Risk Managers and Risk Architects were enjoying a slow beginning to the year when the
Basel Committee decided to release a new directive of risk data aggregation and risk reporting. Sure enough, no organization had in earnest thought of the right architecture for risk reporting.
So while the new directive did set the scene for additional requirements, it also created the opportunity to address the shortcomings that exist in the areas of risk data. Banks do differ in their current environment but the ultimate goal becomes the same:
To achieve a single source of truth for all risk measures that can be depended upon.
The committee set a total of 14 principles that can be grouped into 4 main areas:
- Governance and Architecture
- Risk Data Aggregation
- Risk Reporting
- Supervisory Review
The Governance and Architecture section makes it clear that the ownership of the quality of the information provided is ultimately the board responsibility, advocating a top down approach with projects being under the sponsorship of board members
and senior executives. IT infrastructure and data architecture should be the reflection of this commitment at the highest level.
Risk Data Aggregation provides us with a second set of principles that emphasizes the need for accuracy and integrity as being paramount. It also provides us with a way to achieve this with the introduction of the single source of data for each risk
type. Completeness and timeliness are two important elements to be considered as time to information becomes critical in times of stress. Adaptability is enshrined with the ability to move quickly and identify changing conditions.
There comes a more obvious set of requirements illustrated in the 3rd component, the
Risk Reporting section. The data provided needs to be accurate, clear and complete. Again the regulatory provides some pointers on how to achieve this through “reconciled and validated” reports. This needs to be comprehensive for all material risks ensuring
that no stones are left unturned. Clarity and usefulness are to be prescribed, it no longer is sufficient to drown your board in data. Finally frequency and access should be provided to ensure stakeholders are able to access the information of interest to
them at the right time.
As with principle base legislation, the “how to” is as important as the numerical output or report at the end of the process. The final set of guidelines around the
Supervisory Review highlight the concern of the implementation of regulations that shy away from a one-size-fit-all approach to provide instead some guiding principles. What is clear, therefore, is that the banks need to be more proactive in engaging
with their regulatory bodies to ensure an agreement on the target end state and the mean to achieve these.
Once again, the regulation provides us with a long to-do list of principles. In the next blog, I will identify the characteristic of an architecture that represents the best way to address these requirements. These projects are transformational but some
financial institutions are already walking down this road of successful transformation and reaping some early benefits.