1 FINANCIAL SERVICES Managing the data challenge in banking Why is it so hard? kpmg.com
2 1 Risk Data Aggregation Managing the data challenge in banking More and more data is being collected on all aspects of banking operations
3 Risk Data Aggregation 2 Many banking organizations continue to struggle with the challenge of aggregating and managing vast amounts of data and accurately reporting their financial positions to both regulatory agencies and the general public. The extent of the problem has been long standing, but it was brought starkly to light by the financial crisis as confidence evaporated and markets seized. More than five years on, the challenge remains as great as ever. Many firms are failing to address the magnitude of the problems they face around data risk aggregation. We believe that it is likely that the underlying cultural issue of who owns and is responsible for data generally is a key root cause for the lack of progress. It is time for both business leaders and regulators to raise the bar around data literacy in order to fully address the many challenges that lie ahead. Despite the substantial investment made to date around data and the additional investments needed to meet heightened global standards, many firms are failing to gain traction around the challenges associated with risk data aggregation. Notwithstanding the enthusiasts of big data, it appears that the data question is more of a challenge for big banks than it is an opportunity. In some jurisdictions, bank professionals are focusing on regulatory compliance and reporting; in others, the conduct agenda is steering banks to interpret data as an adjunct to customer-centricity. IT professionals tend to regard data as an IT issue, risk managers as a risk issue; strategy, finance and operations specialists all have their own perspectives. Sometimes it seems that there are as many approaches to the data issue as there are banking practitioners. As a consequence, our view is that the industry is conspicuously failing to develop a coherent understanding of the strategic implications; and is failing to understand the significance of aligning a firms data strategy with the overall business strategy. We are nervous that the unintended consequences of this could have long term implications. More and more data is being collected on all aspects of banking operations, yet collectively, the totality of data issues does not seem to be properly aggregated nor, more importantly, understood by management. Meanwhile, banks have become bigger, more diverse, and more complex, and technological change has radically increased the speed of business operations and the rate at which data is amassed, stored and processed. Under-investment in data and systems (or investment in non-optimal systems), and the continual layering up rather than redefinition of new reporting and information requirements have compounded the difficulties. Today, many major banks have at least one significant project to improve data management, IT infrastructure and reporting. However, in KPMG member firms experience, the approach being adopted for these many and often, cross-purpose projects is neither cohesive nor consistent. The focus tends to be around control, governance and architecture with very little attention given to how the data is used the term is data exploitation. For example, how data is used or captured by the line of business can be very different from the control function view, which can drive positive business outcomes such as increased revenue or cost avoidance (without root cause affect). Too often, cost has been expended with little realizable gain.
4 3 Risk Data Aggregation What progress has been made? The challenge of getting to grips with data is highlighted by the reaction of major banks to the Basel Committee s principles to improve the effectiveness of risk data aggregation and risk reporting. Many firms are likely to struggle to meet all of these principles 1, although the extent of the gap will depend on how stringently the principles are interpreted by national supervisors. During 2013, the Basel Committee undertook a review of progress in implementing the Principles by means of a stocktaking self-assessment questionnaire completed by G-SIBs. The results were published in December On a scale of compliance status ranging from 4 (best) to 1 (worst), the average rating was 2.8, which indicates that banks average reported compliance status stands between largely compliant and materially non-compliant. The three principles with the lowest reported compliance were Principle 2 (data architecture/ IT infrastructure), Principle 6 (adaptability) and Principle 3 (accuracy/integrity); nearly half of banks reported material noncompliance on these principles. This self-assessed lack of progress against the Principles is telling and is not likely to improve as the deadline to comply by the end of 2015 is fast approaching. At this stage, the industry needs a holistic approach to data governance not a siloed based approach targeted at specific datasets required for specific directives. It s not only about the regulatory requirements, which are extreme and costly, but more The review continues: Many banks are facing difficulties in establishing strong data aggregation governance, architecture and processes, which are the initial stage of implementation. Instead they resort to extensive manual workarounds which are likely to impair risk data aggregation and reporting More importantly, 10 banks, 33% of the population, mentioned that they currently expect to not fully comply with at least one principle by the deadline. Some of these banks noted that the reason is large, ongoing, multi-year, in-flight IT and data-related projects. 