implementing bcbs 239 rdarr

19
IMPLEMENTING BCBS- 239 Presented by: MUHAMMAD ZAHID Mobile:00966 50 153 5985, [email protected] **Disclaimer: Views expressed in this presentation are of the presenter only. Copyrights reserved

Upload: mzahidgill

Post on 12-Feb-2017

108 views

Category:

Data & Analytics


4 download

TRANSCRIPT

Page 1: Implementing bcbs 239 rdarr

IMPLEMENTING BCBS-239

Presented by:

MUHAMMAD ZAHIDMobile:00966 50 153 5985,

[email protected]

**Disclaimer: Views expressed in this presentation are of the presenter only.Copyrights reserved

Page 2: Implementing bcbs 239 rdarr

2

BCBS-239 Related Questions & Challenges1. Does risk data aggregation apply only to internal reports or also to the

regulatory reports as well? 2. Focused on automating the reports only or more on integrating them? 3. A one-off compliance exercise or an investment for the future?4. To what extent have regulators been engaged in this exercise, enabling the

banks to comply with the BCBS-239 Requirements? 5. Does BCBS-239 provide a standard implementation roadmap & benchmarks,

enabling the banks to measure their compliance level or is it all judgmental? 6. Does BCBS-239 draw out some target state for the banks in terms of their

business model & risk profile? 7. Have the progress documents (ie BCBS-268, 308 & 348) measured and

mapped the implementation progress around some pre-defined themes? 8. How far is the ‘BCBS Committee’ confident that earnest implementation of

these principles by G-SIBs & D-SIBs will enable banks to withstand the ‘future financial crises’?

Page 3: Implementing bcbs 239 rdarr

Start:Adoption of 11

Principles Underlying themes Current state of play

End:Totally Integrated-

Automated Environment

Risk management

capabilities

Data management

capabilities

RDAcapabilities

Risk reportingcapabilities

Capa

biliti

esTh

emes

Prin

cipl

es /

Fr

amew

orks

Overarching- Governance- IT infrastructure- Architecture

Risk Data Aggregation- Accuracy & Integrity- Completeness & Timeliness- Adaptability

Risk Reporting- Accuracy- Clarity & Usefulness- Frequency & Distribution

Speed & Confidentiality

RDA themes

Automation & Adaptation

TransparencyReconciliation & Validation

FlexibilityMateriality

Page 4: Implementing bcbs 239 rdarr

4

Why Themes….?• RDA Principles are very high level and generic.

• To build a strong connection between the principles and the actual working pattern of the enterprise.

• Themes have been worked out to communicate the essence of principles to the risk, business, data, finance and technology functions across the organization.

• Proposed six Themes enable us to lever the understanding of the principles down to the respective function level.

Page 5: Implementing bcbs 239 rdarr

5

6-Speed & Confidentiality

RDA themes

5-Automation & Adaptation

4-Transparency

3-Reconciliation & Validation

2-Flexibility

1-Materiality

RDA Themes & Principles Mapping…

4-Completenesss8-Comprehensiveness

9-Clarity & Usefulness

7-Accuracy

1-Governance2-Data Architecture & IT Infrastructure3-Accuracy & Integrity

5-Timeliness6-Adaptability

10-Frequency11-Distribution

RDA Principles

Defined in silos or in an integrated environment

Empowering the management/board to make decisions with right level of information

Controlled level of errors & ambiguities

Moving from black box analytics towards open box & transparent analytics environment

Resilience in organization to any emerging scenarios

Information available on Timely & Need to know basis within near zero time lapse

Themes Explained

Page 6: Implementing bcbs 239 rdarr

6

(f) Speed & Confidentiality

RDA themes

(e) Automation & Adaptation

(d) Transparency

(c) Reconciliation & Validation

(b) Flexibility

(a) Materiality

BCBS-239 Principles

(1-11) ~Basel Framework

~Maturity Models

CapabilitiesRisk M

anagement

Data Managem

ent Risk Data Aggregation Risk Reporting

Capabilities enabling the

achievement of

Target State

Principles enabling the

achievement of Target State

6

Risk Data Aggregation Themes…

Page 7: Implementing bcbs 239 rdarr

7

BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)

Major Themes emerging from

BCBS-239 Principles

(a) Materiality

(b) Flexibility

(c) Reconciliation and Validation

(d) Transparency

(e) Automation & Adaptation

(f) Speed & Confidentiality

Situation Driven Arrangements

Defined in siloed environment

External interventions(through vendors/consultants for reporting changes)

Disparate Repositories

Black Box Analytics

Manual

Batch-based Reporting

Confidential information bypassed from the reports

Interim Arrangements (centralization)

