Progress in adopting the Principles for effective risk data aggregation and risk reporting 2015

Original by BIS, 2015, 15 pages 

This summary note was Posted on

The Principles aim to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, and become effective 1 January 2016

  • Report from December 2015
  • Draw out key lessons learned and elaborate key recommendations to further facilitate implementation
  • The 11 Principles can be divided into three main pillars: (i) governance and infrastructure; (ii) data aggregation; and (iii) risk reporting
  • In 2013 and 2014, banks completed two self-assessment questionnaires on their level of compliance with the requirements under Principles 1–11
  • Effective implementation of the Principles goes beyond a checklist approach. It requires an understanding of the objectives behind the requirements
  • There is an expectation that banks should meet all risk data aggregation and risk reporting principles simultaneously. However, there are likely to be trade-offs.
  • It is important to emphasise quality over timeliness; that is, it is more important to ensure that banks develop high-quality infrastructure rather than resorting to “band-aid” solutions to meet the implementation deadline
  • Supervisors should conduct more in-depth/specialised examinations on data aggregation requirements to evaluate weaknesses
  • Achieving full automation is not possible. It is important that banks have the appropriate controls around any manual processes
  • Some G-SIBs’ (Global Systemically Important  Banks) IT architecture may have reached an unmanageable level. Banks should consider reducing the complexity of their systems

Findings

  • Under-investment prior to the development of the Principles, or the significant costs associated with it, completing large-scale infrastructure projects on time continues to be seen as the most significant obstacle to full compliance
  • Significant gaps in terms of data accuracy and adaptability were also identified. Principle 3 (accuracy/integrity) and Principle 6 (risk data aggregation adaptability) had some of the lowest reported compliance ratings
  • Challenges associated with documentation of processes, particularly in large banking groups which operate in a number of jurisdictions or across a number of business lines.
  • The ability to adapt data processes, particularly for ad hoc requests, is persistently weak

Noticeable principles

  • Data should be aggregated on a largely automated basis so as to minimise the probability of errors (principle 3)
  • A bank should be able to capture and aggregate all material risk data across the banking group (principle 4) (in a timely manner  – principle 5)
  •  Reports should be easy to understand yet comprehensive enough to facilitate informed decision-making.  An appropriate balance between risk data, analysis and interpretation, and qualitative explanations. (principle 9)