1 Basel Committee on Banking Supervision (BCBS), Progress in adopting the principles for effective risk data aggregation and risk reporting, BCBS268,
5 Risk Data Aggregation 4 importantly the cultural change that is needed within the organization to view the data issue as a whole. Getting to the necessary cultural change is the key to meeting the challenge. All of this adds greater pressure for a quick-fix solution. However, half measures and sticky tape are unlikely in the end to be sufficient. Indeed, they are likely to compound existing challenges. Planning should have started on how to lay out a program which moves firms toward compliance, but more importantly, recognizes opportunities which will flow from a program that can improve the quality of decision making within the organization; and ultimately improve business outcomes by unlocking value from data. The Principles, which cover both qualitative and quantitative measures, address four key areas: 01 The importance of Senior Management and Boards exercising strong governance over a bank s risk data aggregation capabilities, risk reporting practices and IT capabilities. This includes: the documentation, validation and robustness (in the event of new products and activities, or changes in group structure) of these capabilities and processes; and the design, building and maintenance of data architecture and IT infrastructure which fully supports a bank s risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis. 02 The accuracy, integrity, completeness, timeliness and adaptability of aggregated risk data. This includes: the adequacy of the systems and controls that generate the risk data and its aggregation; and the capability to adapt rapidly to changes in key risks, decision-making arrangements and regulatory requirements. 03 The accuracy, comprehensiveness, clarity, usefulness, frequency and distribution of risk management reports, including to Senior Management and the Board. This includes: procedures for monitoring the accuracy of data and the reliability of models; making good use of forward-looking assessments of risk; and reviewing the usefulness of risk management reports to Senior Management and the Board. 04 The need for supervisors to review and evaluate a bank s compliance with the first three sets of principles listed above, to take remedial action as necessary, and to cooperate across home and host supervisors.
6 5 Risk Data Aggregation BCBS The bigger picture BCBS 239 accepts that where data is not available expert judgement is acceptable. If this exemption becomes prevalent, there is little incentive to create the processes and systems to capture the quantitative risk data to create objective risk information. We accept the data landscape can contain actual and expert data items, but if the data-road map is not based on complete and systemic coverage, the industry is likely to end up with sub-optimal solutions at best. Over the years, management systems in banks and in other financial services companies have had to cope with increasing regulatory requirements, new corporate structures, new products and operating models and more (the financial crisis). As with other infrastructure, systems for the collection, aggregation, and analysis of risk data have typically developed in an incremental fashion, with different modules, incompatible data and a range of ad hoc processes. Often relevant data is missing or inadequately analyzed, resulting in the formation of reconciliation industries within the organization as data is passed between a multitude of systems across inconsistent integration mechanisms. The issue in many organizations is that the reporting architecture is a patchwork of data extraction, manual calculation and reporting components focused on individual reports by business area. This rarely allows risks to be calculated or reported across lines of business for instance, by country, or by product, and may not easily facilitate drill down or ad-hoc analysis to understand the underlying trends or issues. Risk data is frequently being provided too late to influence basic business, trading, and overall operations which depend on it, whilst the operating costs are still incurred. In addition to business as usual requests, the need for quick and accurate data to meet the recovery and resolution plan requirements means data is critical in a stress situation as well as business as usual.
