Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Implementing bcbs 239 rdarr

1,254 views

Published on

RDARR is a major challenge for the modern organizations..

Published in: Data & Analytics

Implementing bcbs 239 rdarr

  1. 1. IMPLEMENTING BCBS-239 Presented by: MUHAMMAD ZAHID Mobile:00966 50 153 5985, mzahidgill@yahoo.com **Disclaimer: Views expressed in this presentation are of the presenter only. Copyrights reserved
  2. 2. BCBS-239 Related Questions & Challenges 1. Does risk data aggregation apply only to internal reports or also to the regulatory reports as well? 2. Focused on automating the reports only or more on integrating them? 3. A one-off compliance exercise or an investment for the future? 4. To what extent have regulators been engaged in this exercise, enabling the banks to comply with the BCBS-239 Requirements? 5. Does BCBS-239 provide a standard implementation roadmap & benchmarks, enabling the banks to measure their compliance level or is it all judgmental? 6. Does BCBS-239 draw out some target state for the banks in terms of their business model & risk profile? 7. Have the progress documents (ie BCBS-268, 308 & 348) measured and mapped the implementation progress around some pre-defined themes? 8. How far is the ‘BCBS Committee’ confident that earnest implementation of these principles by G-SIBs & D-SIBs will enable banks to withstand the ‘future financial crises’? 2
  3. 3. Start: Adoption of 11 Principles Underlying themes Current state of play End: Totally Integrated- Automated Environment Risk management capabilities Data management capabilities RDA capabilities Risk reporting capabilities CapabilitiesThemesPrinciples/ Frameworks Overarching - Governance - IT infrastructure - Architecture Risk Data Aggregation - Accuracy & Integrity - Completeness & Timeliness - Adaptability Risk Reporting - Accuracy - Clarity & Usefulness - Frequency & Distribution Speed & Confidentiality RDA themes Automation & Adaptation Transparency Reconciliation & Validation Flexibility Materiality 3
  4. 4. 4 Why Themes….? • RDA Principles are very high level and generic. • To build a strong connection between the principles and the actual working pattern of the enterprise. • Themes have been worked out to communicate the essence of principles to the risk, business, data, finance and technology functions across the organization. • Proposed six Themes enable us to lever the understanding of the principles down to the respective function level.
  5. 5. 6-Speed & Confidentiality RDA themes 5-Automation & Adaptation 4-Transparency 3-Reconciliation & Validation 2-Flexibility 1-Materiality RDA Themes & Principles Mapping… 5 4-Completenesss 8-Comprehensiveness 9-Clarity & Usefulness 7-Accuracy 1-Governance 2-Data Architecture & IT Infrastructure 3-Accuracy & Integrity 5-Timeliness 6-Adaptability 10-Frequency 11-Distribution RDA Principles Defined in silos or in an integrated environment Empowering the management/board to make decisions with right level of information Controlled level of errors & ambiguities Moving from black box analytics towards open box & transparent analytics environment Resilience in organization to any emerging scenarios Information available on Timely & Need to know basis within near zero time lapse Themes Explained
  6. 6. 6 (f) Speed & Confidentiality RDA themes (e) Automation & Adaptation (d) Transparency (c) Reconciliation & Validation (b) Flexibility (a) Materiality 6 Risk Data Aggregation Themes…
  7. 7. BCBS-239 IMPLEMENTATION FRAMEWORK (Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting) Major Themes emerging from BCBS-239 Principles (a) Materiality (b) Flexibility (c) Reconciliation and Validation (d) Transparency (e) Automation & Adaptation (f) Speed & Confidentiality Situation Driven Arrangements Defined in siloed environment External interventions (through vendors/consultants for reporting changes) Disparate Repositories Black Box Analytics Manual Batch-based Reporting Confidential information bypassed from the reports Interim Arrangements (centralization) Framework based definitions Power-user configurable rule based model On-demand drill-down Clarity Single data pool (for all operating units ie branches, regions and HO) Automated monthly/quarterly Reporting Automated daily batch-based reporting Totally Integrated-Automated Environment Systems & Frameworks integrated with the evolving business model and risk profile End user configurable reporting/ Self service BI Risk Aggregation (ie Economic Capital) Model review, validation, monitoring and mitigation based on near real inputs, enabling current/forward looking Risk Intelligence Clarity and Robustness Near-Continuous automated and on- demand reporting Unification of Risk & Accounting Data Confidential information duly included in the reports and confidentiality of reports ensured Current State Target State 7
