In a previous blog article, Risk Data Aggregation and Reporting – Why now more than ever? – Part 1, I have discussed the requirements of the paper of the Basel Committee numbered 239 and one of the reasons the execution or application of the principles discussed therein is important for Banks, especially at this point in time.
In this article I would like to elaborate more on two further regulatory and internal requirements that push the compliance with the principles of BCBS 239 up the agenda of the CRO and the Board. These are as follows:
Since the global financial crisis of 2008, stress tests have taken on growing importance and prominence in financial institution supervision and regulation. These tests, designed to measure an institution’s ability to maintain capital buffers and withstand extreme economic shocks have continually been modified, requiring from the institutions to have in place a robust but flexible enough automated framework that covers both the availability and consistency of data and the effective execution of the tests, when needed.
Stress tests are being designed to capture a true and holistic view of risk. In order for banks to be able to deal with this requirement they are forced to reinvent their infrastructures and operating models, making sure all elements of the business are aligned as far as risk data is concerned. And when we are talking about risk data, we potentially mean all data an organization has available or has access to. Risk is about the unexpected thus any information could potentially be used for risk management purposes.
At the center of the stress testing process lies the risk and finance functions. These two functions need to be in alignment and coordination at all levels, in order to provide a true and representative enterprise wide picture, through the stress testing exercises. This alignment is most important at the data level. The two functions traditionally have worked in silos creating, in most of the times, their “own” data which they were using for their “own” reporting needs. These silos need to be broken now and the culture of a common and integrated data mart for risk and finance purposes needs to be cultivated so that there exists a common point of reference, as far as data is concerned for all enterprise reporting purposes. Information and reports need to be easily reconciled as these are provided as input by the two functions to the stress testing exercises.
It is important to note that stress testing has become a systematic way to examine and identify an institution’s financial vulnerability, and regulators have turned it into a process that needs to be transparent, auditable and clearly documented. Enforcing within the organization the principles of the BCBS 239 will help greatly in meeting the data “challenge” in stress testing.
Internal Capital Adequacy Assessment Process and Capital Planning
The Internal Capital Adequacy Assessment (ICAAP) process has been over the last years the process through which the organizations were assessing internally (using internal methodologies and metrics) the capital needs and comparing those with the available capital for now and the next 3 to 5 years. It has also been the tool used through the Supervisory Review and Evaluation Process (SREP), by the regulators to assess the adequacy of the capital management and planning framework of the Bank as well as its risk management and internal control practices. So the ICAAP instead of mostly an internal process, it turned into a regulatory submission report through which the Banks were trying hard to convince the authorities of the adequacy of their capital.
The important objective of the ICAAP was the linkage and alignment of three important components which are Strategy, Risk and Capital. In practice this was achieved by using as a basis the financial plan of the organization for the next 3 to 5 years, which is a reflection of the strategy. In parallel the Bank was working to identify potential risks in this plan and their effect on the capital. Finally the capital needs, based on the plan and identified risks, was compared to the available capital to identify any deficit or surplus vis-à-vis the regulatory and internal thresholds.
The capital plan is at the heart of the entire process, since it is an exercise that reflects not only the financial plan for the next years but also takes into consideration the risks and capital availability. In order for this to work effectively, an integration of finance and risk is necessary, as this has been discussed under the stress testing title above. This means again that a common data repository between the two functions is key to achieve the required results.
Important is also the ability to run many iterations of the plan (simulations), in short periods of time, to assess the impact on the bottom line and in extend the availability of capital resources of different strategic initiatives, so that the most appropriate path of action is decided by the Management of the Bank (based on solid results).
All the above require automations to achieve consistency of information across all functions of the Bank, quick consolidation of reliable data for iterative scenario analysis and simulation exercises, flexibility and agility in the calculations and finally transparency and auditability for internal and external audit purposes. All of which can be applied as part of the BCBS 239 principles execution.
To sum up, financial institutions need to have greater control over their data governance, aggregation and reporting processes and all of the above initiatives stress even more the need for a robust data management framework. Financial Institutions need to be well positioned to respond to financial shocks and regulatory scrutiny with a superior command of their overall as well as discrete exposures – ensuring accuracy, integrity, completeness and timeliness at all levels of granularity. To do all that a comprehensive risk data management and aggregation process needs to be in place to facilitate better results.
If you want ot build a model platform for stress test and simulations, watch the Risk Management and Compliance webinar on demand.