1 / 140

P a g e | 1

P a g e | 1 Inter n a tio n a l A s s oci a t ion of R isk a nd Compl i a n c e Pro f e s s io n a ls ( I A RCP) 1200 G St re e t NW Su i te 800 W a s h i ng t o n, D C 200 0 5 - 67 0 5 U SA T e l : 202 - 449 - 9750 w w w .ri s k - co m pl i a nce - a s s o c i a tion . co m.

talor
Télécharger la présentation

P a g e | 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P age |1 InternationalAssociationofRiskandCompliance Professionals(IARCP) 1200GStreetNWSuite800Washington, DC20005-6705USATel:202-449-9750www.risk-compliance-association.com Top10riskandcompliancemanagementrelatednewsstoriesandworldeventsthat(forbetterorforworse)shapedthe week'sagenda,andwhatisnext DearMember, IfItellyouthatthispaperfromtheBasel Committeestartswithapoem,willyoubelieveme? Itistrue! IsawitandIimmediatelythought…Oh,it’sgoingtobeabadday. Inthepast,IsometimeshadtospendonehourperpagetounderstandsomeBaselii/iiipapers…nowthattheyneedapoemtostart,whatisgoingtohappen? Iknowyouask…whatpoemGeorge? “Whereisthewisdomwehavelostinknowledge?Whereistheknowledgewehavelostininformation?” T.S.Eliot.TheRock(1934) NowIamsure:T.SEliotcouldbecomeariskmanagementexpert. Ialwaysinvestigateeverysection,referenceandpastpapermentionedtoanypaperfromtheBaselcommittee(thisishowIspendonehourperpageaverage),soIwanttoreadallthepoem,notonlythispart.Itmaybeimportantinordertounderstandtheregulation!Otherwise,whywouldtheystartwithapoem? Ifoundthepartofthepoemthatwaswritteninthepaper: InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  2. P age |2 WhereistheLifewehavelostinliving? Whereisthewisdomwehavelostinknowledge?Whereistheknowledgewehavelostininformation? NowIwonderwhytheyignoredthefirstpart“WhereistheLifewehavelostinliving?” Perhapstheyknowtheanswer…tryingtocomplywithBasel{1,2,3…} Icalledafriend,attorneyandlobbyistinWashingtonDCandIaskedhimaboutthepoem…well,heknewitverywell,andhetoldmethatthepoemisaboutalifelivedwithoutreligion;itisagainstcommunismandfascism,againsttotalitarianregimes.(Myfirstthought:DidImentionwhichpoem?) Oh,perhapsImustcallanotherfriend,auniversityprofessorinHarvard,tohaveanotheropinionandtokeepsomewhereinthemiddle?No,itistoomuchforaday,Iwillbetterreadthepoem. Thepoem… TheEaglesoarsinthesummitofHeaven,TheHunterwithhisdogspursueshiscircuit. Оperpetualrevolutionofconfiguredstars, Оperpetualrecurrenceofdeterminedseasons,Оworldofspringandautumn,birthanddying! *** WhereistheLifewehavelostinliving? Whereisthewisdomwehavelostinknowledge? Whereistheknowledgewehavelostininformation? InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  3. P age |3 *** IjourneyedtoLondon,tothetimekeptCity, WheretheRiverflows,withforeignflotations.ThereIwastold:wehavetoomanychurches,Andtoofewchop-houses.ThereIwastold: Letthevicarsretire.MendonotneedtheChurch Intheplacewheretheywork,butwheretheyspendtheirSundays. IntheCity,weneednobells:Letthemwakenthesuburbs. Ijourneyedtothesuburbs,andthereIwastold:Wetoilforsixdays,ontheseventhwemustmotor ToHindhead,orMaidenhead. Iftheweatherisfoulwestayathomeandreadthepapers.Inindustrialdistricts,thereIwastold Ofeconomiclaws. Inthepleasantcountryside,thereitseemedThatthecountrynowisonlyfitforpicnics.AndtheChurchdoesnotseemtobewantedIncountryorinsuburbs;andinthetown InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  4. P age |4 Onlyforimportantweddings. *** Theworldturnsandtheworldchanges,Butonethingdoesnotchange. Inallofmyyears,onethingdoesnotchange. Howeveryoudisguiseit,thisthingdoesnotchange:TheperpetualstruggleofGoodandEvil. *** Thedesertisnotremoteinsoutherntropics,Thedesertisnotonlyaroundthecorner, Thedesertissqueezedinthetube-trainnexttoyou. Thedesertisintheheartofyourbrother. *** ThevoicesoftheUnemployed:Nomanhashiredus WithpocketedhandsAndloweredfaces WestandaboutinopenplacesAndshiverinunlitrooms. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  5. P age |5 OnlythewindmovesOveremptyfields,untilled Wheretheploughrests,atanangleTothefurrow.Inthisland Thereshallbeonecigarettetotwomen, TotwowomenonehalfpintofbitterAle.Inthisland Nomanhashiredus. Ourlifeisunwelcome,ourdeathUnmentionedin“TheTimes.” *** Whatlifehaveyouifyouhavenotlifetogether?Thereisnolifethatisnotincommunity, AndnocommunitynotlivedinpraiseofGod. *** Andnowyoulivedispersedonribbonroads.Andnomanknowsorcareswhoishisneighbour Unlesshisneighbourmakestoomuchdisturbance,Butalldashtoandfroinmotorcars, InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  6. P age |6 Familiarwiththeroadsandsettlednowhere.Nordoesthefamilyevenmoveabouttogether.Buteverysonwouldhavehismotorcycle, Anddaughtersrideawayoncasualpillions. *** InthelandoflobeliasandtennisflannelsTherabbitshallburrowandthethornrevisit,Thenettleshallflourishonthegravelcourt, Andthewindshallsay:“Hereweredecentgodlesspeople:Theironlymonumenttheasphaltroad Andathousandlostgolfballs.” *** WhentheStrangersays:“Whatisthemeaningofthiscity?Doyouhuddleclosetogetherbecauseyouloveeachother?” Whatwillyouanswer?“Wealldwelltogether Tomakemoneyfromeachother”?or“Thisisacommunity”?AndtheStrangerwilldepartandreturntothedesert. Оmysoul,bepreparedforthecomingoftheStranger, Bepreparedforhimwhoknowshowtoaskquestions. ОwearinessofmenwhoturnfromGod InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  7. P age |7 Tothegrandeurofyourmindandthegloryofyouraction,Toartsandinventionsanddaringenterprises. Toschemesofhumangreatnessthoroughlydiscredited.Bindingtheearthandthewatertoyourservice, Exploitingtheseasanddevelopingthemountains, Dividingthestarsintocommonandpreferred.Engagedindevisingtheperfectrefrigerator,Engagedinworkingoutarationalmorality,Engagedinprintingasmanybooksaspossible,Plottingofhappinessandflingingemptybottles,TurningfromyourvacancytofeveredenthusiasmFornationorraceorwhatyoucallhumanity;ThoughyouforgetthewaytotheTemple, Thereisonewhoremembersthewaytoyourdoor:Lifeyoumayevade,butDeathyoushallnot. YoushallnotdenytheStranger. *** Butitseemsthatsomethinghashappenedthathasneverhappened before: thoughweknownotjustwhen,orwhy,or InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  8. P age |8 how,orwhere. MenhaveleftGodnotforothergods,theysay,butfornogod;andthishasneverhappenedbefore Thatmenbothdenygodsandworshipgods,professingfirstReason, AndthenMoney,andPower,andwhattheycallLife,orRace,orDialectic. TheChurchdisowned,thetoweroverthrown,thebellsup-turned,whathavewetodo ButstandwithemptyhandsandpalmsturnedupwardsInanagewhichadvancesprogressivelybackwards? *** T.S.Eliot Ok,NowIfeelthatIwillunderstandthepaperfromtheBaselCommittee. IalsofoundanotherpartofthepoemthatissuitabletostartanotherBaseliiipaper: “Bepreparedforhimwhoknowshowtoaskquestions”. Readmore(aboutthepaper,notthepoem)atnumber1below.WelcometotheTop10list. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  9. P age |9 PrinciplesforeffectiveriskdataaggregationandriskreportingJanuary2013 Thefinancialcrisisthatbeganin2007 revealedthatmanybanks,includingglobalsystemicallyimportantbanks(G-SIBs),wereunabletoaggregateriskexposuresandidentifyconcentrationsfully,quicklyandaccurately. Thismeantthatbanks'abilitytotakeriskdecisionsinatimelyfashionwasseriously impairedwithwide-rangingconsequencesforthebanksthemselvesand forthestabilityofthefinancialsystemasawhole. ViceChairJanetL.Yellen AttheAmericanEconomic Association/AmericanFinanceAssociationJointLuncheon,SanDiego,California InterconnectednessandSystemicRisk:LessonsfromtheFinancialCrisisandPolicyImplications InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  10. P age |10 Islamicfinanceindustryneedstransformation TheIslamicfinancialservicesindustryneedstoundergoacompletetransformationinordertoberecognizedandrespectedasamajorglobalplayer,akeyconferenceinBahrainheard. ESMAandtheEBAtakeactiontostrengthenEuribor andbenchmarkrate-settingprocesses TheEuropeanSecuritiesandMarketsAuthority(ESMA)andtheEuropeanBankingAuthority(EBA)publishedtheresultsoftheirjointworkonEuriborandproposeprinciplesforbenchmarkrate-settingprocesses.Thepublicationsinclude: ReportfromtheCommissiontotheEuropeanParliamentandtheCouncil Thereviewofthe Directive2002/87/ECoftheEuropeanParliamentandtheCouncilonthesupplementarysupervisionofcreditinstitutions,insuranceundertakingsandinvestmentfirmsinafinancialconglomerate InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  11. P age |11 ESMAtoprovidetechnicaladvice onpossibledelegatedactsconcerningtheProspectusDirective TheEuropeanCommissionsentaformalrequeston20January2011toESMAtoprovidetechnicaladviceonpossibledelegatedactsconcerningtheProspectusDirectiveasamendedbyDirective2010/73/EU(theMandate). RegulatoryResolutionsfor2013 RemarksbyAssistantSuperintendent MarkZelmer,OfficeoftheSuperintendentofFinancialInstitutionsCanada(OSFI)tothe2013RBCCapitalMarketsCanadianBankCEOConference FifthprogressnoteontheGlobalLEIInitiative Thisisthefifthofaseriesofnoteson theimplementationofthelegalentityidentifier(LEI)initiative. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  12. P age |12 Corporategovernance AddressbyMrYandraduthGoogoolye,FirstDeputyGovernoroftheBankofMauritius,atthe workshopon“Corporategovernance”,organisedbytheMauritiusInstituteofDirectors,Port-Louis 'StandardQuantumLimit'Smashed,CouldMeanBetterFiber-OpticComms FromNISTTechBeat Communicatingwithlightmaysoongetaloteasier,hintsrecentresearchfromtheNationalInstituteofStandardsandTechnology(NIST)andtheUniversityofMaryland'sJointQuantumInstitute(JQI),wherescientistshavepotentiallyfoundawaytoovercomealongstandingbarriertocleanersignals. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  13. P age |13 PrinciplesforeffectiveriskdataaggregationandriskreportingJanuary2013 Thefinancialcrisisthatbeganin2007 revealedthatmanybanks,includingglobalsystemicallyimportantbanks(G-SIBs),wereunabletoaggregateriskexposuresandidentifyconcentrationsfully,quicklyandaccurately. Thismeantthatbanks'abilitytotakeriskdecisionsinatimelyfashionwasseriously impairedwithwide-rangingconsequencesforthebanksthemselvesand forthestabilityofthefinancialsystemasawhole. TheBaselCommittee'sPrinciplesforeffectiveriskdataaggregationwillstrengthenbanks'riskdataaggregationcapabilitiesandinternalrisk reportingpractices. Implementationoftheprincipleswillstrengthenriskmanagementatbanks-inparticular,G-SIBs-therebyenhancingtheirabilitytocopewithstressandcrisissituations. AnearlierversionoftheprinciplespublishedtodaywasissuedforconsultationinJune2012. TheCommitteewishestothankthosewhoprovidedfeedbackandcommentsasthesewereinstrumentalinrevisingandfinalisingtheprinciples. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  14. P age |14 Principlesforeffectiveriskdataaggregationandriskreporting Whereisthewisdomwehavelostinknowledge?Whereistheknowledgewehavelostininformation? T.S.Eliot.TheRock(1934) Introduction Oneofthemostsignificantlessonslearnedfromtheglobalfinancialcrisisthatbeganin2007wasthatbanks’informationtechnology(IT)anddataarchitectureswereinadequatetosupportthebroadmanagementoffinancialrisks. Manybankslackedtheabilitytoaggregateriskexposuresandidentifyconcentrationsquicklyandaccuratelyatthebankgrouplevel,acrossbusinesslinesandbetweenlegalentities. Somebankswereunabletomanagetheirrisksproperlybecauseofweakriskdataaggregationcapabilitiesandriskreportingpractices. Thishadsevereconsequencestothebanksthemselvesandtothestabilityofthefinancialsystemasawhole. Inresponse,theBaselCommitteeissuedsupplementalPillar2(supervisoryreviewprocess)guidancetoenhancebanks’abilitytoidentifyandmanagebank-widerisks. Inparticular,theCommitteeemphasisedthatasoundriskmanagementsystemshouldhaveappropriatemanagementinformationsystems(MIS)atthebusinessandbank-widelevel. TheBaselCommitteealsoincludedreferencestodataaggregationaspartofitsguidanceoncorporategovernance. Improvingbanks’abilitytoaggregateriskdatawillimprovetheirresolvability. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  15. P age |15 Forglobalsystemicallyimportantbanks(G-SIBs)inparticular,itisessentialthatresolutionauthoritieshaveaccesstoaggregateriskdatathatcomplieswiththeFSB’sKeyAttributesofEffectiveResolutionRegimesforFinancialInstitutionsaswellastheprinciplessetoutbelow. Forrecovery,arobustdataframeworkwillhelpbanksandsupervisorsanticipateproblemsahead. Itwillalsoimprovetheprospectsoffindingalternativeoptionstorestorefinancialstrengthandviabilitywhenthefirmcomesunderseverestress. Forexample,itcouldimprovetheprospectsoffindingasuitablemergerpartner. Manyinthebankingindustryrecognisethebenefitsofimprovingtheirriskdataaggregationcapabilitiesandareworkingtowardsthisgoal. Theyseetheimprovementsintermsofstrengtheningthecapabilityandthestatusoftheriskfunctiontomakejudgements. Thisleadstogainsinefficiency,reducedprobabilityoflossesandenhancedstrategicdecision-making,andultimatelyincreased profitability. Supervisorsobservethatmakingimprovementsinriskdataaggregationcapabilitiesandriskreportingpracticesremainsachallengeforbanks,andsupervisorswouldliketoseemoreprogress,inparticular,atG-SIBs. Moreover,asthememoriesofthecrisisfadeovertime,thereisadangerthattheenhancementofbanks’capabilitiesintheseareasmayreceiveaslower-tracktreatment. ThisisbecauseITsystems,dataandreportingprocessesrequiresignificantinvestmentsoffinancialandhumanresourceswithbenefitsthatmayonlyberealisedoverthelong-term. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  16. P age |16 • 6.TheFinancialStabilityBoard(FSB)hasseveralinternationalinitiativesunderwaytoensurecontinuedprogressismadeinstrengtheningfirms’riskdataaggregationcapabilitiesandriskreportingpractices,whichisessentialtosupportfinancialstability. • Theseinclude: • ThedevelopmentofthePrinciplesforeffectiveriskdataaggregationandriskreportingincludedinthisreport. • ThisworkstemsfromarecommendationintheFSB’sProgressreportonimplementingtherecommendationsonenhancedsupervision,issuedon4November2011: • “TheFSB,incollaborationwiththestandardsetters,willdevelopasetofsupervisoryexpectationstomovefirms’,particularlySIFIs,dataaggregationcapabilitiestoalevelwheresupervisors,firms,andotherusers(egresolutionauthorities)ofthedataareconfidentthattheMISreportsaccuratelycapturetherisks. • AtimelineshouldbesetforallSIFIstomeetsupervisoryexpectations;thedeadlineforG-SIBstomeettheseexpectationsshouldbethebeginningof2016,whichisthedatewhentheaddedlossabsorbencyrequirementbeginstobephasedinforG-SIBs.” • Thedevelopmentofanewcommondatatemplateforglobalsystemicallyimportantfinancialinstitutions(G-SIFIs)inordertoaddresskeyinformationgapsidentifiedduringthecrisis,suchasbi-lateralexposuresandexposurestocountries/sectors/instruments. • Thisshouldprovidetheauthoritieswithastrongerframeworkforassessingpotentialsystemicrisks. • Apublic-privatesectorinitiativetodevelopaLegalEntityIdentifier(LEI)system. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  17. P age |17 • TheLEIsystemwillidentifyuniquepartiestofinancialtransactionsacrosstheglobeandisdesignedtobeakeybuildingblockforimprovementsinthequalityoffinancialdataacrosstheglobe. • Therearealsootherinitiativesandrequirementsrelatingtodatathatwillhavetobeimplementedinthefollowingyears. • TheCommitteeconsidersthatupgradedriskdataaggregationandrisk reportingpracticeswillallowbankstocomplyeffectivelywiththoseinitiatives. • Definition • Forthepurposeofthispaper,theterm“riskdataaggregation”means • defining,gatheringandprocessingriskdataaccordingtothebank’sriskreportingrequirementstoenablethebanktomeasureitsperformance • againstitsrisktolerance/appetite. • Thisincludessorting,mergingorbreakingdownsetsofdata. • Objectives • Thispaperpresentsasetofprinciplestostrengthenbanks’riskdataaggregationcapabilitiesandinternalriskreportingpractices(thePrinciples). • Inturn,effectiveimplementationofthePrinciplesisexpectedtoenhanceriskmanagementanddecision-makingprocessesatbanks. • TheadoptionofthesePrincipleswillenablefundamentalimprovementstothemanagementofbanks. • ThePrinciplesareexpectedtosupportabank’seffortsto: • Enhancetheinfrastructureforreportingkeyinformation,particularlythatusedbytheboardandseniormanagementtoidentify,monitorandmanagerisks; InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  18. P age |18 • Improvethedecision-makingprocessthroughoutthebankingorganisation; • Enhancethemanagementofinformationacrosslegalentities,whilefacilitatingacomprehensiveassessmentofriskexposuresattheglobalconsolidatedlevel; • Reducetheprobabilityandseverityoflossesresultingfromriskmanagementweaknesses; • Improvethespeedatwhichinformationisavailableandhencedecisionscanbemade;and • Improvetheorganisation’squalityofstrategicplanningandtheabilitytomanagetheriskofnewproductsandservices. • Strongriskmanagementcapabilitiesareanintegralpartofthefranchisevalueofabank. • EffectiveimplementationofthePrinciplesshouldincreasethevalueofthebank. • TheCommitteebelievesthatthelong-termbenefitsofimprovedriskdataaggregationcapabilitiesandriskreportingpracticeswilloutweightheinvestmentcostsincurredbybanks. • Forbanksupervisors,thesePrincipleswillcomplementothereffortstoimprovetheintensityandeffectivenessofbanksupervision. • Forresolutionauthorities,improvedriskdataaggregationshouldenablesmootherbankresolution,therebyreducingthepotentialrecoursetotaxpayers. • Scopeandinitialconsiderations • ThesePrinciplesareinitiallyaddressedtoSIBsandapplyatboththebankinggroupandonasolobasis. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  19. P age |19 Commonandclearlystatedsupervisoryexpectationsregardingriskdataaggregationandriskreportingarenecessaryfortheseinstitutions. NationalsupervisorsmayneverthelesschoosetoapplythePrinciplestoawiderrangeofbanks,inawaythatisproportionatetothesize,natureandcomplexityofthesebanks’operations. 14.BanksidentifiedasG-SIBsbytheFSBinNovember2011orNovember2012mustmeetthesePrinciplesbyJanuary2016; G-SIBsdesignatedinsubsequentannualupdateswillneedtomeetthePrincipleswithinthreeyearsoftheirdesignation. G-SIBssubjecttothe2016timelineareexpectedtostartmakingprogresstowardseffectivelyimplementingthePrinciplesfromearly2013. NationalsupervisorsandtheBaselCommitteewillmonitorandassess thisprogressinaccordancewithsectionVofthisdocument. ItisstronglysuggestedthatnationalsupervisorsalsoapplythesePrinciplestobanksidentifiedasD-SIBsbytheirnationalsupervisorsthreeyearsaftertheirdesignationasD-SIBs. ThePrinciplesandsupervisoryexpectationscontainedinthispaperapplytoabank’sriskmanagementdata. Thisincludesdatathatiscriticaltoenablingthebanktomanagetherisksitfaces. Riskdataandreportsshouldprovidemanagementwiththeabilitytomonitorandtrackrisksrelativetothebank’srisktolerance/appetite. ThesePrinciplesalsoapplytoallkeyinternalriskmanagementmodels,includingbutnotlimitedto,Pillar1regulatorycapitalmodels(eginternalratings-basedapproachesforcreditriskandadvancedmeasurementapproachesforoperationalrisk),Pillar2capitalmodelsandotherkeyriskmanagementmodels(egvalue-at-risk). InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  20. P age |20 • ThePrinciplesapplytoabank’sgroupriskmanagementprocesses.However,banksmayalsobenefitfromapplyingthePrinciplestoother • processes,suchasfinancialandoperationalprocesses,aswellassupervisoryreporting. • AllthePrinciplesincludedinthispaperarealsoapplicabletoprocessesthathavebeenoutsourcedtothirdparties. • ThePrinciplescoverfourcloselyrelatedtopics: • Overarchinggovernanceandinfrastructure • Riskdataaggregationcapabilities • Riskreportingpractices • Supervisoryreview,toolsandcooperation • Riskdataaggregationcapabilitiesandriskreportingpracticesare consideredseparatelyinthispaper,buttheyareclearlyinter-linkedandcannotexistinisolation. • Highqualityriskmanagementreportsrelyontheexistenceofstrongriskdataaggregationcapabilities,andsoundinfrastructureandgovernanceensurestheinformationflowfromonetotheother. • Banksshouldmeetallriskdataaggregationandriskreportingprinciplessimultaneously. • However,trade-offsamongPrinciplescouldbeacceptedinexceptional circumstancessuchasurgent/adhocrequestsofinformationonneworunknownareasofrisk. • Thereshouldbenotrade-offsthatmateriallyimpactriskmanagementdecisions. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  21. P age |21 Decision-makersatbanks,inparticulartheboardandseniormanagement,shouldbeawareofthesetrade-offsandthelimitationsorshortcomingsassociatedwiththem. Supervisorsexpectbankstohavepoliciesandprocessesinplaceregardingtheapplicationoftrade-offs. Banksshouldbeabletoexplaintheimpactofthesetrade-offsontheirdecision-makingprocessthroughqualitativereportsand,totheextentpossible,quantitativemeasures. Theconceptofmaterialityusedinthispapermeansthatdataandreportscanexceptionallyexcludeinformationonlyifitdoesnotaffectthedecision-makingprocessinabank(iedecision-makers,inparticulartheboardandseniormanagement,wouldhavebeeninfluencedbytheomittedinformationormadeadifferentjudgmentifthecorrectinformationhadbeenknown). Inapplyingthematerialityconcept,bankswilltakeintoaccountconsiderationsthatgobeyondthenumberorsizeoftheexposuresnot included,suchasthetypeofrisksinvolved,ortheevolvinganddynamicnatureofthebankingbusiness. Banksshouldalsotakeintoaccountthepotentialfutureimpactoftheinformationexcludedonthedecision-makingprocessattheirinstitutions. Supervisorsexpectbankstobeabletoexplaintheomissionsofinformationasaresultofapplyingthematerialityconcept. Banksshoulddevelopforwardlookingreportingcapabilitiestoprovideearlywarningsofanypotentialbreachesofrisklimitsthatmayexceedthebank’srisktolerance/appetite. Theseriskreportingcapabilitiesshouldalsoallowbankstoconductaflexibleandeffectivestresstestingwhichiscapableofprovidingforward-lookingriskassessments. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  22. P age |22 Supervisorsexpectriskmanagementreportstoenablebankstoanticipateproblemsandprovideaforwardlookingassessmentofrisk. 25.Expertjudgmentmayoccasionallybeappliedtoincompletedatatofacilitatetheaggregationprocess,aswellastheinterpretationofresultswithintheriskreportingprocess. Relianceonexpertjudgmentinplaceofcompleteandaccuratedatashouldoccuronlyonanexceptionbasis,andshouldnotmateriallyimpactthebank’scompliancewiththePrinciples. Whenexpertjudgmentisapplied,supervisorsexpectthattheprocessbeclearlydocumentedandtransparentsoastoallowforanindependentreviewoftheprocessfollowedandthecriteriausedinthe decision-makingprocess. I.Overarchinggovernanceandinfrastructure 26.Abankshouldhaveinplaceastronggovernanceframework,riskdataarchitectureandITinfrastructure. ThesearepreconditionstoensurecompliancewiththeotherPrinciplesincludedinthisdocument. Inparticular,abank’sboardshouldoverseeseniormanagement’sownershipofimplementingalltheriskdataaggregationandrisk reportingprinciplesandthestrategytomeetthemwithinatimeframeagreedwiththeirsupervisors. Principle1 Governance–Abank’sriskdataaggregationcapabilitiesandriskreportingpracticesshouldbesubjecttostronggovernancearrangementsconsistentwithotherprinciplesandguidanceestablishedbytheBaselCommittee. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  23. P age |23 Abank’sboardandseniormanagementshouldpromotetheidentification,assessmentandmanagementofdataqualityrisksaspartofitsoverallriskmanagementframework. Theframeworkshouldincludeagreedservicelevelstandardsforbothoutsourcedandin-houseriskdata-relatedprocesses,andafirm’spoliciesondataconfidentiality,integrityandavailability,aswellasriskmanagementpolicies. Abank’sboardandseniormanagementshouldreviewandapprovethebank’sgroupriskdataaggregationandriskreportingframeworkandensurethatadequateresourcesaredeployed. Abank’sriskdataaggregationcapabilitiesandriskreportingpracticesshouldbe: Fullydocumentedandsubjecttohighstandardsofvalidation. Thisvalidationshouldbeindependentandreviewthebank’scompliancewiththePrinciplesinthisdocument. Theprimarypurposeoftheindependentvalidationistoensurethatabank'sriskdataaggregationandreportingprocessesarefunctioningasintendedandareappropriateforthebank'sriskprofile. Independentvalidationactivitiesshouldbealignedandintegratedwiththeotherindependentreviewactivitieswithinthebank'sriskmanagementprogram,andencompassallcomponentsofthebank'sriskdataaggregationandreportingprocesses. CommonpracticessuggestthattheindependentvalidationofriskdataaggregationandriskreportingpracticesshouldbeconductedusingstaffwithspecificIT,dataandreportingexpertise. Consideredaspartofanynewinitiatives,includingacquisitionsand/ordivestitures,newproductdevelopment,aswellasbroaderprocessandITchangeinitiatives. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  24. P age |24 Whenconsideringamaterialacquisition,abank’sduediligenceprocessshouldassesstheriskdataaggregationcapabilitiesandriskreportingpracticesoftheacquiredentity,aswellastheimpactonitsownriskdataaggregationcapabilitiesandriskreportingpractices. Theimpactonriskdataaggregationshouldbeconsideredexplicitlybytheboardandinformthedecisiontoproceed. Thebankshouldestablishatimeframetointegrateandaligntheacquiredriskdataaggregationcapabilitiesandriskreportingpracticeswithinitsownframework. (c)Unaffectedbythebank’sgroupstructure. Thegroupstructureshouldnothinderriskdataaggregationcapabilitiesataconsolidatedleveloratanyrelevantlevelwithintheorganisation(egsub-consolidatedlevel,jurisdictionofoperationlevel). Inparticular,riskdataaggregationcapabilitiesshouldbeindependentfromthechoicesabankmakesregardingitslegalorganisationandgeographicalpresence. 30.Abank’sseniormanagementshouldbefullyawareofandunderstandthelimitationsthatpreventfullriskdataaggregation,intermsofcoverage(egrisksnotcapturedorsubsidiariesnotincluded),intechnicalterms(egmodelperformanceindicatorsordegreeofrelianceonmanualprocesses)orinlegalterms(legalimpedimentstodatasharingacrossjurisdictions). Seniormanagementshouldensurethatthebank’sITstrategyincludeswaystoimproveriskdataaggregationcapabilitiesandriskreportingpracticesandtoremedyanyshortcomingsagainstthePrinciplessetforthinthisdocumenttakingintoaccounttheevolvingneedsofthebusiness. SeniormanagementshouldalsoidentifydatacriticaltoriskdataaggregationandITinfrastructureinitiativesthroughitsstrategicITplanningprocess,andsupporttheseinitiativesthroughtheallocationofappropriatelevelsoffinancialandhumanresources. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  25. P age |25 Abank’sboardisresponsiblefordeterminingitsownriskreportingrequirementsandshouldbeawareoflimitationsthatpreventfullriskdataaggregationinthereportsitreceives. Theboardshouldalsobeawareofthebank’simplementationof,andongoingcompliancewiththePrinciplessetoutinthisdocument. Principle2 DataarchitectureandITinfrastructure–Abankshoulddesign,buildandmaintaindataarchitectureandITinfrastructurewhichfullysupportsitsriskdataaggregationcapabilitiesandriskreportingpracticesnotonlyinnormaltimesbutalsoduringtimesofstressorcrisis,whilestillmeetingtheotherPrinciples. Riskdataaggregationcapabilitiesandriskreportingpracticesshould begivendirectconsiderationaspartofabank’sbusinesscontinuityplanningprocessesandbesubjecttoabusinessimpactanalysis. Abankshouldestablishintegrateddatataxonomiesandarchitectureacrossthebankinggroup,whichincludesinformationonthecharacteristicsofthedata(metadata),aswellasuseofsingleidentifiersand/orunifiednamingconventionsfordataincludinglegalentities,counterparties,customersandaccounts. RolesandresponsibilitiesshouldbeestablishedastheyrelatetotheownershipandqualityofriskdataandinformationforboththebusinessandITfunctions. Theowners(businessandITfunctions),inpartnershipwithriskmanagers,shouldensurethereareadequatecontrolsthroughoutthelifecycleofthedataandforallaspectsofthetechnologyinfrastructure. Theroleofthebusinessownerincludesensuringdataiscorrectlyenteredbytherelevantfrontofficeunit,keptcurrentandalignedwiththedatadefinitions,andalsoensuringthatriskdataaggregationcapabilitiesandriskreportingpracticesareconsistentwithfirms’policies. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  26. P age |26 II.Riskdataaggregationcapabilities Banksshoulddevelopandmaintainstrongriskdataaggregationcapabilitiestoensurethatriskmanagementreportsreflecttherisksinareliableway(iemeetingdataaggregationexpectationsisnecessarytomeetreportingexpectations). CompliancewiththesePrinciplesshouldnotbeattheexpenseofeachother. TheseriskdataaggregationcapabilitiesshouldmeetallPrinciplesbelowsimultaneouslyinaccordancewithparagraph22ofthisdocument. Principle3 AccuracyandIntegrity–Abankshouldbeabletogenerateaccurateandreliableriskdatatomeetnormalandstress/crisisreportingaccuracyrequirements. Datashouldbeaggregatedonalargelyautomatedbasissoastominimisetheprobabilityoferrors. Abankshouldaggregateriskdatainawaythatisaccurateandreliable. Controlssurroundingriskdatashouldbeasrobustasthoseapplicabletoaccountingdata. Whereabankreliesonmanualprocessesanddesktopapplications(egspreadsheets,databases)andhasspecificriskunitsthatusetheseapplicationsforsoftwaredevelopment,itshouldhaveeffectivemitigantsinplace(egend-usercomputingpoliciesandprocedures)andothereffectivecontrolsthatareconsistentlyappliedacrossthebank’sprocesses. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  27. P age |27 Riskdatashouldbereconciledwithbank’ssources,includingaccountingdatawhereappropriate,toensurethattheriskdataisaccurate. Abankshouldstrivetowardsasingleauthoritativesourceforriskdatapereachtypeofrisk. Abank’sriskpersonnelshouldhavesufficientaccesstoriskdatatoensuretheycanappropriatelyaggregate,validateandreconcilethedatatoriskreports. Asaprecondition,abankshouldhavea“dictionary”oftheconceptsused,suchthatdataisdefinedconsistentlyacrossanorganisation. Thereshouldbeanappropriatebalancebetweenautomatedandmanualsystems. Whereprofessionaljudgementsarerequired,humaninterventionmaybeappropriate. Formanyotherprocesses,ahigherdegreeofautomationisdesirabletoreducetheriskoferrors. Supervisorsexpectbankstodocumentandexplainalloftheirriskdataaggregationprocesseswhetherautomatedormanual(judgementbasedorotherwise). Documentationshouldincludeanexplanationoftheappropriatenessofanymanualworkarounds,adescriptionoftheircriticalitytotheaccuracyofriskdataaggregationandproposedactionstoreducetheimpact. Supervisorsexpectbankstomeasureandmonitortheaccuracyofdata andtodevelopappropriateescalationchannelsandactionplanstobein placetorectifypoordataquality. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  28. P age |28 Principle4 Completeness–Abankshouldbeabletocaptureandaggregateallmaterialriskdataacrossthebankinggroup. Datashouldbeavailablebybusinessline,legalentity,assettype,industry,regionandothergroupings,asrelevantfortheriskinquestion,thatpermitidentifyingandreportingriskexposures,concentrationsandemergingrisks. Abank’sriskdataaggregationcapabilitiesshouldincludeallmaterialriskexposures,includingthosethatareoff-balancesheet. Abankingorganisationisnotrequiredtoexpressallformsofriskinacommonmetricorbasis,butriskdataaggregationcapabilitiesshouldbethesameregardlessofthechoiceofriskaggregationsystemsimplemented. However,eachsystemshouldmakeclearthespecificapproachusedtoaggregateexposuresforanygivenriskmeasure,inordertoallowtheboardandseniormanagementtoassesstheresultsproperly. Supervisorsexpectbankstoproduceaggregatedriskdatathatiscompleteandtomeasureandmonitorthecompletenessoftheirriskdata. Whereriskdataisnotentirelycomplete,theimpactshouldnotbecriticaltothebank’sabilitytomanageitsriskseffectively. Supervisorsexpectbanks’datatobemateriallycomplete,withanyexceptionsidentifiedandexplained. Principle5 Timeliness–Abankshouldbeabletogenerateaggregateandup-to-dateriskdatainatimelymannerwhilealsomeetingtheprinciplesrelatingtoaccuracyandintegrity,completenessandadaptability. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  29. P age |29 Theprecisetimingwilldependuponthenatureandpotentialvolatilityoftheriskbeingmeasuredaswellasitscriticalitytotheoverallriskprofileofthebank. Theprecisetimingwillalsodependonthebank-specificfrequencyrequirementsforriskmanagementreporting,underbothnormalandstress/crisissituations,setbasedonthecharacteristicsandoverallriskprofileofthebank. Abank’sriskdataaggregationcapabilitiesshouldensurethatitisabletoproduceaggregateriskinformationonatimelybasistomeetallriskmanagementreportingrequirements. TheBaselCommitteeacknowledgesthatdifferenttypesofdatawillberequiredatdifferentspeeds,dependingonthetypeofrisk,andthatcertainriskdatamaybeneededfasterinastress/crisissituation. Banksneedtobuildtheirrisksystemstobecapableofproducingaggregatedriskdatarapidlyduringtimesofstress/crisisforallcriticalrisks. Criticalrisksincludebutarenotlimitedto: Theaggregatedcreditexposuretoalargecorporateborrower. Bycomparison,groupsofretailexposuresmaynotchangeascriticallyinashortperiodoftimebutmaystillincludesignificantconcentrations; Counterpartycreditriskexposures,including,forexample, derivatives; Tradingexposures,positions,operatinglimits,andmarketconcentrationsbysectorandregiondata; Liquidityriskindicatorssuchascashflows/settlementsandfunding;and InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  30. P age |30 (e)Operationalriskindicatorsthataretime-critical(egsystemsavailability,unauthorisedaccess). Supervisorswillreviewthatthebankspecificfrequencyrequirements,forbothnormalandstress/crisissituations,generateaggregateand up-to-dateriskdatainatimelymanner. Principle6 Adaptability–Abankshouldbeabletogenerateaggregateriskdatatomeetabroadrangeofon-demand,adhocriskmanagementreportingrequests,includingrequestsduringstress/crisissituations,requestsduetochanginginternalneedsandrequeststomeetsupervisoryqueries. Abank’sriskdataaggregationcapabilitiesshouldbeflexibleandadaptabletomeetadhocdatarequests,asneeded,andtoassessemergingrisks. Adaptabilitywillenablebankstoconductbetterriskmanagement,includingforecastinginformation,aswellastosupportstresstestingandscenarioanalyses. Adaptabilityincludes: Dataaggregationprocessesthatareflexibleandenableriskdatatobeaggregatedforassessmentandquickdecision-making; Capabilitiesfordatacustomisationtousers’needs(egdashboards,keytakeaways,anomalies),todrilldownasneeded,andtoproducequicksummaryreports; Capabilitiestoincorporatenewdevelopmentsontheorganisationofthebusinessand/orexternalfactorsthatinfluencethebank’sriskprofile;and Capabilitiestoincorporatechangesintheregulatoryframework. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  31. P age |31 50.Supervisorsexpectbankstobeabletogeneratesubsetsofdatabasedonrequestedscenariosorresultingfromeconomicevents. Forexample,abankshouldbeabletoaggregateriskdataquicklyoncountrycreditexposuresasofaspecifieddatebasedonalistofcountries,aswellasindustrycreditexposuresasofaspecifieddatebasedonalistofindustrytypesacrossallbusinesslinesandgeographicareas. III.Riskreportingpractices 51.Accurate,completeandtimelydataisafoundationforeffectiveriskmanagement. However,dataalonedoesnotguaranteethattheboardandseniormanagementwillreceiveappropriateinformationtomakeeffectivedecisionsaboutrisk. Tomanageriskeffectively,therightinformationneedstobepresentedto therightpeopleattherighttime. Riskreportsbasedonriskdatashouldbeaccurate,clearandcomplete.Theyshouldcontainthecorrectcontentandbepresentedtothe appropriatedecision-makersinatimethatallowsforanappropriate response. Toeffectivelyachievetheirobjectives,riskreportsshouldcomplywiththefollowingprinciples.Compliancewiththeseprinciplesshouldnotbeattheexpenseofeachotherinaccordancewithparagraph22ofthisdocument. Principle7 Accuracy-Riskmanagementreportsshouldaccuratelyandpreciselyconveyaggregatedriskdataandreflectriskinanexactmanner.Reportsshouldbereconciledandvalidated. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  32. P age |32 Riskmanagementreportsshouldbeaccurateandprecisetoensureabank’sboardandseniormanagementcanrelywithconfidenceontheaggregatedinformationtomakecriticaldecisionsaboutrisk. Toensuretheaccuracyofthereports,abankshouldmaintain,ataminimum,thefollowing: Definedrequirementsandprocessestoreconcilereportstoriskdata; Automatedandmanualeditandreasonablenesschecks,includinganinventoryofthevalidationrulesthatareappliedtoquantitativeinformation. Theinventoryshouldincludeexplanationsoftheconventionsusedtodescribeanymathematicalorlogicalrelationshipsthatshouldbeverifiedthroughthesevalidationsorchecks;and Integratedproceduresforidentifying,reportingandexplainingdata errorsorweaknessesindataintegrityviaexceptionsreports. 54.Approximationsareanintegralpartofriskreportingandriskmanagement. Resultsfrommodels,scenarioanalyses,andstresstestingareexamplesofapproximationsthatprovidecriticalinformationformanagingrisk. Whiletheexpectationsforapproximationsmaybedifferentthanforothertypesofriskreporting,banksshouldfollowthereportingprinciplesinthisdocumentandestablishexpectationsforthereliabilityofapproximations(accuracy,timeliness,etc)toensurethatmanagementcanrelywithconfidenceontheinformationtomakecriticaldecisionsaboutrisk. Thisincludesprinciplesregardingdatausedtodrivetheseapproximations. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  33. P age |33 Supervisorsexpectthatabank’sseniormanagementshouldestablishaccuracyandprecisionrequirementsforbothregularandstress/crisisreporting,includingcriticalpositionandexposureinformation. Theserequirementsshouldreflectthecriticalityofdecisionsthatwillbebasedonthisinformation. Supervisorsexpectbankstoconsideraccuracyrequirementsanalogoustoaccountingmateriality. Forexample,ifomissionormisstatementcouldinfluencetheriskdecisionsofusers,thismaybeconsideredmaterial. Abankshouldbeabletosupporttherationaleforaccuracyrequirements.Supervisorsexpectabanktoconsiderprecisionrequirementsbasedon validation,testingorreconciliationprocessesandresults. Principle8 Comprehensiveness-Riskmanagementreportsshouldcoverallmaterialriskareaswithintheorganisation. Thedepthandscopeofthesereportsshouldbeconsistentwiththesizeandcomplexityofthebank’soperationsandriskprofile,aswellastherequirementsoftherecipients. Riskmanagementreportsshouldincludeexposureandpositioninformationforallsignificantriskareas(egcreditrisk,marketrisk,liquidityrisk,operationalrisk)andallsignificantcomponentsofthoseriskareas(egsinglename,countryandindustrysectorforcreditrisk). Riskmanagementreportsshouldalsocoverrisk-relatedmeasures(egregulatoryandeconomiccapital). Reportsshouldidentifyemergingriskconcentrations,provideinformationinthecontextoflimitsandriskappetite/toleranceand proposerecommendationsforactionwhereappropriate. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  34. P age |34 Riskreportsshouldincludethecurrentstatusofmeasuresagreedbytheboardorseniormanagementtoreduceriskordealwithspecificrisk situations. Thisincludesprovidingtheabilitytomonitoremergingtrendsthroughforward-lookingforecastsandstresstests. Supervisorsexpectbankstodetermineriskreportingrequirementsthatbestsuittheirownbusinessmodelsandriskprofiles. Supervisorswillneedtobesatisfiedwiththechoicesabankmakesintermsofriskcoverage,analysisandinterpretation,scalabilityand comparabilityacrossgroupinstitutions. Forexample,anaggregatedriskreportshouldinclude,butnotbelimitedto,thefollowinginformation:capitaladequacy,regulatorycapital,capital andliquidityratioprojections,creditrisk,marketrisk,operationalrisk,liquidityrisk,stresstestingresults,inter-andintra-riskconcentrations,andfundingpositionsandplans. Supervisorsexpectthatriskmanagementreportstotheboardandseniormanagementprovideaforward-lookingassessmentofriskandshouldnotjustrelyoncurrentandpastdata. Thereportsshouldcontainforecastsorscenariosforkeymarketvariablesandtheeffectsonthebanksoastoinformtheboardandseniormanagementofthelikelytrajectoryofthebank’scapitalandriskprofileinthefuture. Principle9 Clarityandusefulness-Riskmanagementreportsshouldcommunicateinformationinaclearandconcisemanner. Reportsshouldbeeasytounderstandyetcomprehensiveenoughto facilitateinformeddecision-making. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  35. P age |35 Reportsshouldincludemeaningfulinformationtailoredtotheneedsoftherecipients. Abank’sriskreportsshouldcontributetosoundriskmanagementand decision-makingbytheirrelevantrecipients,including,inparticular,theboardandseniormanagement. Riskreportsshouldensurethatinformationismeaningfulandtailoredtotheneedsoftherecipients. Reportsshouldincludeanappropriatebalancebetweenriskdata, analysisandinterpretation,andqualitativeexplanations. Thebalanceofqualitativeversusquantitativeinformationwillvaryatdifferentlevelswithintheorganisationandwillalsodependonthelevelof aggregationthatisappliedtothereports. Higherupintheorganisation,moreaggregationisexpectedandthereforeagreaterdegreeofqualitativeinterpretationwillbenecessary. Reportingpoliciesandproceduresshouldrecognisethedifferinginformationneedsoftheboard,seniormanagement,andtheotherlevelsoftheorganisation(forexampleriskcommittees). Asoneofthekeyrecipientsofriskmanagementreports,thebank’sboardisresponsiblefordeterminingitsownriskreportingrequirementsandcomplyingwithitsobligationstoshareholdersandotherrelevantstakeholders. Theboardshouldensurethatitisaskingforandreceivingrelevant informationthatwillallowittofulfilitsgovernancemandaterelatingtothebankandtheriskstowhichitisexposed. Thiswillallowtheboardtoensureitisoperatingwithinitsrisktolerance/appetite. Theboardshouldalertseniormanagementwhenriskreportsdonotmeetitsrequirementsanddonotprovidetherightlevelandtypeof InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  36. P age |36 informationtosetandmonitoradherencetothebank’srisktolerance/appetite. Theboardshouldindicatewhetheritisreceivingtherightbalanceofdetailandquantitativeversusqualitativeinformation. Seniormanagementisalsoakeyrecipientofriskreportsanditisresponsiblefordeterminingitsownriskreportingrequirements. Seniormanagementshouldensurethatitisreceivingrelevant informationthatwillallowittofulfilitsmanagementmandaterelativetothebankandtheriskstowhichitisexposed. Abankshoulddevelopaninventoryandclassificationofriskdataitemswhichincludesareferencetotheconceptsusedtoelaboratethereports. Supervisorsexpectthatreportswillbeclearanduseful. Reportsshouldreflectanappropriatebalancebetweendetaileddata,qualitativediscussion,explanationandrecommendedconclusions. Interpretationandexplanationsofthedata,includingobservedtrends,shouldbeclear. Supervisorsexpectabanktoconfirmperiodicallywithrecipientsthattheinformationaggregatedandreportedisrelevantandappropriate,in termsofbothamountandquality,tothegovernanceand decision-makingprocess. Principle10 Frequency–Theboardandseniormanagement(orotherrecipientsasappropriate)shouldsetthefrequencyofriskmanagementreportproductionanddistribution. Frequencyrequirementsshouldreflecttheneedsoftherecipients,thenatureoftheriskreported,andthespeed,atwhichtheriskcanchange,as InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  37. P age |37 wellastheimportanceofreportsincontributingtosoundriskmanagementandeffectiveandefficientdecision-makingacrossthebank. Thefrequencyofreportsshouldbeincreasedduringtimesofstress/crisis. Thefrequencyofriskreportswillvaryaccordingtothetypeofrisk,purposeandrecipients. Abankshouldassessperiodicallythepurposeofeachreportandsetrequirementsforhowquicklythereportsneedtobeproducedinboth normalandstress/crisissituations. Abankshouldroutinelytestitsabilitytoproduceaccuratereportswithinestablishedtimeframes,particularlyinstress/crisissituations. Supervisorsexpectthatintimesofstress/crisisallrelevantandcriticalcredit,marketandliquidityposition/exposurereportsareavailablewithinaveryshortperiodoftimetoreacteffectivelytoevolvingrisks.Someposition/exposureinformationmaybeneededimmediately(intraday)toallowfortimelyandeffectivereactions. Principle11 Distribution-Riskmanagementreportsshouldbedistributedtotherelevantpartieswhileensuringconfidentialityismaintained. Proceduresshouldbeinplacetoallowforrapidcollectionandanalysisofriskdataandtimelydisseminationofreportstoallappropriaterecipients. Thisshouldbebalancedwiththeneedtoensureconfidentialityasappropriate. Supervisorsexpectabanktoconfirmperiodicallythattherelevantrecipientsreceivetimelyreports. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  38. P age |38 IV.Supervisoryreview,toolsandcooperation Supervisorswillhaveanimportantroletoplayinmonitoringandprovidingincentivesforabank’simplementationof,andongoingcompliancewiththePrinciples. TheyshouldalsoreviewcompliancewiththePrinciplesacrossbankstodeterminewhetherthePrinciplesthemselvesareachievingtheirdesiredoutcomeandwhetherfurtherenhancementsarerequired. Principle12 Review-Supervisorsshouldperiodicallyreviewandevaluateabank’scompliancewiththeelevenPrinciplesabove. Supervisorsshouldreviewabank’scompliancewiththePrinciplesintheprecedingsections. Reviewsshouldbeincorporatedintotheregularprogrammeofsupervisoryreviewsandmaybesupplementedbythematicreviews coveringmultiplebankswithrespecttoasingleorselectedissue. Supervisorsmaytestabank’scompliancewiththePrinciplesthroughoccasionalrequestsforinformationtobeprovidedonselectedriskissues(forexample,exposurestocertainriskfactors)withinshortdeadlines,therebytestingthecapacityofabanktoaggregateriskdatarapidlyand produceriskreports. Supervisorsshouldhaveaccesstotheappropriatereportstobeabletoperformthisreview. SupervisorsshoulddrawonreviewsconductedbytheinternalorexternalauditorstoinformtheirassessmentsofcompliancewiththePrinciples. Supervisorsmayrequireworktobecarriedoutbyabank’sinternalauditfunctionsorbyexpertsindependentfromthebank. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  39. P age |39 Supervisorsmusthaveaccesstoallappropriatedocumentssuchasinternalvalidationandauditreports,andshouldbeabletomeetwithand discussriskdataaggregationcapabilitieswiththeexternalauditorsorindependentexpertsfromthebank,whenappropriate. Supervisorsshouldtestabank’scapabilitiestoaggregatedataand producereportsinbothstress/crisisandsteady-stateenvironments,includingsuddensharpincreasesinbusinessvolumes. Principle13 Remedialactionsandsupervisorymeasures-Supervisorsshouldhaveandusetheappropriatetoolsandresourcestorequireeffectiveandtimelyremedialactionbyabanktoaddressdeficienciesinitsriskdataaggregationcapabilitiesandriskreportingpractices. Supervisorsshouldhavetheabilitytousearangeoftools,includingPillar 2. Supervisorsshouldrequireeffectiveandtimelyremedialactionbyabanktoaddressdeficienciesinitsriskdataaggregationcapabilitiesandriskreportingpracticesandinternalcontrols. Supervisorsshouldhavearangeoftoolsattheirdisposaltoaddressmaterialdeficienciesinabank’sriskdataaggregationandreportingcapabilities. Suchtoolsmayinclude,butarenotlimitedto,requiringabanktotakeremedialaction;increasingtheintensityofsupervision;requiringanindependentreviewbyathirdparty,suchasexternalauditors;andthepossibleuseofcapitaladd-onsasbothariskmitigantandincentiveunderPillar2. Supervisorsshouldbeabletosetlimitsonabank’srisksorthegrowthintheiractivitieswheredeficienciesinriskdataaggregationandreportingareassessedascausingsignificantweaknessesinriskmanagementcapabilities. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  40. P age |40 Fornewbusinessinitiatives,supervisorsmayrequirethatbanks’implementationplansensurethatrobustriskdataaggregationispossiblebeforeallowinganewbusinessventureoracquisitiontoproceed. Whenasupervisorrequiresabanktotakeremedialaction,the supervisorshouldsetatimetableforcompletionoftheaction. Supervisorsshouldhaveescalationproceduresinplacetorequiremorestringentoracceleratedremedialactionintheeventthatabankdoesnot adequatelyaddressthedeficienciesidentified,orinthecasethatsupervisorsdeemfurtheractioniswarranted. Principle14 Home/hostcooperation-SupervisorsshouldcooperatewithrelevantsupervisorsinotherjurisdictionsregardingthesupervisionandreviewofthePrinciples,andtheimplementationofanyremedialactionifnecessary. Effectivecooperationandappropriateinformationsharingbetweenthehomeandhostsupervisoryauthoritiesshouldcontributetotherobustnessofabank’sriskmanagementpracticesacrossabank’soperationsinmultiplejurisdictions. Whereverpossible,supervisorsshouldavoidperformingredundantand uncoordinatedreviewsrelatedtoriskdataaggregationandriskreporting. Cooperationcantaketheformofsharingofinformationwithintheconstraintsofapplicablelaws,aswellasdiscussionbetweensupervisorsonabilateralormultilateralbasis(egthroughcollegesofsupervisors),including,butnotlimitedto,regularmeetings. Communicationbyconferencecallandemailmaybeparticularlyusefulintrackingrequiredremedialactions. CooperationthroughcollegesshouldbeinlinewiththeBaselCommittee’sGoodpracticeprinciplesonsupervisorycolleges. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  41. P age |41 85.Supervisorsshoulddiscusstheirexperiencesregardingthequalityofriskdataaggregationcapabilitiesandriskreportingpracticesindifferentpartsofthegroup. Thisshouldincludeanyimpedimentstoriskdataaggregationandrisk reportingarisingfromcross-borderissuesandalsowhetherriskdataisdistributedappropriatelyacrossthegroup. Suchexchangeswillenablesupervisorstoidentifysignificantconcernsatanearlystageandtorespondpromptlyandeffectively. V.Implementationtimelineandtransitionalarrangements Supervisorsexpectthatabank’sdataandITinfrastructureswillbe enhancedinthecomingyearstoensurethatitsriskdataaggregationcapabilitiesandriskreportingpracticesaresufficientlyrobustandflexibleenoughtoaddresstheirpotentialneedsinnormaltimesand particularlyduringtimesofstress/crisis. NationalbankingsupervisorswillstartdiscussingimplementationofthePrincipleswithG-SIB’sseniormanagementinearly2013. ThiswillensurethatbankstheydevelopastrategytomeetthePrinciplesby2016. InorderforG-SIBstomeetthePrinciplesinaccordancewiththe2016timeline,nationalbankingsupervisorswilldiscussbanks’analysisofriskdataaggregationcapabilitieswiththeirseniormanagementandagreetotimelinesforrequiredimprovements. Supervisoryapproachesarelikelytoincluderequiringself-assessmentsbyG-SIBsagainsttheseexpectationsinearly2013,withthegoalofclosingsignificantgapsbefore2016. Supervisorsmayalsoengagetechnicalexpertstosupporttheirassessmentsofbanks’plansinrespectofthe2016deadline. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  42. P age |42 89.TheBaselCommitteewilltrackG-SIBsprogresstowardscomplyingwiththePrinciplesthroughitsStandardsImplementationGroup(SIG)from2013onwards. ThiswillincludeanyobservationsontheeffectivenessofthePrinciplesthemselvesandwhetheranyenhancementsorotherrevisionsofthePrinciplesarenecessaryinordertoachievethedesiredoutcomes. TheBaselCommitteewillshareitsfindingswiththeFSBatleastannuallystartingfromtheendof2013. Annex1 Termsusedinthedocument Accuracy Closenessofagreementbetweenameasurementorrecordorrepresentationandthevaluetobemeasured,recordedorrepresented.Thisdefinitionappliestobothriskdataaggregationandriskreports. Adaptability Theabilityofriskdataaggregationcapabilitiestochange(orbe changed)inresponsetochangedcircumstances(internalorexternal). Approximation Aresultthatisnotnecessarilyexact,butacceptableforitsgivenpurpose. Clarity Theabilityofriskreportingtobeeasilyunderstoodandfreefromindistinctnessorambiguity. Completeness Availabilityofrelevantriskdataaggregatedacrossallfirm'sconstituentunits(eglegalentities,businesslines,jurisdictions,etc) Comprehensiveness Extenttowhichriskreportsincludeordealwithallrisksrelevanttothefirm. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  43. P age |43 Distribution Ensuringthattheadequatepeopleorgroupsreceivetheappropriaterisk reports. Frequency Therateatwhichriskreportsareproducedovertime. Integrity Freedomofriskdatafromunauthorisedalterationandunauthorisedmanipulationthatcompromiseitsaccuracy,completenessandreliability. Manualworkarounds Employinghuman-basedprocessesandtoolstotransfer,manipulateoralterdatausedtobeaggregatedorreported. Precision Closenessofagreementbetweenindicationsormeasuredquantityvaluesobtainedbyreplicatingmeasurementsonthesameorsimilarobjectsunderspecifiedconditions. Reconciliation Theprocessofcomparingitemsoroutcomesandexplainingthedifferences. Risktolerance/appetite Thelevelandtypeofriskafirmisableandwillingtoassumeinitsexposuresandbusinessactivities,givenitsbusinessandobligationstostakeholders.Itisgenerallyexpressedthroughbothquantitativeand qualitativemeans. RiskDataaggregation Defining,gathering,andprocessingriskdataaccordingtothebank’sriskreportingrequirementstoenablethebanktomeasureitsperformanceagainstitsrisktolerance/appetite. Thisincludessorting,mergingorbreakingdownsetsofdata. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  44. P age |44 Timeliness Availabilityofaggregatedriskdatawithinsuchatimeframeastoenableabanktoproduceriskreportsatanestablishedfrequency. Validation Theprocessbywhichthecorrectness(ornot)ofinputs,processing,andoutputsisidentifiedandquantified. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  45. P age |45 ViceChairJanetL.Yellen AttheAmericanEconomic Association/AmericanFinanceAssociationJointLuncheon,SanDiego,California InterconnectednessandSystemicRisk:LessonsfromtheFinancialCrisisandPolicyImplications Thankyou,Claudia,andthankstotheAmericanEconomicAssociationandtheAmericanFinanceAssociationfortheopportunitytospeaktoyouonatopicofgrowinginteresttoourprofessionandofgreatimportancetounderstandingthecausesandimplicationsofthefinancialcrisis. Everyoneheretoday,I'msure,isfamiliarwiththetumultuouseventsthatintroducedmanyAmericanstotheconceptofsystemicrisk. Torecapbriefly,lossesarisingfromleveragedinvestmentscausedafewimportant,butperhapsnotessential,financialinstitutionstofail. Atfirst,thedamageappearedtobecontained,buttheresultingstressesrevealedextensiveinterconnectionsamongtraditionalbanks,investmenthouses,andtherapidlygrowingandlessregulatedshadowbankingsector. Marketparticipantslostconfidenceintheirtradingpartners,and,asthe crisisunfolded,thefinancialsectorstruggledtocopewithamassivewithdrawalofliquidity,thecollapseofoneofitsmostprominent institutions,anda40percentdropinequityprices. Theeffectsofthecrisiswerefeltfarbeyondthefinancialsectorascreditdriedupandamildrecessionbecamesomethingfarworse. Youarealso,nodoubt,familiarwiththepoliticalresponsetothatcrisis.Afterconsiderabledebate,theCongresspassedsweepingreform InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  46. P age |46 legislationdesignedtoplacethenation'sfinancialinfrastructureonamoresolidfoundation. I'mreferring,ofcourse,tothebankingpanicof1907. ThelegislationthatPresidentWilsonsignedinDecember1913createdtheFederalReserve,providingthenationwithalenderoflastresorttorespondtosuchcrises. AsweapproachthecentennialoftheFederalReserveSystem,itisstrikinghowmanyofthechallengesofthateraremainwithustoday. In1907,thecorrespondentbankingnetworksthathelpedconcentratereservesinNewYorkandothermoneycentersalsomadethebankingsystemhighlyinterconnected. Today,ourcapabilitytomonitorandmodelfinancialoutcomesisvastlygreater,andthetoolsavailabletotheFederalReservearevastlymorepowerful,thantheprivatecapitalandmoralsuasionthatfinancierJ.P.Morgansummonedin1907tostabilizethebanksandtrusts. Butaswelearnedduringtherecentcrisis,thefinancialsystemhasalsogrownmuchlargerandmorecomplex,andoureffortstounderstandandinfluenceithave,atbest,onlykeptpace. Complexlinksamongfinancialmarketparticipantsandinstitutionsareahallmarkofthemodernglobalfinancialsystem. Acrossgeographicandmarketboundaries,agentswithinthefinancialsystemengageinadiversearrayoftransactionsandrelationshipsthatconnectthemtootherparticipants. Indeed,muchofthefinancialinnovationthatprecededthemostrecentfinancialcrisisincreasedboththenumberandtypesofconnectionsthatlinkedborrowersandlendersintheeconomy. Therapidgrowthinsecuritizationandderivativesmarketspriortothe crisisprovidesastarkexampleofthisphenomenon. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  47. P age |47 Asshowninfigure1,between2000and2007,thenotionalvalueof collateralizeddebtobligationsoutstandingincreasedfromlessthan$300billiontomorethan$1.4trillion. From2004,theearliestdateforwhichcomprehensivedataareavailable,to2007,theoutstandingnotionalamountofcreditdefaultswap(CDS) contractsincreasedtenfold,from$6trillionto$60trillion. Thisincrediblegrowthinsecuritizationandderivativesmarketsreflectsasignificantincreaseinthenumber,types,andcomplexityofnetworkconnectionsinthefinancialsystem. Financialeconomistshavelongstressedthebenefitsofinteractionsamongfinancialintermediaries,andthereislittledoubtthatsomedegreeofinterconnectednessisvitaltothefunctioningofourfinancialsystem. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  48. P age |48 Economiststakeawell-reasonedanddimviewofautarkyasthepathtogrowthandstability. Banksandotherfinancialintermediarieschannelcapitalfromsavers,whooftenhaveshort-termliquiditydemands,intoproductiveinvestmentsthattypicallyrequirestable,long-termfunding. Financialintermediariesworkwithoneanotherbecausenosingleinstitutioncanhopetoaccessthefullrangeofavailablecapitalandinvestmentopportunitiesinourcomplexeconomy. Connectionsamongmarketactorsalsofacilitaterisksharing,whichcan helpminimize(thoughnoteliminate)theuncertaintyfacedbyindividualagents. Yetexperience--mostimportantly,ourrecentfinancialcrisis--aswellasagrowingbodyofacademicresearchsuggeststhatinterconnectionsamongfinancialintermediariesarenotanunalloyedgood. Complexinteractionsamongmarketactorsmayservetoamplifyexistingmarketfrictions,informationasymmetries,orotherexternalities. Thedifficulttaskbeforemarketparticipants,policymakers,andregulatorswithsystemicriskresponsibilitiessuchastheFederalReserveistofindwaystopreservethebenefitsofinterconnectednessinfinancialmarketswhilemanagingthepotentiallyharmfulsideeffects. Indeed,newregulationsrequiredbytheDodd-FrankWallStreetReformandConsumerProtectionActof2010(Dodd-FrankAct)andchangesinsupervisorypracticesbytheFederalReserveandotherfinancialregulatorsareintendedtodojustthat. Inmyremarks,Iwilldiscussafewofthemajorregulatoryandsupervisorychangesunderwaytoaddressthepotentialforexcessivesystemicriskarisingfromthecomplexityandinterconnectednessthatcharacterizeourfinancialsystem. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  49. P age |49 Thedesignofanappropriateregulatoryframeworkentailstradeoffsbetweencostsandbenefits,andtoillustratethem,Iwilldiscussinsomedetailproposalscurrentlyunderconsiderationtomitigateriskin over-the-counter(OTC)derivatives,whichprovedtobeanimportantchannelforthetransmissionofriskduringtherecentcrisis. Iamquiteawarethatsomereformsinthewakeofthefinancialcrisis,includingthosepertainingtoderivatives,havebeencontroversial. Inconnectionwithrecentrulemakings--and,morebroadly,inthearenaofpublicdebate--criticshaveaskedwhethercomplexityandinterconnectednessshouldbetreatedaspotentialsourcesofsystemicrisk. ThisisalegitimatequestionthattheFederalReservewelcomesanditselfseekstoanswerinitsrolesofresearcher,regulator,andsupervisor. Letmesayattheoutset,though,thatalackofcompletecertaintyaboutpotentialoutcomesisnotajustificationforinaction,consideringthesizeofthethreatencounteredintherecentcrisis. Responsiblepolicymakerstrytomakedecisionswiththebestinformationavailablebutwouldalwaysliketoknowmore. Withthatinmind,I'llbeginbybrieflysurveyingresearchthathighlightswaysinwhichnetworkstructureandinterconnectednesscangiverisetoorexacerbatesystemicriskinthefinancialsystem. TheEconomicsofInterconnectednessandSystemicRisk Academicresearchthatexplorestherelationshipbetweennetworkstructureandsystemicriskisrelativelynew. Notsurprisingly,interestinthisfieldhasincreasedconsiderablysincethefinancialcrisis. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

  50. P age |50 Asearchofeconomicsresearchfocusingon"systemicrisk"or"interconnectedness"since2007yields624publications,twiceasmanyaswereproducedintheprevious25years. That'snottosaythateconomistswereblindtotheimportanceofnetworksbeforethefinancialcrisis. In2000,FranklinAllenandDouglasGale,forexample,developedanimportantmodeloffinancialnetworksthatprovidesinsightintohownetworkscaninfluencesystemicrisk. InthemodelstudiedbyAllenandGale,systemicriskarisesthroughliquidityshocksthatcanhaveadominoeffect,causingaproblematonebanktospreadtoothers,potentiallyleadingtofailuresthroughoutthesystem. Intheirmodel,interbankdepositsareaprimarymechanismforthetransmissionofliquidityshocksfromonebanktoanother. AllenandGalecomparetwocanonicalnetworkstructures:a"complete"network,inwhichallbankslendtoandborrowfromallotherbanks,andan"incomplete"network,inwhicheachbankborrowsfromonlyoneneighborandlendstoonlyoneotherneighbor. InternationalAssociationofRiskandComplianceProfessionals(IARCP) www.risk-compliance-association.com

More Related