7 Risk Data Aggregation 6 Regulators have become increasingly concerned about the how weaknesses in risk data aggregation systems may compromise financial reporting. While these shortcomings were exposed at the height of the financial crisis, little progress has been made. Many institutions are still unable to provide the required data, or find themselves coordinating a massive manual and ad-hoc intervention to assemble the data demanded by their management teams or by regulators. Major market participants still question whether firms have the capacity to extract the necessary information quickly enough to understand the location and extent of risks and exposures contributing to whatever future crisis of confidence the global financial system may face. This is not an issue that the majority of firms have squarely addressed Can we handle another financial crisis? Firms needs to ask themselves whether they have a clear Data Architecture to support the principles of Risk Data Aggregation and whether they are able to create future data capabilities that will enable them to comply with the BCBS principles by the required deadline of 1 Jan Implementation of an additional reporting capability is very straightfor ward compared with the challenges of making fundamental changes to the quality and completeness of data across the Enterprise that would be required in order to effectively comply with BCBS 239.The biggest issue is likely to be with being able to apply Data Quality, Data Governance and Data Management techniques pragmatically and effectively so that the quality of the data being used for risk reporting can be demonstrated (measured) automatically. Compliance with the Principles will be compulsory for global systemically-important banks (G-SIBs) from 1 January National supervisors need to have translated the Principles into detailed regulation by then. The Basel Committee also recommends that banks classified as domestic systemically important banks (D-SIBs) by national regulators should be required to comply within three years of such designation. The short timescale, and the need to await local regulations before the precise details of the requirements can be analyzed, raise particular challenges. The costs are likely to be high, and the demands on people, processes and technology will be significant. Many banks are also struggling to cope with other multiple, overlapping and sometimes conflicting domestic regulatory requirements. There is a significant risk that many banks will fail to meet the deadline; or that they will be driven to focus on narrow compliance rather than to embrace the challenge at a more fundamental level. More importantly, are banks confident that they have the right data to respond to another crisis? A further complication is that some regulators, for example the Federal Reserve and OCC in the US want to regulate the whole of a global bank in one place. The UK Prudential Regulatory Authority is making similar suggestions. But this runs directly counter to the principle of ring-fencing capital, separating retail from investment banking, and aiding orderly resolution. Early clarity is unlikely. Many banks are still suffering the consequences of failed IT solutions for data repositories not delivering their intended benefits. As such, there is a strong chance that risk data repositories will be built adjacent to the strategic data repositories. At this point, they will be narrow by design and the ownership will likely be confused i.e. the data owner of the source data may not accept ownership of the risk data if it has been changed in anyway. This will result in an owner of the source data, an owner of the modified data and primary and secondary federated data architectures a mess.
8 7 Risk Data Aggregation Getting a grip Although the details of how the BCBS principles will be implemented by national regulators remain unclear, the fact that this is fundamentally a strategic issue means that banks can get on with planning the structure and direction of improvements now. This will lay the groundwork for real strategic advantage; and it will also put them in a better position to comply with the detail beginning in Nevertheless, the challenge is complex. The standards require the ability to generate a wide range of information in both business as usual conditions and under stress. In addition, it is difficult to envisage the definition of a single consistent framework. For example, credit risk aggregates quite simply; but market risk is mitigated by portfolio diversification. Moreover, it is difficult to calculate and cannot simply be aggregated up within the legal entity hierarchy. Operational risk is still a subject of much debate regarding the value of quantitative and qualitative data. In a crisis, a regulator may ask for an assessment of exposure to an unforeseen and poorlyunderstood situation. While the question may not be easy to answer, the principles imply that management should be able to reply accurately very quickly. These considerations suggest that a fully-automated frontto-back data solution may not be the answer. Management will need to rely also on people who understand the data, can intervene, can interpret data and then respond to new situations. The challenge will be to balance automation with flexibility. Key issues to be addressed: quality: with multiple, discrete systems, the quality of data is degraded by incompatible definitions, inconsistency, incompleteness and duplication. With poor quality data, the effectiveness of risk management can be seriously compromised. flexibility: it is important to be able to react quickly to market events. Similarly, the flexibility to react rapidly to regulators requests for reports and data without a huge amount of manual work is also important. efficiency: very often, data resides in different silos, owned by different functions, all with different attitudes and approaches to data management. With multiple systems and incompatible data, risk professionals spend too much time and effort on data aggregation, reconciliation and analysis and too little time on applying the results to risk management and decision making. The stumbling block for many will be the issue of: ownership: too often, ownership of risk data is shuffled uneasily between the control function and the IT function, with business Senior Management taking little direct responsibility. Data ownership, data governance and business alignment enable the producers, consumers and stewards of data to be identified and aligned across an organization. Without a clear structure of governance and ownership there is no accountability and no prime commitment to quality. Also, there is the fear that the risk data will become a secondary product, with a different owner to the source this makes implementing quality standards problematic, as both primary and secondary uses of data will need to be considered. Techniques exist that enable the processes and architectures for managing data end to end to be defined, documented and controlled including tracking where data is not managed in accordance with agreed processes and protocols. Whilst the methods and tools exist to enable data to be managed effectively across the Enterprise few organizations have managed to specifically define how this will work within their environment. Meaning many firms are still unable to implement effective data quality regimes across the range of data required to satisfy the breadth and depth of regular risk reporting or stressed risk reporting.
