Series: BCBS 239 - Principle 12

0

Principle 12

Principle 12: Supervisors should periodically review and evaluate a bank’s compliance with the eleven Principles above [described in BCBS 239].

Principle 12 is targeted primarily at regulators, but it has broad implications for banks’ internal risk management processes. In addition to evaluating capital adequacy and liquidity, banking supervisors also look for other characteristics that banks must have. These include:

  • Enterprise approach to risk management.
  • Documented risk management processes.
  • Risk monitoring combined with strong internal controls.

Regulators expect banks to demonstrate capabilities to aggregate risk information across all legal entities and consolidate these into meaningful risk measures. Aggregation of risk results across legal entities has been especially problematic for large, global banks that operate across borders. The processes that banks use to generate risk results also must be documented and monitored. Banks should have technology in place to monitor internal controls and assess the quality of these controls on a timely basis.

In a December 2013 assessment compiled by BCBS, supervisory authorities noted that one of their primary concerns was that banks resorted to manual workarounds to aggregate risk data and create reports needed to meet regulatory requests. (see Basel Committee on Banking Supervision, Progress in Adopting the Principles for Effective Risk Data Aggregation and Risk Reporting, December, 2013). Manual processes tend to cause delays, inconsistency and limited repeatability.

Another area of supervisory concern was that almost all of the banks surveyed indicated that they were in danger of not meeting their deadlines for complying with, at least, one of the principles outlined in BCBS 239. These banks indicated that multi-year, enterprise IT projects were the main culprit causing delays. Clearly, banks have much to accomplish regarding implementation of risk aggregation capabilities in terms of making processes reviewable by regulators.

To address these issues, banks must consider enhancing their reporting processes in parallel with their data aggregation initiatives.  The enhanced data infrastructure should include a data mart in which final numbers for computed KPIs, KRIs and risk measures are stored.  In addition, banks will need to tailor risk measures and KRIs to individual report users and ensure that these measures are available for any hierarchy within the bank.

SAS solutions provide an end-to-end, transparent framework for addressing the principles of BCBS239 through data aggregation, visual risk reporting, and automated risk monitoring. Read this free white paper for more in depth information on how SAS can help. Also read the other posts in this series.

Tags BCBS 239
Share

About Author

Jeff Hasmann

Principal Solutions Architect

Jeff Hasmann has more than 20 years of experience dealing with finance and risk management in the financial services industry. During his career, he has served as both a senior risk manager and corporate treasurer at several large firms. He joined SAS in 2002 and has served in various managerial and consulting roles since then.

Comments are closed.

Back to Top