BS 239 or financing data quality challenge
In the center of finance news, Bâle 239 is a topic that media are currently covering intensely in the finance industry.
But in concrete terms, what is it about?
Let’s go back to the essential directives of the BCBS 239 report, and their implementation.
After the crisis and troubled period that some financial institutions went through, the measure of risk exposure has become the leitmotiv of all financial and economic actors, generally speaking. As a result, institutions must modify their regulations, in order to reinforce the reliability and control of the banking sector.
With the aim of improving the aggregation capacity of risk data, the Basel Committee on Banking Supervision (BCBS) published on January 9th 2013, the famous BS239 recommendations, that state 14 principles in 5 chapters (we will only develop 4, the fifth being about the implementation period and transitory provisions) in order to consolidate the banks’ capacity to aggregate risk data, and to improve their reporting practices within the institutions.
The main objectives of these recommendations are:
- Enhance the infrastructure for reporting key information,
particularly that used by the board and senior management to identify, monitor and manage risks;
- Improve the decision-making process throughout the banking organization;
- Enhance the management of information across legal entities,
while facilitating a comprehensive assessment of risk exposures at the global consolidated level;
- Reduce the probability and severity of losses resulting from risk management weaknesses;
- Improve the speed at which information is available and hence decisions can be made; and
- Improve the organization’s quality of strategic planning and the ability to manage the risk of new products and services.
Our answer to this legal modification translates into a methodology of services with tools, able to provide financial governance and risk data aggregation solutions. In the center of this methodology, the Quality Gate tool is a great option to monitor the quality of your data in your decisional environment. It is a centralized non-intrusive solution, created to control and improve the coherence of your information system according to conjuncture.
Now, let’s look at Quality Gate’s capacity to resolve the challenges we are facing because of the BS 239 new recommendations.
I. Overarching governance and infrastructure
Governance – A bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee.
Data architecture and IT infrastructure – A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles.
II. Risk data aggregation capabilities
Accuracy and Integrity – A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimize the probability of errors.
Completeness – A bank should be able to capture and aggregate all material risk data across the banking group. Data should be available by business line, legal entity, asset type, industry, region and other groupings, as relevant for the risk in question, that permit identifying and reporting risk exposures, concentrations and emerging risks.
Timeliness – A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principles relating to accuracy and integrity, completeness and adaptability. The precise timing will depend upon the nature and potential volatility of the risk being measured as well as its criticality to the overall risk profile of the bank. The precise timing will also depend on the bank-specific frequency requirements for risk management reporting, under both normal and stress/crisis situations, set based on the characteristics and overall risk profile of the bank.
Adaptability – A bank should be able to generate aggregate risk data to meet a broad range of on-demand, ad hoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
III. Risk reporting practices
Accuracy– Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated.
Comprehensiveness – Risk management reports should cover all material risk areas within the organisation. The depth and scope of these reports should be consistent with the size and complexity of the bank’s operations and risk profile, as well as the requirements of the recipients.
Clarity and usefulness – Risk management reports should communicate information in a clear and concise manner. Reports should be easy to understand yet comprehensive enough to facilitate informed decision-making. Reports should include an appropriate balance between risk data, analysis and interpretation, and qualitative explanations. Reports should include meaningful information tailored to the needs of the recipients.
Frequency – The board and senior management (or other recipients as appropriate) should set the frequency of risk management report production and distribution. Frequency requirements should reflect the needs of the recipients, the nature of the risk reported, and the speed at which the risk can change, as well as the importance of reports in contributing Principles for effective risk data aggregation and risk reporting 21 to sound risk management and effective and efficient decision-making across the bank. The frequency of reports should be increased during times of stress/crisis.
Distribution –Risk management reports should be distributed to the relevant parties and while ensuring confidentiality is maintained.
IV. Supervisory review, tools and cooperation
Review – Supervisors should periodically review and evaluate a bank’s compliance with the eleven Principles above.
Remedial actions and supervisory measures – Supervisors should have and use the appropriate tools and resources to require effective and timely remedial action by a bank to address deficiencies in its risk data aggregation capabilities and risk reporting practices. Supervisors should have the ability to use a range of tools, including Pillar 2.
Home/host cooperation – Supervisors should cooperate with relevant supervisors in other jurisdictions regarding the supervision and review of the Principles, and the implementation of any remedial action if necessary.