Principle 10:
Frequency – The board and senior management (or other recipients as appropriate) should set the frequency of risk management report production and distribution.

BCBS 239 “Effective Risk Data Aggregation & Risk Reporting”, released in January of 2013, specifically requires that the bank’s board and senior management should be responsible for determining the frequency of risk management report production and distribution.

You may ask: Why should the board and senior management of a bank be bothered with that? Why is reporting frequency so important? It is important, very important. And it is not just about frequency - the frequency of reporting and distribution reflects key dimensions of a bank’s entire risk management system and process. Also, frequency – in this context – means more than just how often. So what does reporting frequency really reflect under BCBS 239?

• Integration – the ability to integrate various data and models. There can be vast data sources that need to be processed and consolidated, especially in the case of large banks with global operations and investments. Such institutions will need to achieve risk aggregation and consolidation across different time frequencies. Often, data with different time intervals need to be mapped and converted to desired frequencies, such as from daily to hourly, or vice versa. Without an integrated data model and platform, it can be a very challenging task to consolidate the data with desired reporting frequency.
• Flexibility – the ability to accommodate differences. A bank’s risk management system should be able to perform data aggregation and reporting for both internal business users and external compliance purposes. In addition, the reporting frequencies should reflect the nature of different risk and exposure types.

According to the Basel guidance, all relevant and critical credit, market and liquidity position and exposure reports are needed within a very short period of time to react effectively to evolving risks and the dynamics of the market states. In other words, this type of market position and exposure information may be needed immediately – even at real time. On the other hand, some portfolio or positions need to be aggregated and reported less frequently, such as weekly or monthly, or even longer. The system should be flexible enough to accommodate the needs of different recipients with different frequency requirements.

• Scalability – the ability to scale up with changes. The frequency needs to be adjusted and tested under both stress and crisis situations. Banking regulators expect the frequency of reports to increase during times of stress or crisis. For example, to comply with the Basel III liquidity coverage ratio regulatory framework, a bank may need to perform internal cash flow projects on a daily basis for the next 30 days. Without the required computing capability and scalability, it is difficult to meet such requirements.

Weaknesses in any of the above areas will certainly impede an institution’s ability to meet the frequency requirements and will eventually impact their business and regulatory compliance. For many banks, fragmented models and applications are used to aggregate data and generate reports with different frequency requirements. Intense manual work is often needed to perform configurations and updates when reporting frequency changes, or for different recipients. And with manual work, there are errors – often duplicated data and fragmented models - which in turn, will lead to inconsistency in output results and reporting. Sometimes, aggregated reports simply cannot be produced on time at the desired frequency.

How can your institution strengthen their risk management system for a streamlined and effective data aggregation and reporting? What you need is an open and integrated architecture that affords maximum customization, flexibility and scalability so that aggregation and reporting can be performed at any desired frequency in an automated and timely fashion. Powered by a single, fully integrated data platform and high-performance computing enabled analytics, SAS risk management solutions are the choice for financial institutions to achieve this goal.

Read our entire series covering the BCBS 239 principles. And learn more about how SAS can help you meet the obligations of BCBS239. SAS solutions provide an end-to-end framework for addressing the principles of BCBS239 through data aggregation, visual risk reporting and useable risk measures.