Data & Analytics
IMPLEMENTING BCBS-239 WITHIN A D-SIB
IMPLEMENTING BCBS-239Presented by:MUHAMMAD ZAHIDMobile:00966 50 153 5985, [email protected]
**Disclaimer: Views expressed in this presentation are of the presenter only.Copyrights reserved
BCBS-239 Related Questions & ChallengesDoes risk data aggregation apply only to internal reports or also to the regulatory reports as well? Focused on automating the reports only or more on integrating them? A one-off compliance exercise or an investment for the future?To what extent have regulators been engaged in this exercise, enabling the banks to comply with the BCBS-239 Requirements? Does BCBS-239 provide a standard implementation roadmap & benchmarks, enabling the banks to measure their compliance level or is it all judgmental? Does BCBS-239 draw out some target state for the banks in terms of their business model & risk profile? Have the progress documents (ie BCBS-268, 308 & 348) measured and mapped the implementation progress around some pre-defined themes? How far is the BCBS Committee confident that earnest implementation of these principles by G-SIBs & D-SIBs will enable banks to withstand the future financial crises?
Start:Adoption of 11 PrinciplesUnderlying themesCurrent state of playEnd:Totally Integrated- Automated Environment
Risk management capabilitiesData management capabilitiesRDAcapabilitiesRisk reportingcapabilities
Principles / FrameworksOverarching- Governance- IT infrastructure- ArchitectureRisk Data Aggregation- Accuracy & Integrity- Completeness & Timeliness- AdaptabilityRisk Reporting- Accuracy- Clarity & Usefulness- Frequency & Distribution
Speed & ConfidentialityRDA themesAutomation & AdaptationTransparencyReconciliation & ValidationFlexibilityMateriality3
4Why Themes.?RDA Principles are very high level and generic.
To build a strong connection between the principles and the actual working pattern of the enterprise.
Themes have been worked out to communicate the essence of principles to the risk, business, data, finance and technology functions across the organization.
Proposed six Themes enable us to lever the understanding of the principles down to the respective function level.
6-Speed & ConfidentialityRDA themes5-Automation & Adaptation4-Transparency3-Reconciliation & Validation2-Flexibility1-MaterialityRDA Themes & Principles Mapping54-Completenesss8-Comprehensiveness9-Clarity & Usefulness7-Accuracy1-Governance2-Data Architecture & IT Infrastructure3-Accuracy & Integrity5-Timeliness6-Adaptability10-Frequency11-DistributionRDA PrinciplesDefined in silos or in an integrated environmentEmpowering the management/board to make decisions with right level of informationControlled level of errors & ambiguitiesMoving from black box analytics towards open box & transparent analytics environmentResilience in organization to any emerging scenariosInformation available on Timely & Need to know basis within near zero time lapseThemes Explained
6(f) Speed & ConfidentialityRDA themes(e) Automation & Adaptation(d) Transparency(c) Reconciliation & Validation(b) Flexibility (a) MaterialityBCBS-239 Principles (1-11) ~Basel Framework~Maturity Models
CapabilitiesRisk Management Data Management Risk Data Aggregation Risk ReportingCapabilities enabling the achievement of Target StatePrinciples enabling the achievement of Target State
6Risk Data Aggregation Themes
BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)
Major Themes emerging from BCBS-239 Principles (a) Materiality
(b) Flexibility(c) Reconciliation and Validation (d) Transparency(e) Automation & Adaptation(f) Speed & Confidentiality
Situation Driven Arrangements
Defined in siloed environmentExternal interventions(through vendors/consultants for reporting changes)
Black Box Analytics
Confidential information bypassed from the reports
Interim Arrangements (centralization)Framework based definitionsPower-user configurable rule based model On-demanddrill-down
ClaritySingle data pool (for all operating units ie branches, regions and HO)
Automated monthly/quarterly Reporting
Automated daily batch-based reporting
Totally Integrated-Automated Environment
Systems & Frameworks integrated with the evolving business model and risk profileEnd user configurable reporting/Self service BIRisk Aggregation (ie Economic Capital)Model review, validation, monitoring and mitigation based on near real inputs, enabling current/forward looking Risk IntelligenceClarity and RobustnessNear-Continuous automated and on-demand reportingUnification of Risk & Accounting Data
Confidential information duly included in the reports and confidentiality of reports ensured
Current StateTarget State7
Totally Integrated-Automated EnvironmentSystems & Frameworks integrated with the evolving business model and risk profileEnd user configurable reportingRisk Aggregation (ie Economic Capital)Model reviews, validation, monitoring and risk mitigation based on near real inputs, enabling Risk IntelligenceClarity and RobustnessNear-Continuous automated and on-demand reportingUnification of Risk & Accounting DataConfidential information duly included in the reports and confidentiality of reports ensured
Benchmarks DevelopmentInvolves intensive effort to align Benchmarks with the business model and the risk profile of the bank.
These benchmarks become the yardstick to measure the level of compliance.
8TARGET STATE VISUALISATION THROUGH THE BENCHMARKS
9BENCHMARKS LINKED WITH THE TARGET STATE
10BENCHMARKS LINKED WITH THE TARGET STATECompliance LevelsEach point assessed against Each point assessed against BenchmarksInventory for Integrated-Automated Environment* Each of these parameter to be assessed against the three sub-parameters (ie Documentation, Coverage & the Quality)
Benchmarks Working SheetBenchmarksInventory for Integrated-Automated Environment11Principles(2)RequirementsRDA Team Interpretation --Description of Interpretation in terms of Risk/ComplianceCapability Maturity Parameters, Benchmarks & Validation Infrastructural Execution Oriented (1-5) (6-7)Level of ComplianceFramework/s(Strategy)Policy/ies
System/sOngoing Processing & ExecutionExceptions/Risk-Loss EventsData architecture and IT infrastructure A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles.
33. A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.
34. Roles and responsibilities should be established as they relate to the ownership and quality of risk data and information for both the business and IT functions. The owners (business and IT functions), in partnership with risk managers, should ensure there are adequate controls throughout the lifecycle of the data and for all aspects of the technology infrastructure. The role of the business owner includes ensuring data is correctly entered by the relevant front office unit, kept current and aligned with the data definitions, and also ensuring that risk data aggregation capabilities and risk reporting practices are consistent with firms policies.2. Data architecture and IT infrastructure123456719 Data taxonomies1-Integrated data taxonomies across the banking group
b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts2-Integrated data architecture across the banking group
b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accountsDocumentation:1Documentation:1Documentation:1Documentation:1Documentation:1Documentation:1Documentation:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Coverage:1Coverage:1Coverage:1Coverage:1Coverage:1Coverage:1Coverage:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Quality:1Quality:1Quality:1Quality:1Quality:0Quality:1Quality:1Benchmark:1Benchmark:1Benchmark:1Benchmark:1Benchmark:0Benchmark:1Benchmark:1
Corporate BankingTreasury & InvestmentsRetail BankingFinanceHRRisk ManagementOperationsBT12
IntegrationAutomationAggregationRisk Management Framework & Risk StrategiesRisk Management Policies (#)Risk Management Process (#)--Data Items (Data Dictionary) promptly mapped to the Glossary of Business Concepts--Data Maturity Models--UtilizationIntegrated Platform of Risk SystemsProcessing of risk management constantly reviewed & Enhanced on ongoing basisRisk of Losses and Exceptions constantly monitored & managed
Market RiskOps R
Click here to load reader