Successful demonstration of Principle 7 requires senior management to rely upon the information presented in risk reporting. Since forward-looking strategic decisions are made based on the aggregated risk numbers, any inaccuracy in the data could pose a threat to future outlook of the institution’s profitability. Thus, it is not sufficient simply to have risk reports.
In our previous posts on the principles of BCBS 239, my colleagues have discussed how you can meet the needs for accuracy and integrity, completeness, timeliness and adaptability using high-performance analytics. In this post, I’ll outline what the Basel Committee on Banking Supervision meant in Principle 7 and how you can comply while also improving the business.
Completeness and accuracy go hand-in-hand. In the fifth post in this series, Sam Munoz says of completeness:
To be in compliance, financial institutions are expected to have no risk data material deficiencies including on- and off-balance sheet exposures. Material deficiencies are common when lines of business portfolios are not integrated with the risk data aggregation and reporting system. Often bottlenecks are present when manually produced extracts or spreadsheets are delivered.
It’s not enough, though to have all of the data. Rather, the data presented in reports needs to be accurate and trustworthy. This assumes that the report content is created using the correct data and should there be any approximations or manual corrections performed, such modifications are well-documented and senior management is kept adequately informed about such assumptions.
To enforce such accuracy, firms must look at the end-to-end data streaming process from data origination and transformation (including data quality, validations and reconciliations) to data processing and results. There are three critical activities necessary for accuracy:
- If, at any stage, data deficiencies or abnormalities are noted, they need to be rectified and documented so that the final reports represent meaningful information.
- Data modifications, though documented, need approval to ensure compliance with any regulatory guidelines and with the strategic objectives of the firm. Therefore, a data governance process should be established around the data streaming.
- Senior management must have visibility into the underlying data which constitutes the aggregated risk numbers presented in the reports. They need the ability to investigate the data authenticity and understand any data exceptions.
Most institutions grapple with challenges wherein aggregated risk report numbers do not reconcile with the granular data or other accounting data. With reports being delivered more frequently to regulators or senior management, more and more data compromises are made with manual interventions. Such edits to the data may not always be well-documented, and hence expose the institution to data integrity issues and makes risk reporting less dependable.
To tackle these challenges, consider an integrated technology infrastructure which binds together data management and reporting in a transparent and auditable way. An automated workflow-based approach is ideal: The procedure to identify and rectify any reporting data accuracies is pre-defined and hence, the governance around reporting changes or data corrections is kept intact.
SAS risk management solutions provide an intuitive platform that help institutions tackle these challenges. This integrated architecture is comprised of:
- A data management framework for aggregating data from disparate platforms that perform data validations and reconciliations.
- A workflow engine for data governance and auditability.
- A business intelligence framework that provides easy-to-create and use dashboards and reports with slice-and-dice capability.
Learn more about how SAS can help you address BCBS 239 compliance.