implementing bcbs 239 rdarr
TRANSCRIPT
IMPLEMENTING BCBS-239
Presented by:
MUHAMMAD ZAHIDMobile:00966 50 153 5985,
**Disclaimer: Views expressed in this presentation are of the presenter only.Copyrights reserved
2
BCBS-239 Related Questions & Challenges1. Does risk data aggregation apply only to internal reports or also to the
regulatory reports as well? 2. Focused on automating the reports only or more on integrating them? 3. A one-off compliance exercise or an investment for the future?4. To what extent have regulators been engaged in this exercise, enabling the
banks to comply with the BCBS-239 Requirements? 5. Does BCBS-239 provide a standard implementation roadmap & benchmarks,
enabling the banks to measure their compliance level or is it all judgmental? 6. Does BCBS-239 draw out some target state for the banks in terms of their
business model & risk profile? 7. Have the progress documents (ie BCBS-268, 308 & 348) measured and
mapped the implementation progress around some pre-defined themes? 8. How far is the ‘BCBS Committee’ confident that earnest implementation of
these principles by G-SIBs & D-SIBs will enable banks to withstand the ‘future financial crises’?
Start:Adoption of 11
Principles Underlying themes Current state of play
End:Totally Integrated-
Automated Environment
Risk management
capabilities
Data management
capabilities
RDAcapabilities
Risk reportingcapabilities
Capa
biliti
esTh
emes
Prin
cipl
es /
Fr
amew
orks
Overarching- Governance- IT infrastructure- Architecture
Risk Data Aggregation- Accuracy & Integrity- Completeness & Timeliness- Adaptability
Risk Reporting- Accuracy- Clarity & Usefulness- Frequency & Distribution
Speed & Confidentiality
RDA themes
Automation & Adaptation
TransparencyReconciliation & Validation
FlexibilityMateriality
4
Why Themes….?• RDA Principles are very high level and generic.
• To build a strong connection between the principles and the actual working pattern of the enterprise.
• Themes have been worked out to communicate the essence of principles to the risk, business, data, finance and technology functions across the organization.
• Proposed six Themes enable us to lever the understanding of the principles down to the respective function level.
5
6-Speed & Confidentiality
RDA themes
5-Automation & Adaptation
4-Transparency
3-Reconciliation & Validation
2-Flexibility
1-Materiality
RDA Themes & Principles Mapping…
4-Completenesss8-Comprehensiveness
9-Clarity & Usefulness
7-Accuracy
1-Governance2-Data Architecture & IT Infrastructure3-Accuracy & Integrity
5-Timeliness6-Adaptability
10-Frequency11-Distribution
RDA Principles
Defined in silos or in an integrated environment
Empowering the management/board to make decisions with right level of information
Controlled level of errors & ambiguities
Moving from black box analytics towards open box & transparent analytics environment
Resilience in organization to any emerging scenarios
Information available on Timely & Need to know basis within near zero time lapse
Themes Explained
6
(f) Speed & Confidentiality
RDA themes
(e) Automation & Adaptation
(d) Transparency
(c) Reconciliation & Validation
(b) Flexibility
(a) Materiality
BCBS-239 Principles
(1-11) ~Basel Framework
~Maturity Models
CapabilitiesRisk M
anagement
Data Managem
ent Risk Data Aggregation Risk Reporting
Capabilities enabling the
achievement of
Target State
Principles enabling the
achievement of Target State
6
Risk Data Aggregation Themes…
7
BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)
Major Themes emerging from
BCBS-239 Principles
(a) Materiality
(b) Flexibility
(c) Reconciliation and Validation
(d) Transparency
(e) Automation & Adaptation
(f) Speed & Confidentiality
Situation Driven Arrangements
Defined in siloed environment
External interventions(through vendors/consultants for reporting changes)
Disparate Repositories
Black Box Analytics
Manual
Batch-based Reporting
Confidential information bypassed from the reports
Interim Arrangements (centralization)
Framework based definitions
Power-user configurable rule
based model
On-demanddrill-down
Clarity
Single data pool (for all operating units ie
branches, regions and HO)
Automated monthly/quarterly
ReportingAutomated daily
batch-based reporting
Totally Integrated-Automated Environment
Systems & Frameworks integrated with the evolving business model and risk profile
End user configurable reporting/Self service BI
Risk Aggregation (ie Economic Capital)
Model review, validation, monitoring and mitigation based on near real inputs, enabling
current/forward looking Risk Intelligence
Clarity and Robustness
Near-Continuous automated and on-demand reporting
Unification of Risk & Accounting Data
Confidential information duly included in the reports and confidentiality of reports ensured
Current State
Target State
8
Totally Integrated-Automated Environment
• Systems & Frameworks integrated with the evolving business model and risk profile
• End user configurable reporting• Risk Aggregation (ie Economic Capital)
• Model reviews, validation, monitoring and risk mitigation based on near real inputs, enabling Risk Intelligence
• Clarity and Robustness
• Near-Continuous automated and on-demand reporting• Unification of Risk & Accounting Data• Confidential information duly included in the reports and
confidentiality of reports ensured
Benchmarks Development
Involves intensive effort to align Benchmarks with the business model and the risk profile of the bank.
