Series: BCBS 239 - Principle 7


Principle 7Principle 7:
Accuracy - Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated.

Successful demonstration of Principle 7 requires senior management to rely upon the information presented in risk reporting. Since forward-looking strategic decisions are made based on the aggregated risk numbers, any inaccuracy in the data could pose a threat to future outlook of the institution’s profitability. Thus, it is not sufficient simply to have risk reports.

In our previous posts on the principles of BCBS 239, my colleagues have discussed how you can meet the needs for accuracy and integrity, completeness, timeliness and adaptability using high-performance analytics. In this post, I’ll outline what the Basel Committee on Banking Supervision meant in Principle 7 and how you can comply while also improving the business.

Completeness and accuracy go hand-in-hand. In the fifth post in this series, Sam Munoz says of completeness:

To be in compliance, financial institutions are expected to have no risk data material deficiencies including on- and off-balance sheet exposures.  Material deficiencies are common when lines of business portfolios are not integrated with the risk data aggregation and reporting system.  Often bottlenecks are present when manually produced extracts or spreadsheets are delivered.

It’s not enough, though to have all of the data. Rather, the data presented in reports needs to be accurate and trustworthy. This assumes that the report content is created using the correct data and should there be any approximations or manual corrections performed, such modifications are well-documented and senior management is kept adequately informed about such assumptions.

To enforce such accuracy, firms must look at the end-to-end data streaming process from data origination and transformation (including data quality, validations and reconciliations) to data processing and results.  There are three critical activities necessary for accuracy:

  • If, at any stage, data deficiencies or abnormalities are noted, they need to be rectified and documented so that the final reports represent meaningful information.
  • Data modifications, though documented, need approval to ensure compliance with any regulatory guidelines and with the strategic objectives of the firm.  Therefore, a data governance process should be established around the data streaming.
  • Senior management must have visibility into the underlying data which constitutes the aggregated risk numbers presented in the reports. They need the ability to investigate the data authenticity and understand any data exceptions.

Most institutions grapple with challenges wherein aggregated risk report numbers do not reconcile with the granular data or other accounting data. With reports being delivered more frequently to regulators or senior management, more and more data compromises are made with manual interventions. Such edits to the data may not always be well-documented, and hence expose the institution to data integrity issues and makes risk reporting less dependable.

To tackle these challenges, consider an integrated technology infrastructure which binds together data management and reporting in a transparent and auditable way. An automated workflow-based approach is ideal: The procedure to identify and rectify any reporting data accuracies is pre-defined and hence, the governance around reporting changes or data corrections is kept intact.

SAS risk management solutions provide an intuitive platform that help institutions tackle these challenges. This integrated architecture is comprised of:

  • A data management framework for aggregating data from disparate platforms that perform data validations and reconciliations.
  • A workflow engine for data governance and auditability.
  • A business intelligence framework that provides easy-to-create and use dashboards and reports with slice-and-dice capability.

Learn more about how SAS can help you address BCBS 239 compliance.

Tags BCBS 239

About Author

Vickram Panwar

Americas Risk Practice, SAS

Vikram is a member of SAS Americas Risk Practice with over 14 years of experience in working with risk solutions and consulting in the financial services industry. Vikram has managed solution consulting functions across North and Latin America to drive domain and Risk product oriented discussions with the top executives of financial services firms across the United States and Latin America. His expertise includes deep domain knowledge around Enterprise Stress Testing processes, Regulatory Compliance Management including Model Governance and Liquidity Risk Management.

Comments are closed.

Back to Top