet comprehensive
enough to facilitate informed decision-making.
Reports should include meaningful information tailored

to the needs of the recipients.
34
Risk Reporting Practices

Reports should include an appropriate balance between risk
data, analysis and interpretation, and qualitative explanations.

The balance of qualitative versus quantitative information will
vary at different levels within the bank and will also depend on
the level of aggregation that is applied to the reports.

Higher levels in the bank, more aggregation is expected and
therefore, a greater degree of qualitative interpretation will be
necessary.
35
Risk Reporting Practices

The bank’s board is responsible for determining its own
risk reporting requirements and complying with its
obligations to shareholders and other relevant
stakeholders.

The board should ensure that it is asking for and receiving
relevant information that will allow it to fulfill its
governance mandate relating to the bank and the risks to
which it is exposed. This will allow the board to ensure it
is operating within its risk tolerance/appetite.
36
Risk Reporting Practices

The board should alert senior management when risk
reports do not meet its requirements and do not provide
the right level and type of information to set and monitor
adherence to the bank’s risk tolerance/appetite.

The board should indicate whether it is receiving the right
balance of detail and quantitative versus qualitative
information.
37
Risk Reporting Practices

Senior management is also a key recipient of risk reports
and it is responsible for determining its own risk
reporting requirements.

Senior management should ensure that it is receiving
relevant information that will allow it to fulfill its
management mandate relative to the bank and the risks
to which it is exposed.
38
Risk Reporting Practices

Supervisors expect that risk reports will be clear and
useful. Reports should reflect an appropriate balance
between detailed data, qualitative discussion, explanation
and recommended conclusions.

Supervisors expect a bank to confirm periodically that
the information aggregated and reported is relevant and
appropriate, in terms of both amount and quality, the
governance and decision-making process.
39
Risk Reporting Practices

The board and senior management (or other recipients as
appropriate) should set the frequency of risk management
report production and distribution.

Frequency requirements should reflect the needs of the
recipients, the nature of the risk reported, and the speed, at
which the risk can change, as well as the importance of
reports in contributing to sound risk management and
effective and efficient decision-making across the bank.

The frequency of reports should be increased during times of
stress/crisis.
40
Risk Reporting Practices

A bank should routinely test its ability to produce accurate
reports within established timeframes, particularly in
stress/crisis situations.

Supervisors expect that in times of stress/crisis all relevant and
critical credit, market and liquidity position/exposure reports
are available on consolidated basis within a very short period
of time to react effectively to evolving risks.

Some position/exposure information may be needed
immediately (intraday) to allow for timely and effective
reactions.
41
Risk Reporting Practices

Risk management reports should be distributed to the
relevant parties while ensuring confidentiality is
maintained.

Procedures should be in place to allow for rapid
collection and analysis of risk data and timely
dissemination of reports to all appropriate recipients.

Supervisors expect a bank to confirm periodically that
the relevant recipients in the bank receive timely reports.
42
Supervisory Review and Tools

Supervisors should:

Have and use the appropriate tools and resources to require
effective and timely remedial action by a bank to address
deficiencies in its risk data aggregation capabilities and risk
reporting.

Have the ability to use a range of tools, including Pillar 2
ICCAP and SREP.

Require effective and timely remedial action (s) by a bank to
address deficiencies in its risk data aggregation capabilities and
risk reporting practices and internal controls(to be explained
in ICAAP reports).
43
Supervisory Review and Tools
 Have
a range of tools at their disposal to address material
deficiencies in a bank’s risk data aggregation and reporting
capabilities.
 Such




44
tools may include, but are not limited to:
requiring a bank to take remedial action;
increasing the intensity of supervision;
requiring an independent review by a third party, such as
external auditors; and
the possible use of capital add-ons.
Supervisory Review and Tools
 Be
able to set limits on a bank’s risks or the growth in
their activities where deficiencies in risk data aggregation
and reporting are assessed as causing significant
weaknesses in risk management capabilities.
45
Supervisory Review and Tools

When a supervisor requires a bank to take remedial
action, the supervisor should set a timetable for
completion of the action.

