The biggest challenge in implementing BCBS 239 is definitely to get a shared understanding of what risk management is actually for. Risk is the very core of banking business, it’s part of the day to day life. Also, we need to think about and compete against data companies like Facebook or Apple, says Kathryn Kerle, Head of Risk Reporting, Royal Bank of Scotland. To find out more about risk management and the role of the Head of Risk Reporting at the Royal Bank of Scotland download the full interview with Kathryn Kerle here: http://bit.ly/RoyalBankofScotland_Interview Let me know what you thought about this interview or maybe even what you would have answered to the questions asked.

1. Expert interview with Kathryn Kerle,
Royal Bank of Scotland
BANK@BANK@

2. As the head of risk reporting at the Royal Bank of Scotland, Kathryn
Kerle knows what counts and where potential blind spots may lie hidden.
Before speaking at our event in September, we had the chance to sit down
with here for a short conversation on risk mitigation and data manage-
ment. Read the full interview here for free!
IQPC: Dear Kathryn, you have been part of the RDARR community for
a long time and are also actively shaping the discussion among industry
representatives. How would you describe the development of the discus-
sion over the last three years?
Kathryn Kerle: Originally, that is in 2013, the main focus was on compli-
ance and how to ensure that the regulatory boxes were ticked. And people
are still concerned with that. However, my impression is that the focus
shifted towards questions about risk culture and communication. Most
people are now thinking about how to implement the right processes and
mindsets making sure there is not only the right outcome at the complian-
ce end of things but that the internal processes are from the start organized
in the right way. Thus we are now starting to think about business change
rather than just data management issues.
IQPC: Most banking professionals we talk to seem to have moved from
strategic and conceptual considerations to a more technical focus on
data quality and data lineage. However, establishing a common voca-
bulary for the risk, finance and the IT departments again touches on
deeper challenges regarding a culture of collaboration. What in your
impression is the biggest challenge to establish the appropriate risk cul-
ture, what is that actually, and what time line are we talking about?
KK: The biggest challenge is definitely to get a real shared understanding
of what risk management is actually for. Risk is the very core of banking
business. It should not be peripheral but central to bank management.
The business needs to take responsibility for risk management. Think for
instance of strategic planning. In most institutions risk and finance are
two different departments. The conversations between the departments are
happening but the systems do not always allow institutions to reflect the
impact of risk on business plans and that too reflects the mentality of wor-
king in separate silos.
IQPC: Your own position as head of risk reporting is quite interesting
in that context. You are not reporting to the external supervisors yet in
your internal risk reports you obviously need to have them in mind too.
How would you describe your specific role in establishing new lines of
communication throughout the bank?
KK: External supervisors are not foremost in my mind. Rather, I think
about how we can do a better job to mitigate risk. Establishing commu-
nication with the users of my risk reports is crucial and my users are my
senior management. So I need to understand what information they need
and then design, develop and deliver reports that meet those information
needs. My first concern is to supply the information they need to fulfill
their responsibilities with respect to the management of the bank’s strategic
risks.
IQPC: In most institutions, the implementation of BCBS 239 involve
heavy investments in software to measure, visualize and communica-
te risk exposures. How much does software, even the best imaginable,
actually help to address the root case of the challenges and what are the
right criteria for choosing one provider rather than another?
KK: Personally, I do not think that poor software is the most important
issue. Indeed, compared to the institutional and cultural issues, software
is not central.. For example, implementing a consistent measure of risk
exposure entails: i) deciding how the measure should be used; ii) defining
the measure; iii) obtaining approval to use the measure; iii) adapting risk
frameworks to incorporate the measure; iv) altering policies to accommo-
date the measure; v) training people to use the measure; and vi) changing
www.bank-at-risk.com

3. systems to produce the measure. Steps one through five account for much
of the work involved. But the issues run even deeper than that. In fact,
people need a totally different attitude towards data. As banks we are in
the data and the risk management business. Data are not a problem but
the critical success factor. With respect to the software however I think
the key factor is flexibility, not only in meeting current requirements – but
especially for future requirements. We need systems that can deal with
acquisitions, divestitures, new regulatory requirements, new accounting
standards, new strategies and stress and crisis – we don’t know in advance
what questions we will have to answer.
IQPC: At our meeting you’ll discuss in what way risk reporting might
become a source of competitive advantage. Could you give us some
hints as to what our audience can expect from your presentation?
KK: I guess I have to go back to the point made earlier: We are in the risk
and data business. Thus we need to think about and compete against data
companies like Facebook or Apple. We need to focus on our customers and
to show them that – based on the data we already have – we can help them
to make long term decisions to improve their financial situation.
Dear Kathryn, thank you very much for this conversation. We are very
much looking forward to see you in Brussels!
www.bank-at-risk.com