9 Risk Data Aggregation 8 How to get data right comparability, measurement, documentation and auditability A critical objective of meeting BCBS 239 requirements is accuracy and flexibility. The data and reporting should all be consistent and agile, so that banks are able to split and analyse the data in multiple variations. The same level of granularity is needed of data across the business this will prove challenging in a global context, particularly in light of structural separation measures, also as a result of regulatory reforms. Senior Management and the Board need a clear understanding of the macro-economic environment and an assessment of the various risks presented. This means the right people being accountable for data capture and reporting, with the correct links to the Board. A suitable model across the business would cover a number of variables and business lines, as illustrated in Figure 1. The strategic benefits of change Success will bring significant strategic benefits. Capabilities which will benefit include: the ability to aggregate risk, counter-party risk, country risk etc in a timely manner the necessary integration of finance and risk data the ability to make better strategic decisions around products and markets rationalization of reporting and dashboards Risk and opportunity are two sides of the same coin. Hence risk data aggregation is conceptually equivalent to opportunity data aggregation: that is, the identification, aggregation, modelling, analysis and management of all material data necessary for the bank to manage the risks it faces and to exploit the opportunities open to it: to reduce costs, increase sales, increase efficiency and improve profits. In this sense, risk data aggregation is merely a part of the structure of broad data collection, information management and analysis which a bank needs to put in place to manage its business properly. Figure 1 Coverage of material risks Aggregation and MI covers material risks across all businesses OUTPUTS RISK Risk Appetite setting Exposure & limit monitoring Stress & scenario testing Regulatory reporting Capital calculations Source: KPMG International, May ow ing e foll ing th Product ljurisdiction clud n o ing: mens ions, in fo llow on of th e t ple di combi nati spli t by mul i or a c Ou tputs Entity Currency Risk Factor Obligator Industry Sector Ad hoc requests d MI an res ri sk data lity r equi capabiliti es ng c ore r eporting functiona with t he followi Th is Granular & flexible risk data Normalised risk data Forward looking risk view arobust front to back data governance Timely provision of risk information Flexible architecture & data model Targeted & relevant risk outputs Ability to dynamically drill into more detailed risk analysis as required. Slice and dice capabilities (Across the dimensions outlined above) Data aggregated across dimensions is consistent in structure Consistent data dictionaries and methodologies Enables stress scenarios to be run formally and in response to events Reliable risk data feeding key risk processes (MI, limit monitoring, VaR, capital) Clear accountability and ownership Minimal number of source systems and overlays, with minimal manual adjustments Sufficient controls to ensure high quality complete and accurate data Enables informed and proactive management actions Risk information distributed ina variety of formats e.g. portable devices, interfaces Ability to update and modify with minimal disruption and cost Capability to tailor risk information/output to specifi c consumers for varying needs Enables comparability to other key bank measures e.g. Finance
10 9 Risk Data Aggregation Developing an effective project structure A robust approach should start with an impact assessment which considers: the risk data (including associated reference data) needed to meet internal risk management requirements as well as regulatory reporting needs; the scope and quality of the risk data collected; effective aggregation of risk data, including by legal entity; the frequency, appropriateness and quality of internal reporting of aggregated risk data, including to Senior Management and the Board, and the use of this information for decision-making; and governance procedures at Senior Management and Board level for risk data aggregation and reporting, including a firm s IT capabilities in these areas. Creating an effective project structure then requires defining three key stages: gap analysis assessing the extent to which a bank meets the principles, and characterizing the gap to clarify how data and processes must change to close it; meeting the principles designing and implementing the necessary improvements to deliver on the program s objectives either through expanding the scope of existing programmes or implementing new initiatives; and validation providing assurance through external reviews of data management, data aggregation and data reporting to ensure the maintenance of robust data and reporting processes which continue