  8. 8. Totally Integrated-Automated Environment • Systems & Frameworks integrated with the evolving business model and risk profile • End user configurable reporting • Risk Aggregation (ie Economic Capital) • Model reviews, validation, monitoring and risk mitigation based on near real inputs, enabling Risk Intelligence • Clarity and Robustness • Near-Continuous automated and on-demand reporting • Unification of Risk & Accounting Data • Confidential information duly included in the reports and confidentiality of reports ensured Benchmarks Development Involves intensive effort to align Benchmarks with the business model and the risk profile of the bank. These benchmarks become the yardstick to measure the level of compliance. 8 TARGET STATE VISUALISATION THROUGH THE BENCHMARKS
  9. 9. 9 BENCHMARKS LINKED WITH THE TARGET STATE •Framework/Strategy •Policies •Integrated Risk Processes •Integrated Risk Data •Integrated Risk Systems Infrastructural Maturity Parameters •Ongoing Processing •Exceptions (Regulatory, Audit, Policy etc) •Loss Events Processing & Controls Maturity Parameters BCBS-239 Principles Requirements (87) Interpretation/ Understanding
  10. 10. 10 •Framework/Strategy •Policies •Integrated Risk Processes •Integrated Risk Data •Integrated Risk Systems Infrastructural Maturity Parameters •Ongoing Processing •Exceptions (Regulatory, Audit, Policy etc) •Loss Events Processing & Controls Maturity Parameters BENCHMARKS LINKED WITH THE TARGET STATE * Documentation Coverage Quality * Documentation Coverage Quality Compliance Levels Each point assessed against… Each point assessed against… 4-Fully Compliant 3-Largely Compliant 2- Materially Non- Compliant 1-Non Compliant * Each of these parameter to be assessed against the three sub-parameters (ie Documentation, Coverage & the Quality)
  11. 11. Benchmarks Working Sheet 11 Principles (2) Requirements RDA Team Interpretation -- Description of Interpretation in terms of Risk/Compliance Capability Maturity Parameters, Benchmarks & Validation Infrastructural Execution Oriented (1-5) (6-7) Level of Compliance Framework/s (Strategy) Policy/ies Process/es Risk Data System/s Ongoing Processing & Execution Exceptions/ Risk-Loss Events Data architectureand IT infrastructure – A bank should design,build and maintain data architectureand IT infrastructurewhich fully supportsits risk data aggregation capabilities and risk reporting practicesnot only in normal times but also duringtimes of stress or crisis, while still meeting the other Principles. 33. A bank should establish integrateddata taxonomies and architectureacross the banking group, which includes informationon the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data includinglegal entities, counterparties, customers and accounts. 34. Roles and responsibilities should be established as they relate to the ownership and quality of risk data and informationfor both the business and IT functions. The owners (business and IT functions), in partnership with risk managers, should ensure there are adequate controls throughout the lifecycleof the data and for all aspects of the technology infrastructure. The role of the business owner includes ensuring data is correctlyentered by the relevant front office unit, kept current and aligned with the data definitions, and also ensuring that risk data aggregationcapabilities and risk reporting practices are consistent with firms’ policies. 2. Data architecture and IT infrastructure 1 2 3 4 5 6 7 19 Data taxonomies 1-Integrated data taxonomies across the banking group a-Meta Data b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts 2-Integrated data architecture across the banking group a-Meta Data b-single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Documentation: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Coverage: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Quality: 1 Quality: 1 Quality: 1 Quality: 1 Quality: 0 Quality: 1 Quality: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 1 Benchmark: 0 Benchmark: 1 Benchmark: 1