Framework based definitions

Power-user configurable rule

based model

On-demanddrill-down

Clarity

Single data pool (for all operating units ie

branches, regions and HO)

Automated monthly/quarterly

ReportingAutomated daily

batch-based reporting

Totally Integrated-Automated Environment

Systems & Frameworks integrated with the evolving business model and risk profile

End user configurable reporting/Self service BI

Risk Aggregation (ie Economic Capital)

Model review, validation, monitoring and mitigation based on near real inputs, enabling

current/forward looking Risk Intelligence

Clarity and Robustness

Near-Continuous automated and on-demand reporting

Unification of Risk & Accounting Data

Confidential information duly included in the reports and confidentiality of reports ensured

Current State

Target State

Page 8: Implementing bcbs 239 rdarr

8

Totally Integrated-Automated Environment

• Systems & Frameworks integrated with the evolving business model and risk profile

• End user configurable reporting• Risk Aggregation (ie Economic Capital)

• Model reviews, validation, monitoring and risk mitigation based on near real inputs, enabling Risk Intelligence

• Clarity and Robustness

• Near-Continuous automated and on-demand reporting• Unification of Risk & Accounting Data• Confidential information duly included in the reports and

confidentiality of reports ensured

Benchmarks Development

Involves intensive effort to align Benchmarks with the business model and the risk profile of the bank.

These benchmarks become the yardstick to measure the level of compliance.

TARGET STATE VISUALISATION THROUGH THE BENCHMARKS

Page 9: Implementing bcbs 239 rdarr

9

BENCHMARKS LINKED WITH THE TARGET STATE

• Framework/Strategy• Policies• Integrated Risk

Processes• Integrated Risk Data• Integrated Risk

Systems

Infrastructural Maturity Parameters

• Ongoing Processing• Exceptions

(Regulatory, Audit, Policy etc)

• Loss Events

Processing & Controls Maturity

Parameters

BCBS-239Principles

Requirements(87)

Interpretation/Understanding

Page 10: Implementing bcbs 239 rdarr

10

• Framework/Strategy• Policies• Integrated Risk

Processes• Integrated Risk Data• Integrated Risk

Systems

Infrastructural Maturity

Parameters

• Ongoing Processing• Exceptions

(Regulatory, Audit, Policy etc)

• Loss Events

Processing & Controls Maturity

Parameters

BENCHMARKS LINKED WITH THE TARGET STATE

*

Documentation

Coverage

Quality

*Documentation

Coverage

Quality

Compliance Levels

Each point assessed against…

Each point assessed against…

BenchmarksInventory for

Integrated-Automated Environment

4-Fully Compliant

3-Largely Compliant

2-Materially

Non-Compliant

1-Non Compliant

* Each of these parameter to be assessed against the three sub-parameters (ie Documentation, Coverage & the Quality)

Page 11: Implementing bcbs 239 rdarr

Benchmarks Working Sheet BenchmarksInventory for

Integrated-Automated Environment

11

Principles(2) Requirements

RDA Team Interpretation

--Description of

Interpretation in terms of

Risk/Compliance

Capability Maturity Parameters, Benchmarks & Validation Infrastructural Execution Oriented

(1-5) (6-7)

Level of Compliance

Framework/s(Strategy)

Policy/ies Process/es Risk Data System/sOngoing

Processing & Execution

Exceptions/Risk-Loss Events

Data architecture and IT infrastructure – A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles.

33. A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.

34. Roles and responsibilities should be established as they relate to the ownership and quality of risk data and information for both the business and IT functions. The owners (business and IT functions), in partnership with risk managers, should ensure there are adequate controls throughout the lifecycle of the data and for all aspects of the technology infrastructure. The role of the business owner includes ensuring data is correctly entered by the relevant front office unit, kept current and aligned with the data definitions, and also ensuring that risk data aggregation capabilities and risk reporting practices are consistent with firms’ policies.

2. Data architecture and IT infrastructure 1 2 3 4 5 6 7

19 Data taxonomies 1-Integrated data taxonomies across the banking group

a-Meta Data

b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts2-Integrated data architecture across the banking group

a-Meta Data

b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts

Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1

Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1

Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1

Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1

Quality: 1 Quality: 1 Quality: 1 Quality: 1 Quality: 0 Quality: 1 Quality: 1

Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 0 Benchmark: 1 Benchmark: 1

Example Sheet

Page 12: Implementing bcbs 239 rdarr

Corporate Banking

Treasury &

InvestmentsRetail

Banking

Finance

HR

Risk Management

Ope

ratio

ns

BT

12

IntegrationAutomation

Aggregation

Risk Management Framework & Risk Strategies

Risk Management

Policies (#)

Risk Management

Process (#)

