The Principles aim to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, and become effective 1 January 2016
- Report from December 2015
- Draw out key lessons learned and elaborate key recommendations to further facilitate implementation
- The 11 Principles can be divided into three main pillars: (i) governance and infrastructure; (ii) data aggregation; and (iii) risk reporting
- In 2013 and 2014, banks completed two self-assessment questionnaires on their level of compliance with the requirements under Principles 1–11
- Effective implementation of the Principles goes beyond a checklist approach. It requires an understanding of the objectives behind the requirements
- There is an expectation that banks should meet all risk data aggregation and risk reporting principles simultaneously. However, there are likely to be trade-offs.
- It is important to emphasise quality over timeliness; that is, it is more important to ensure that banks develop high-quality infrastructure rather than resorting to “band-aid” solutions to meet the implementation deadline
- Supervisors should conduct more in-depth/specialised examinations on data aggregation requirements to evaluate weaknesses
- Achieving full automation is not possible. It is important that banks have the appropriate controls around any manual processes
- Some G-SIBs’ (Global Systemically Important Banks) IT architecture may have reached an unmanageable level. Banks should consider reducing the complexity of their systems
Findings
- Under-investment prior to the development of the Principles, or the significant costs associated with it, completing large-scale infrastructure projects on time continues to be seen as the most significant obstacle to full compliance
- Significant gaps in terms of data accuracy and adaptability were also identified. Principle 3 (accuracy/integrity) and Principle 6 (risk data aggregation adaptability) had some of the lowest reported compliance ratings
- Challenges associated with documentation of processes, particularly in large banking groups which operate in a number of jurisdictions or across a number of business lines.
- The ability to adapt data processes, particularly for ad hoc requests, is persistently weak
Noticeable principles
- Data should be aggregated on a largely automated basis so as to minimise the probability of errors (principle 3)
- A bank should be able to capture and aggregate all material risk data across the banking group (principle 4) (in a timely manner – principle 5)
- Reports should be easy to understand yet comprehensive enough to facilitate informed decision-making. An appropriate balance between risk data, analysis and interpretation, and qualitative explanations. (principle 9)