  12. 12. Corporate Banking HR Risk Management Operations 12 Integration Automation Aggregation Risk Management Framework & Risk Strategies Risk Management Policies (#) Risk Management Process (#) --Data Items (Data Dictionary) promptly mapped to the Glossary of Business Concepts --Data Maturity Models --Utilization Integrated Platform of Risk Systems Processing of risk management constantly reviewed & Enhanced on ongoing basis Risk of Losses and Exceptions constantly monitored & managed Market Risk Ops Risk Other Risks Credit Risk CRO Dashboard Integrated Data/Information Policies Integrated Systems Integrated Processes Ongoing Processing Exceptions & Losses Frameworks/Strategies Integrated Totally Integrated–Automation… 1-Business/ Risk Areas 3-Parameters/ Modules 2-Themes
  13. 13. Totally Integrated-Automated Environment 13 1 2 3 4 1234 Integration Automation HI-HA HI-LA LI-HA LI-LA 2013 2.55 2015 2.65 Approx. 2016 & beyond ? Overall G-SIBS Progress of Results 2 0 1 5 2014 2.58 LA-Low Automation HA-High Automation LI-Low Integration HI-High Integration Full Integration Full Automation
  14. 14. BCBS-239 IMPLEMENTATION FRAMEWORK (Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting) RDARR Capabilities Capabilities Risk Management Capabilities Able to ….. -Identify & Assess Risk -Quantify & Manage Risk - Control & Monitor Risk - Report the Risk Infrastructure & Data Management Capabilities Able to …. - Identify & Describe Data - Stage & Store Data - Provide & Share Data - Integrate & Move Data - Govern & Manage Data Risk Data Aggregation Capabilities Able to…. -Have global consolidated - view of data - view of exposure - view of risk - Adapt to the emerging scenarios Risk Reporting Capabilities Able to provide: - dynamic & multi-dimensional view of risk analytics - scenario based and action oriented analytics - entity plus group wide view of risk analysis - top down and bottom up risk steering START Situation Driven Arrangements Interim Arrangements Totally Integrated- Automated Environment 14
  15. 15. BCBS-239 IMPLEMENTATION FRAMEWORK (Our Understanding -Totally Integrated-Automation of Risk Data Aggregation & Risk Reporting) START Situation Driven Arrangements Interim Arrangements Totally Integrated- Automated Environment Principles/ Frameworks Risk Management Capabilities Infrastructure & Data Management Capabilities Risk Data Aggregation Capabilities Risk Reporting Capabilities P r i n c i p l e s / F r a m e w o r k s Risk Governance Data Governance Aggregation Governance Reporting Governance P r i n c i p l e s / F r a m e w o r k s Risk - IT Infrastructure Data - IT Infrastructure Aggregation - IT Infrastructure Reporting - IT Infrastructure Risk Architecture Data Architecture RDA Architecture Reporting Architecture Basel Principles of Sound Risk Management& Corporate Governance DAMA Data Management Maturity (DMM) Model Data Management Capability Assessment (DCAM) Model …. Accuracy & Integrity Accuracy Completeness Comprehensiveness Timeliness Clarity & Usefulness Adaptability Frequency Distribution
  16. 16. EMBEDDING INTO BIGGER REPORTING FRAMEWORK 16 Basic Cubes ‘Input Layer’ Data Dictionary Smart Cubes ‘Output Layer’ Aggregated Bank, Regulatory, National Needs Templates Aggregation Loans Securities Integrated Data Dictionary https://www.bis.org/ifc/events/ifc_isi.../010_turner_presentation.pdf
  17. 17. 17 Consumers Devil lies in Data CHANGE NEEDS TO BE REAL….
  18. 18. 18 1. Internal reports need to be covered comprehensively encompassing the regulatory content as well. 2. Focused on integrating & automating the reports. 3. An investment for the future. 4. Regulators need to be intensively engaged in this exercise. 5. BCBS-239 being a principle-based requirement does not provide a standard implementation roadmap & benchmarks and thus leave it to the banks. 6. BCBS-239 does not draw out target state for the banks and leaves it to them in terms of their business model & risk profile? 7. Progress documents (ie BCBS-268, 308 & 348) does not reflect the themes to be followed. 8. Low score on the part of banks is a cause of concern to withstand the ‘future financial crises’ BCBS-239 Related Questions & Challenges - Our answer..
  19. 19. 19

×