REGULATORS WANT CLEAR PROOF YOU HAVE CONTROL OVER THE WHOLE DATA MANAGEMENT LIFECYCLE
Knowledge of how risk data makes its way into board and regulatory reporting tends to be locked in the minds of a few key people within the bank. Data and MI has been so heavily processed by the time it makes its way to the risk reporting teams that appropriate aggregation (or disaggregation) can be impossible to achieve. The fourteen principles of BCBS 239 are all variations on the same theme: you must demonstrate to the regulator that you can govern, process, aggregate and report risk data in a controlled manner.
As processes and systems have been built up over the years, a lack of investment in the data infrastructure has resulted in potentially thousands of ad-hoc and manual adjustments, typically performed via end user computing, outside of auditable systems. IT departments have traditionally focused on system architecture rather than the underlying data architecture. During periods of intense stress, as seen during the financial crisis, trying to get daily or weekly views of key risk reporting that was designed to be rolled out monthly proved nigh on impossible. To address this, BCBS 239 sets out principles that, if implemented effectively, will result in more accurate and reliable report production.
Parker Fitzgerald director, Ashley Bragg, warns “most banks won’t be ready to comply with at least one BCBS 239 principle by the January 2016 deadline”.