The Basel Committee, which creates regulations for banks, has published a set of principles regarding effective risk data aggregation and risk reporting, which will provide a fantastic business case for risk professionals to improve their risk frameworks. I’ve included highlights below, but you can take a look at the full report here.
The principles for effective risk data aggregation and risk reporting will be mandatory for globally systemically important banks (G-SIBs) from 2016, and the Basel Committee recommends that national regulators make them mandatory for domestically systemically important banks (D-SIBs). There are currently 29 G-SIBs, and D-SIBs will probably be the top four or five largest and/or most complex banks in each country. Beyond this, I believe the principles in the Basel document will become an industry standard by which all banks will be assessed by institutional investors and during due diligence processes for mergers and acquisitions.
The Basel Committee’s principles cover four closely related topics, and are common sense, though not easily attainable:
• Overarching governance and infrastructure
• Risk data aggregation capabilities
• Risk reporting practices
• Supervisory review, tools and cooperation
A couple excerpts from the report that will resonate with most practitioners explain why the principles are necessary. These explanations will come in handy as ‘I-told-you-so’ introductions to many a business case for the next steps in enterprise/integrated risk management frameworks and in business analytics at group level (because it’s ultimately the board and senior management that own this challenge):
• Ensure that management can rely with confidence on the information to make critical decisions about risk.
• Accurate, complete and timely data is a foundation for effective risk management. However, data alone does not guarantee that the board and senior management will receive appropriate information to make effective decisions about risk. To manage risk effectively, the right information needs to be presented to the right people at the right time. Risk reports based on risk data should be accurate, clear and complete. They should contain the correct content and be presented to the appropriate decision-makers in a time that allows for an appropriate response.
Other elements within the principles that point to some solid professional challenges are:
• Supervisors observe that making improvements in risk data aggregation capabilities and risk reporting practices remains a challenge for banks, and supervisors would like to see more progress
• These risk reporting capabilities should also allow banks to conduct a flexible and effective stress testing which is capable of providing forward-looking risk assessments
• When expert judgment is applied, supervisors expect that the process be clearly documented and transparent
• A bank’s board and senior management should promote the identification, assessment and management of data quality risks as part of its overall risk management framework.
• A bank’s risk data aggregation capabilities and risk reporting practices should be fully documented and subject to high standards of validation.
• Capabilities to incorporate new developments on the organisation of the business and/or external factors that influence the bank’s risk profile
• Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated
The Basel principles for effective risk data aggregation and risk reporting might not look 100% practical for inclusion in the real world, as opposed to a wish-list paper exercise, but at SecondFloor we believe it creates the right mindset.
The list of globally systemically important banks, it is created by the Financial Stability Board, and can be found at: http://www.financialstabilityboard.org/publications/r_121031ac.pdf. This latest list was created in Nov 2012 and will be updated again in Nov 2013.