Strengthening data quality management in banks
Tanjib Rubaiyat | Wednesday, 15 July 2015
Managing risks efficiently and effectively has always been a major concern of banks and financial institutions in our country and abroad. A good risk management team offers comfort to a financial institution and its stakeholders. But what's about the data they are working with? How good and concrete is the data? This fact is often overlooked and not covered properly in risk management functionality. So the first area of concern should be the quality of data and risk insight. Then we are all set for fighting risks.
To understand the need of risk insight and data quality management, we have to go a few steps backward. One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks' information technology (IT) and data architectures were inadequate to support broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and among legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices. This had severe consequences for the banks themselves and to the stability of the financial system as a whole.
In response to the financial crisis, the Basel Committee emphasised that a sound risk management system should have appropriate management information systems (MIS) at the business and bank level. The Basel Committee also included references to data aggregation as part of its guidance on corporate governance. Improving banks' ability to aggregate risk data will improve their resolvability. For systemically important banks (SIBs) in particular, a robust data framework will help banks and supervisors anticipate problems ahead. It will also improve the prospects of finding alternative options to restore financial strength and viability when the firm comes under severe stress.
Now the question could be how can risks be foreseen by improving the quality of data? The Basel Committee on Bank Supervision (BCBS) has come up with a framework commonly known as BCBS 239. Initially this framework is applicable on the global systemically important banks (G-SIBs) which will gradually engage domestic systemically important banks (D-SIBs). This framework presents a set of principles to strengthen a bank's risk data aggregation capabilities and internal risk reporting practices. Effective implementation of these principles is expected to enhance risk management and decision-making process of a bank. The principles cover four closely related topics:
* Governance and infrastructure,
* Risk data aggregation capabilities,
* Risk reporting practices and
* Supervisory review, tools and cooperation
The BCBS 239 was born out of the recent financial crisis and the realisation of the inadequacies of banks' IT and data architectures, which left them unable to aggregate risk quickly and accurately, and manage those properly. The global financial crisis provided a sharp indication that banks' data infrastructure around the world were inadequate to support early identification and timely management of financial risks. It comprises a set of principles aimed at making sure the aggregation of data is such that banks can monitor risks accordingly and importantly, report them accurately in a timely fashion. Covering these four topics, the BCBS 239 constitutes 14 key principles among which are keys to data management and infrastructure:
I. OVERARCHING GOVERNANCE AND INFRASTRUCTURE:
Governance: A bank's risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee.
Data architecture and IT infrastructure: A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis.
II. RISK DATA AGGREGATION CAPABILITIES:
Accuracy and integrity: A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimise the probability of errors.
Completeness: A bank should be able to capture and aggregate all material risk data across the banking group.
Timeliness: A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principles relating to accuracy and integrity, completeness and adaptability.
Adaptability: A bank should be able to generate aggregate risk data to meet a broad range of on-demand, ad-hoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
III. RISK REPORTING PRACTICES:
Accuracy: Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated.
Comprehensiveness: Risk management reports should cover all material risk areas within the organisation; the depth and scope of these reports should be consistent with the size and complexity of the bank's operations and risk profile.
Clarity and usefulness: Risk management reports should communicate information in a clear and concise manner. Reports should be easy to understand yet comprehensive enough to facilitate informed decision-making.
Frequency: Frequency requirements should reflect the needs of the recipients, the nature of the risk reported, and the speed, at which the risk can change, as well as the importance of reports in contributing to sound risk management and effective and efficient decision-making across the bank.
A bank/FI (financial institute) should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimise the probability of errors. Many global banks recognise the benefits of improving their risk data aggregation capabilities and are working towards this goal. They see the improvements in terms of strengthening the capability and the status of the risk function to make judgments. This leads to gains in efficiency, reduced probability of losses and enhanced strategic decision-making, and ultimately increased profitability. Globally, regulators/supervisors observe that making improvements in risk data aggregation capabilities and risk reporting practices remains a challenge for banks, and supervisors would like to see more progress, for now at G-SIBs, then D-SIBs and then the others. Moreover, as the memories of the crises fade over time, there is a danger that the enhancement of banks' capabilities in these areas may receive a slower-track treatment.
The banking industry of Bangladesh is very much aligned with global frameworks like Basel accord. Though it is not evident but the fact is many banks lack the ability to aggregate risk exposures and reporting the risk effectively. Risk insight and quality of data are such things which cannot be enforced by a supervisor without the willingness of the bank itself. History shows that neglecting these areas had severe consequences on some global banking giants and none of these banking giants was compliant with standard regulatory frameworks. The Bangladesh Bank should come up with some directives regarding data quality management as an addition to Basel-III implementation. Successful implementation of a framework similar to the BCBS 239 requires both risk management and data management expertise, with practitioners being able to communicate expertly and authoritatively with both business and IT functions. Working across departments such as risk, finance, IT and operations takes a holistic rather than silo approach. If a holistic business-focused approach is not taken, an organisation may still be compliant but it may run the risk of making bad decisions.
In the coming years, it can be expected that the principles for effective risk data aggregation and risk reporting will become best practices and that they will foster leaner risk management structures and more agile banks. Improving risk data aggregation will not only help banks foresee and anticipate problems but Will also help improve the stability of the financial system as a whole. It would be wonderful to see all the players in the banking industry realise the importance of improving their risk data management practices and hence the quality of their risk data. While there are up-front costs and resources required, doing so will pay dividends for an organisation, enhancing risk functions' judgments and informing decision-making.
The writer is a banker.
tanjib.eee@gmail.com