These benchmarks become the yardstick to measure the level of compliance.
TARGET STATE VISUALISATION THROUGH THE BENCHMARKS
9
BENCHMARKS LINKED WITH THE TARGET STATE
• Framework/Strategy• Policies• Integrated Risk
Processes• Integrated Risk Data• Integrated Risk
Systems
Infrastructural Maturity Parameters
• Ongoing Processing• Exceptions
(Regulatory, Audit, Policy etc)
• Loss Events
Processing & Controls Maturity
Parameters
BCBS-239Principles
Requirements(87)
Interpretation/Understanding
10
• Framework/Strategy• Policies• Integrated Risk
Processes• Integrated Risk Data• Integrated Risk
Systems
Infrastructural Maturity
Parameters
• Ongoing Processing• Exceptions
(Regulatory, Audit, Policy etc)
• Loss Events
Processing & Controls Maturity
Parameters
BENCHMARKS LINKED WITH THE TARGET STATE
*
Documentation
Coverage
Quality
*Documentation
Coverage
Quality
Compliance Levels
Each point assessed against…
Each point assessed against…
BenchmarksInventory for
Integrated-Automated Environment
4-Fully Compliant
3-Largely Compliant
2-Materially
Non-Compliant
1-Non Compliant
* Each of these parameter to be assessed against the three sub-parameters (ie Documentation, Coverage & the Quality)
Benchmarks Working Sheet BenchmarksInventory for
Integrated-Automated Environment
11
Principles(2) Requirements
RDA Team Interpretation
--Description of
Interpretation in terms of
Risk/Compliance
Capability Maturity Parameters, Benchmarks & Validation Infrastructural Execution Oriented
(1-5) (6-7)
Level of Compliance
Framework/s(Strategy)
Policy/ies Process/es Risk Data System/sOngoing
Processing & Execution
Exceptions/Risk-Loss Events
Data architecture and IT infrastructure – A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles.
33. A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.
34. Roles and responsibilities should be established as they relate to the ownership and quality of risk data and information for both the business and IT functions. The owners (business and IT functions), in partnership with risk managers, should ensure there are adequate controls throughout the lifecycle of the data and for all aspects of the technology infrastructure. The role of the business owner includes ensuring data is correctly entered by the relevant front office unit, kept current and aligned with the data definitions, and also ensuring that risk data aggregation capabilities and risk reporting practices are consistent with firms’ policies.