--Data Items (Data Dictionary) promptly

mapped to the Glossary of Business Concepts

--Data Maturity Models--Utilization

Integrated Platform of Risk

Systems

Processing of risk management constantly reviewed & Enhanced on

ongoing basis

Risk of Losses and Exceptions

constantly monitored & managed

Market Risk

Ops Risk

OtherRisks

Credit Risk

CRO Dashboard

Integrated Data/Information

Policies

Integrated Systems

Integrated Processes

Ongoing Processing

Exceptions & Losses

Frameworks/Strategies

Integrated Automation

Totally

Materiality

Transparency

Automation &

Adaptation

FlexibilityReconcili

ation &

Validation

Spee

d &

Confi

denti

ality

Totally Integrated–Automation…

1-Business/Risk Areas

3-Parameters/Modules

2-Themes

Page 13: Implementing bcbs 239 rdarr

13

Totally Integrated-Automated Environment

1 2 3 4

12

34

Integration

Automation

HI-HA

HI-LA

LI-HA

LI-LA

4

3

2

1

Benchmark

s

Inventory

for

Integrated

-Automate

d

Envir

onment

20132.55

20152.65 Approx.

2016 & beyond?

Overall G-SIBSProgress of Results

2015

20142.58

LA-Low AutomationHA-High Automation

LI-Low IntegrationHI-High Integration

FullIntegration

FullAutomation

Page 14: Implementing bcbs 239 rdarr

BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)

RDARR Capabilities

Capabilities

Risk Management Capabilities

Able to …..-Identify & Assess Risk-Quantify & Manage Risk- Control & Monitor Risk- Report the Risk

Infrastructure & Data Management Capabilities

Able to ….- Identify & Describe Data- Stage & Store Data- Provide & Share Data- Integrate & Move Data- Govern & Manage Data

Risk Data Aggregation Capabilities

Able to….-Have global consolidated - view of data - view of exposure - view of risk- Adapt to the emerging scenarios

Risk Reporting Capabilities

Able to provide:- dynamic & multi-dimensional view of risk analytics- scenario based and action oriented analytics- entity plus group wide view of risk analysis- top down and bottom up risk steering

START

Situation Driven Arrangements

Interim Arrangements

Totally Integrated-Automated Environment

14

Page 15: Implementing bcbs 239 rdarr

BCBS-239 IMPLEMENTATION FRAMEWORK(Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting)

START

Situation Driven Arrangements

Interim Arrangements

Totally Integrated-Automated Environment

15

Principles/ Frameworks

Risk Management Capabilities

Infrastructure & Data Management Capabilities

Risk Data AggregationCapabilities Risk Reporting

Capabilities

Principles

/Framewor

ks

Risk Governance Data Governance Aggregation Governance Reporting Governance

Principles

/Framewor

ks

Risk - IT Infrastructure Data - IT Infrastructure

Aggregation - IT Infrastructure Reporting - IT Infrastructure

Risk Architecture Data Architecture RDA Architecture Reporting Architecture        

Basel Principles of Sound Risk Management& Corporate Governance

DAMA

Data Management Maturity (DMM) Model

Data Management Capability Assessment

(DCAM) Model

….

Accuracy & Integrity Accuracy Completeness Comprehensiveness

Timeliness Clarity & Usefulness Adaptability Frequency

  Distribution       

Page 16: Implementing bcbs 239 rdarr

EMBEDDING INTO BIGGER REPORTING FRAMEWORK

16

Basic Cubes‘Input Layer’

Data Dictionary

Smart Cubes‘Output Layer’

Aggregated

Bank, Regulatory, National Needs

Templates

Aggregation

Loans Securities

Integrated Data Dictionary

Others

https://www.bis.org/ifc/events/ifc_isi.../010_turner_presentation.pdf

Page 17: Implementing bcbs 239 rdarr

17Consumers Devil lies in Data

CHANGE NEEDS TO BE REAL….

Page 18: Implementing bcbs 239 rdarr

18

1. Internal reports need to be covered comprehensively encompassing the regulatory content as well.

2. Focused on integrating & automating the reports. 3. An investment for the future.4. Regulators need to be intensively engaged in this exercise.5. BCBS-239 being a principle-based requirement does not provide a standard

implementation roadmap & benchmarks and thus leave it to the banks.6. BCBS-239 does not draw out target state for the banks and leaves it to them in

terms of their business model & risk profile? 7. Progress documents (ie BCBS-268, 308 & 348) does not reflect the themes to

be followed. 8. Low score on the part of banks is a cause of concern to withstand the ‘future

financial crises’

BCBS-239 Related Questions & Challenges - Our answer..

Page 19: Implementing bcbs 239 rdarr

19