to be fit for purpose and demonstrate the ability to effectively aggregate risk data across risk types. Figure 2 Strategic challenges facing banks and the benefits of effective risk management Maintaining revenues and profits where there is increasing downward pressure Strengthening the capability and status of the risk function to make or influence judgements Reduce the probability and severity of losses resulting from risk management weaknesses, particularly operational risks Lower costs through more automation/stps Optimisation of capital and liquidity Developing a sustainable and achievable strategy for the longer term Improve the speed at which information is available and the quality of that information so decisions can be made Reduce to regulatory and reputational risk to help improve and regain trust in organisations Forward looking view to future proof strategy Demonstrating effective control over large, complex institutions when the perception is that this is not possible, and where there is pressure for individuals to attest with severe penalties on individuals for failures Transparency, looking through the complexity Confidently and comfortably able to attest Value add analysis and MI Consumers Business Finance & Treasury Snr Mgmt & Board Investors Rating Agencies Customers Regulators Challenges being pushed onto banks Change in approved persons regime/sif regime - the onus is on the individuals themselves Focus on the resilience, resolvability and stability of the banking sector as a key part of the economy Rethink of supervisory approach away from only a controls assessment focus, to a more detailed assessment, requiring a significant increase in reporting and ad-hoc requests BCBS risk data aggregation and reporting principles FSBs development of a common data template Basel s large exposures requirements Other regulatory reporting e.g. COREP, FINREP, Basel III, RRPs, FATCA, EMIR etc. Source: KPMG International, May 2013.
11 Risk Data Aggregation 10 In terms of meeting the principles, there is likely to be an issue in identifying and managing the data required to produce both ongoing risk reporting and the data likely to be required to respond to specific regulatory requests in times of stress. Secondly, managing the above data so that this meets the BCBS principles is also going to be a significant challenge. Thirdly, for most G-SIBs, the data architecture/strategy is likely to involve multiple, disparate programmes rather than a single structure, meaning that coordination and reporting is going to be difficult and complex. Within this context, it makes sense to address first the principal regulatory requirements which banks are already required to meet. In the US, there is the annual stress test that has been underway since 2009; in the EU, there is the big ECB/ EBA stress test under way at present. So the first task should be to look at the data which the regulatory authorities require for stress testing; and at what the firm itself needs for internal stress testing. The importance of the conduct agenda and interpreting data adjunct to customer-centricity must not be overlooked. The real competitive advantage here can come from the successful integration and analysis of customer data to develop a better understanding of customer needs and thereby enable banks to serve these customers more effectively, efficiently and profitably. There is a raft of new and emerging requirements which drive change to risk data and these vary between jurisdictions. These include: Trade reporting for OTC derivatives which require granular information on positions, counterparties, valuation and collateral; COREP/FINREP capital and financial reporting in Europe which also require significantly more, and more granular, information on risks positions and concentrations as well as parallel data on capital, funding and financial position; Other BCBS initiatives, such as revisions to the large exposures regime which will require more frequent and granular information on risk concentrations, and changes to the trading book regime, which will fundamentally impact the designation of risk positions as trading or non trading, and also the associated valuation calculations; ns; Other risk governance initiatives, including multiple papers from the FSB and BCBS which set out to clarify best practice, accountabilities of Senior Management and the Board, and associated reporting and information requirements; and finally IFRS 9, which significantly changes fair value measurement for financial instruments by introducing the concept of calculating an expected loss but continues to leave gaps between regulatory and financial approaches maintaining the need for dual reporting which must be aligned. The emerging regulatory agenda now affects almost every aspect of how a bank controls its operations. Together, these represent a huge new data reporting obligation which can only be tackled effectively with a holistic approach considering the impact on the