Progress in adopting the Principles for effective risk data aggregation and risk reporting 2017

thumbnail of d399 Original by BIS, 2017, 23 pages 

This summary note was Posted on

The 2016 supervisors’ assessment questionnaire was completed by all seven supervisors / supervisory regimes that had G-SIBs under their supervision.

  • The report found that G-SIBs’ level of compliance with the Principles is unsatisfactory, notwithstanding that G-SIBs have made some progress in implementing the Principles in 2016.
  • Only one G-SIB fully complied with the Principles within the January 2016 deadline
  • All Principles except Principle 2 (data architecture and IT infrastructure) were largely or fully complied with by over half of the assessed banks
  • Principle 2 is one of the two preconditions (together with Principle 1 on governance) to ensure compliance with the other Principles
  • The average delay in implementation of individual Principles ranges from 2.22 to 2.75 years
  • Banks would take about 5 to 6 years to fully comply
  • Some banks view implementing the Principles as a one-time compliance exercise rather than a dynamic and ongoing process
  • In this regard, banks need to periodically assess and make needed improvements to IT systems, policies and processes to effectively implement the Principles
  • There should be a regular independent validation of risk data aggregation and reporting processes
  • Some supervisors used fire drills to perform ad-hoc assessments of banks abilities to respond in a timely manner
  • Appendix 2 provide a set of examples regarding compliance to principles

Challenges faced by banks

  • Difficulties in execution and management of complex and large-scale IT and data infrastructure projects
  • Overreliance on manual processes and interventions to produce risk reports
  • Incomplete integration and implementation of bank-wide data architecture
  • Weaknesses in data quality control

New recommendations

  • Development of clear road map to achieve full compliance
  • Compliance should be on an ongoing basis

Recommendations from previous review still holding

  • Banks and supervisors should continue to promote understanding of the principle
  • Banks should clearly articulate risk data aggregation and risk reporting expectations
  • Banks should have efficient governance arrangements
  • Banks should critically examine their data architecture and adaptability capacity
  • In case of non compliance at the deadline provide remedy plan