Prior to the 2008 global financial crisis, “many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk-reporting practices.”1
The ultimate objectives for all stakeholders in a bank are continuity, stability and sustainable growth, through every economic cycle. It is unexpected events, and an inability to identify the impact of these events when they happen or to plan for the management of the consequences of such increased risk, that undermine these objectives. Strong management of risk across the enterprise – enterprise risk management (ERM) – is therefore an imperative and, at its most fundamental level, sound ERM requires access to quality data.
Fourteen principles to strengthen risk data aggregation and reporting
As part of its drive to improve risk management, the Basel Committee on Banking Supervision has drawn up 14 principles to strengthen banks’ risk data aggregation capabilities and internal risk-reporting practices. The principles apply to critical risk management data, including reference and transaction data. These principles are categorised under four key themes:
1. Overarching governance and infrastructure
2. Risk data aggregation capabilities
3. Risk-reporting capabilities
4. Supervisory review, tools and co-operation
All banks should take notice
While primarily focused on global systemically important banks (G-SIBs), ultimately the principles represent a high benchmark for the minimum standards expected of the wider banking community. Initially, only G-SIBs must meet these principles in full, by January 2016. Supervisory approaches are likely to include requiring self-assessments by G-SIBs against these expectations in 2013, with the goal of closing significant gaps before 2016. It is strongly suggested that national supervisors also apply these principles to banks identified as domestic systemically important banks (D-SIBs) by their national supervisors three years after their designation as D-SIBs. Furthermore, many regulators will, by extension, be looking to the other banks under their supervision to adopt similar best practices.
Cost versus benefit?
IT, treasury, finance and risk management functions within banks are under considerable pressure to improve the provision and use of management information, particularly from regulators. Meeting the avalanche of data requests has led to a significant amount of stress and an unwelcome diversion of scarce, skilled resources, all to resolve what is often perceived as an expensive short-term problem. But the reality is now dawning on many banks that this is no longer a transient issue, or a short-term cost, and these kinds of demands are going to continue to present themselves.
For those with a longer-term perspective, the answer is strategic investment in infrastructure and data management. Their objective is to provide the organisation with the ability to consolidate, aggregate and validate data from across the enterprise, and combine this with the ability to streamline and industrialise risk management across the enterprise. Some of the key benefits targeted by them include:
• Consistent standards of risk analysis
• Transparent governance and audit trails
• Centrally accessible data, not just risk data, but volumes data, perfor-mance data, migration data, point-in-time data, trend analysis, etc.
• Efficiency improvements
• Greater confidence in the overall quality of data held across the organisation
• Lower total costs of ownership and maintenance in data control and data infrastructure
• Greater ease and efficiency in meeting both internal and external reporting demands
• Better communication across business lines and geographical divisions
• Greater flexibility to respond to ad hoc or unexpected requirements.
The implementation of the principles by banks of any size will ensure a foundation for a more robust and scalable business model. In turn, adoption should not only facilitate the day-to-day management of an organisation, but also actively give rise to more sustainable long-term performance, and therefore better external recognition.
Read the Moody’s Analytics paper, Embedding risk data aggregation and reporting principles across the organization
For more information, please contact Moody’s Analytics.
1 Principles for effective risk data aggregation and risk reporting, Bank for International Settlements, January 2013
Download the article in PDF format.