organization overall rather than a siloed approach by risk type or division (see Figure 2). Individual projects need to be subsumed into a coherent framework of improved data management, streamlined processes and cost reductions. This also reflects the nature of the external environment. The emerging regulatory agenda now affects almost every aspect of how a bank controls its operations. Assessing impacts on capital, liquidity and collateral has become crucial to optimizing business decisions and returns. The scarcity and cost of both capital and funding requires a more integrated approach to capital buffers. Reliable data, which can be generated and aggregated quickly, is now a critical enabler. And Senior Management and the Board need a clear understanding of the macro-economic environment and an assessment of the various risks presented. A coherent and holistic approach is essential. This also implies that any project structure has to include representation from all significant functions from risk and IT to HR and customer relations and all significant geographies since the specific reporting requirements will vary by jurisdiction. Establishing an overarching programme governance structure to monitor the delivery of the BCBS requirements through existing and, where required, new underlying initiatives will embed sufficient structure and rigour whilst avoiding the paralysis that can result from an unwieldy and all encompassing mega programme. At a minimum the overarching governance should: Set standards for compliance with the requirements of BCBS; Convert the principles of BCBS into designs to be applied consistently across the group; Act as the design authority for the end state systems and data architecture; Review business requirements for existing projects and revised as appropriate to meet requirements of BCBS; Monitor delivery and adherence to end state architecture and key BCBS driven designs requirements; and Lead demonstration of risk data aggregation capability.
12 11 Risk Data Aggregation Are there really long-term benefits As we have suggested, there is significant potential value to be obtained from effective risk data aggregation, storage and analysis, beyond simple regulatory compliance. The ability to consolidate and synchronize all relevant risk data can lay the foundation for a more overarching and consistent analysis, enabling better business management, better risk management and optimized operating models. High-quality and quality-assured risk data should lead to improved decision-making, greater confidence and a more stable strategy. With greater confidence in data validity, risk IT architecture can be streamlined, leading to efficiencies in both routine operations and in maintenance and development. In turn, these benefits can offer improved ability to respond quickly and effectively to changes in corporate strategy, operating environment or indeed regulatory demands. If regulators have greater confidence in a bank s risk data and the aggregation machinery underlying it, the whole regulatory compliance system can become simpler and less challenging. Improved data aggregation can bring direct economic benefits and reduced capital requirements. Currently, for example, a significant proportion of a bank s collateral contracts are ineffectively captured, and so cannot contribute to riskweighted capital calculations. More comprehensive and accurate data aggregation methodology can bring this into the equation. Systems for transmitting and reporting risk data need to be built into any improved data aggregation framework, since its value is dependent on the ease and timeliness with which senior management can take the results into account. The same argument applies to communication with regulators, who will value rapid and accurate regular reporting as well as a speedy response to ad hoc requirements. Achieving the benefits requires moves towards modern approaches to data management. However, it may be a happy accident that the challenges to data management currently being posed to banks, and typified by BCBS 239, coincide with major new trends in data architecture which could make their resolution much more practicable. For example, the Lambda data architecture pattern. This pattern enables real time data streaming and large scale batch processing to support in-depth machine learning and behavior change detection using technologies pioneered by Twitter and Yahoo. BCBS 239 could be a significant potential catalyst for change in this area. The necessary initiatives clearly need to be defined and implemented in ways which balance costs and potential benefits. But since the results should include increased confidence, reduced potential for loss, efficiency gains and increased profits, significant effort and expenditure will often be economically worthwhile. Thus, managing data is not a regulatory compliance exercise but a business imperative. Managing data is not a regulatory compliance exercise but a business imperative.