Supervisors should have escalation procedures in place to
require more stringent or accelerated remedial action (s)
in the event that a bank does not adequately address the
identified deficiencies.
46
Supervisory Review and Tools

Supervisors should cooperate with relevant supervisors
in other jurisdictions regarding the collection of
consolidated data related to the same banking group.

Effective cooperation and appropriate information sharing
between the home and host supervisory authorities
should contribute to the robustness of a bank’s risk
management practices across a bank’s operations in
multiple jurisdictions.
47
Supervisory Review and Tools

Cooperation can take the form of sharing of information
within the constraints of applicable laws, as well as
discussion between supervisors on a bilateral or
multilateral basis (e.g. through colleges of supervisors),
including, but not limited to, regular meetings.
Communication by conference call and emails may be
particularly useful in tracking required remedial actions.
48
Supervisory Review and Tools

Supervisors should discuss their experiences regarding the
quality of risk data aggregation capabilities and risk reporting
practices in different parts of the group.

This should include any impediments to risk data aggregation
and risk reporting arising from cross-border issues and also
whether risk data is distributed appropriately across the group.
Such exchanges will enable supervisors to identify significant
concerns at an early stage and to respond promptly and
effectively.
49
Implementation of Risk Data Aggregation
and Risk Reporting by SIBs

Many SIBs still rely on manual work in aggregating risk
data, yet they:



50
Apply appropriate control;
Establish data quality standard;
Emphasize on high-impact risk data in the remedy process of
cross-border banks.
Implementation of Risk Data Aggregation
and Risk Reporting by SIBs

Strategies for implementing risk data aggregation and reporting:

Developing IT infrastructure to aggregate a broader range of risk data
automatically and reduce reliance on manual workarounds;

Automating data quality controls and improving reporting capabilities
associated with group-wide stress testing;

Improving systems to monitor and enforce credit limits status across
risk types and products;

Reconciling data between risk and finance, using appropriate governance
structure;
51
Implementation of Risk Data Aggregation
and Risk Reporting by SIBs

Establishing data collection channels, processes and procedures that
encompass the development of common classification and reference
data so as to facilitate data aggregation in times of stress/crisis;

Enhancing data aggregation capabilities to consolidate data from
branches and subsidiaries operating in other jurisdictions and, more
generally, developing consolidated data stores for credit, market and
operational risks to expedite risk reporting and easier reconciliation
of risk data;
52
Implementation of Risk Data Aggregation
and Risk Reporting by SIBs

Implementing programs aimed at meeting Basel III regulatory
requirements; and

Providing appropriate access to sufficient staff with expert
knowledge of risk control functions and data so they are able
to process ad-hoc data report requests.
53
Supervisory Responsibilities

Supervisors should set principles and requirements for
risk data aggregation and reporting;

Discuss with SIBs in the first stage on how to implement
these principles and requirements and agree on a timeframe to implement them;
54
Supervisory Responsibilities

Ensure that the senior management and board of directors are
directly involved in assessing progress in implementation and
identifying any obstacles for full implementation of risk data
aggregation;

Continue to actively exchange information on how they intend
to facilitate compliance or the remedy of non-compliance.
55
THANK YOU
56
Related documents
Council Summary of RDA Principles
Council Summary of RDA Principles
All-Atom Level Computational Study of Peptide Aggregation
All-Atom Level Computational Study of Peptide Aggregation
"Spatial stagewise aggregation with applications to regression and
"Spatial stagewise aggregation with applications to regression and
attachment_id=415
attachment_id=415
Chapter 5 Notes
Chapter 5 Notes
5.Learning Cell
5.Learning Cell
Senior Supervisors Group
Senior Supervisors Group
senior supervisors group
senior supervisors group
Download
advertisement