2. Data architecture and IT infrastructure 1 2 3 4 5 6 7
19 Data taxonomies 1-Integrated data taxonomies across the banking group
a-Meta Data
b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts2-Integrated data architecture across the banking group
a-Meta Data
b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts
Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1
Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1
Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1
Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1
Quality: 1 Quality: 1 Quality: 1 Quality: 1 Quality: 0 Quality: 1 Quality: 1
Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 0 Benchmark: 1 Benchmark: 1
Example Sheet
Corporate Banking
Treasury &
InvestmentsRetail
Banking
Finance
HR
Risk Management
Ope
ratio
ns
BT
12
IntegrationAutomation
Aggregation
Risk Management Framework & Risk Strategies
Risk Management
Policies (#)
Risk Management
Process (#)
--Data Items (Data Dictionary) promptly
mapped to the Glossary of Business Concepts
--Data Maturity Models--Utilization
Integrated Platform of Risk
Systems
Processing of risk management constantly reviewed & Enhanced on
ongoing basis
Risk of Losses and Exceptions
constantly monitored & managed
Market Risk
Ops Risk
OtherRisks
Credit Risk
CRO Dashboard
Integrated Data/Information
Policies
Integrated Systems
Integrated Processes
Ongoing Processing
Exceptions & Losses
Frameworks/Strategies
Integrated Automation
Totally
Materiality
Transparency
Automation &
Adaptation
FlexibilityReconcili
ation &
Validation
Spee
d &
Confi
denti
ality
Totally Integrated–Automation…
1-Business/Risk Areas
3-Parameters/Modules
2-Themes
13
Totally Integrated-Automated Environment
1 2 3 4
12
34
Integration
Automation
HI-HA
HI-LA
LI-HA
LI-LA
4
3
2
1
Benchmark
s
Inventory
for
Integrated
-Automate
d
Envir
onment
20132.55
20152.65 Approx.
2016 & beyond?
Overall G-SIBSProgress of Results
2015
20142.58
LA-Low AutomationHA-High Automation
LI-Low IntegrationHI-High Integration
FullIntegration
FullAutomation
BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)
RDARR Capabilities
Capabilities
Risk Management Capabilities
Able to …..-Identify & Assess Risk-Quantify & Manage Risk- Control & Monitor Risk- Report the Risk
Infrastructure & Data Management Capabilities
Able to ….- Identify & Describe Data- Stage & Store Data- Provide & Share Data- Integrate & Move Data- Govern & Manage Data
Risk Data Aggregation Capabilities
Able to….-Have global consolidated - view of data - view of exposure - view of risk- Adapt to the emerging scenarios
Risk Reporting Capabilities
Able to provide:- dynamic & multi-dimensional view of risk analytics- scenario based and action oriented analytics- entity plus group wide view of risk analysis- top down and bottom up risk steering
START
Situation Driven Arrangements
Interim Arrangements
Totally Integrated-Automated Environment
14
BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)
START
Situation Driven Arrangements
Interim Arrangements
Totally Integrated-Automated Environment
15
Principles/ Frameworks
Risk Management Capabilities
Infrastructure & Data Management Capabilities
Risk Data AggregationCapabilities Risk Reporting
Capabilities
Principles
/Framewor
ks
Risk Governance Data Governance Aggregation Governance Reporting Governance
Principles
/Framewor
ks
Risk - IT Infrastructure Data - IT Infrastructure
Aggregation - IT Infrastructure Reporting - IT Infrastructure
Risk Architecture Data Architecture RDA Architecture Reporting Architecture
Basel Principles of Sound Risk Management& Corporate Governance
DAMA
Data Management Maturity (DMM) Model
Data Management Capability Assessment
(DCAM) Model
….
Accuracy & Integrity Accuracy Completeness Comprehensiveness
Timeliness Clarity & Usefulness Adaptability Frequency
Distribution
EMBEDDING INTO BIGGER REPORTING FRAMEWORK
16
Basic Cubes‘Input Layer’
Data Dictionary
Smart Cubes‘Output Layer’
Aggregated
Bank, Regulatory, National Needs
Templates
Aggregation
Loans Securities
Integrated Data Dictionary
Others
https://www.bis.org/ifc/events/ifc_isi.../010_turner_presentation.pdf
17Consumers Devil lies in Data
CHANGE NEEDS TO BE REAL….
18
1. Internal reports need to be covered comprehensively encompassing the regulatory content as well.
2. Focused on integrating & automating the reports. 3. An investment for the future.4. Regulators need to be intensively engaged in this exercise.5. BCBS-239 being a principle-based requirement does not provide a standard
implementation roadmap & benchmarks and thus leave it to the banks.6. BCBS-239 does not draw out target state for the banks and leaves it to them in
terms of their business model & risk profile? 7. Progress documents (ie BCBS-268, 308 & 348) does not reflect the themes to
be followed. 8. Low score on the part of banks is a cause of concern to withstand the ‘future
financial crises’
BCBS-239 Related Questions & Challenges - Our answer..
19