13 Risk Data Aggregation 12 The data issue in the broader regulatory context BCBS 239 itself is only part of a major shift in the regulatory philosophy and framework, in how wider society regards banks, and in the power relationships between banks, regulators and policymakers. At the same time, regulators are increasingly intervening in the details of the systems and processes through which banks manage themselves. In many respects, the financial crisis did seem to demonstrate, to policymakers and the wider public alike, that the banking industry was not only unwilling but incapable of managing itself in an economically prudent and socially acceptable manner. The new regulatory agenda is focused, not on requiring more data to be reported per se but on remaking banks internal systems and processes in directions which regulators themselves mandate. The challenge to corporate autonomy and responsibility which these developments represent has proved surprising to some, but is nevertheless real and must be acknowledged. Responding to it requires at the least that banks radically simplify and streamline data management, information structures and processes. The upside should be cost reduction, increased efficiency and improved returns on capital. The need for action on the data issue has been recognized for some time. New regulatory requirements such as BCBS 239 should now catalyze the necessary response. If banks fail to get this right, they will fail to satisfy the regulators and their shareholders. More importantly, they will continue to lack the information they need to run their businesses properly and lose market share to the digital and customer centric challenger banks. Banks are no longer regarded as primarily benign and beneficial economic actors: they are increasingly seen as potentially dangerous to financial and economic stability. Hence banking regulation is likely to develop in future in a manner analogous to other dangerous industries such as the chemicals industry. The Asset Quality Review, RDA, resolution planning, stress testing and so on are all part of a process which will result in banks no longer being able to do their own data analysis and submit standard periodical reports. Instead, they will by contrast have to deliver all relevant data in real time to regulators who will undertake their own analysis and stress-testing and form their own judgments.
14 13 Risk Data Aggregation Conclusion BCBS 239 is only one piece of a wider regulatory drive to improve the quality of information which Senior Management and the Board uses to inform itself and its stakeholders on the current and expected state of their business. Supervisors in turn hope that improvements in the quality, timeliness and breadth of risk information will help them to better inform themselves on the current and expected state of the wider market. The scale of investment to get there, however, is substantial. Supervisors believe management can benefit from the exercise, thereby justifying the substantial cost and time involved in meeting the requirements. For management of financial institutions therefore, it is critical to plan comprehensively to ensure they do, in fact, drive opportunity and not just compliance from their efforts.
15 Risk Data Aggregation 14
16 15 Risk Data Aggregation Contact us John Hall Partner, Data Insight Services KPMG in the UK T: E: Brian J. Hart Principal, Advisory KPMG in the US T: E: Luscombe, Peter Partner, Financial Services KPMG in the UK T: E: Dr. Peter Stork Partner, Financial Services KPMG in Germany T: E: Nick Urry Partner, Financial Services KPMG in the UK T: E: Marco Lenhardt Partner, Financial Services KPMG in Germany T: E: Gary Richardson Director, Data & Analytics Engineering KPMG in the UK T: E: Global Financial Services Regulatory Centres of Excellence Giles Williams Partner, Financial Services Regulatory Center of Excellence, EMA region T: E: Pam Martin Managing Director, Financial Services Regulatory Centre of Excellence, Americas region KPMG in the US T: E: Simon Topping Principal Financial Services Regulatory Centre of Excellence, ASPAC region KPMG in China T: E: Hugh Kelly Principal and National Lead, Bank Regulatory Advisory KPMG in the US T: E: The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG International Cooperative ( KPMG International ), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. Printed in the United Kingdom. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. Oliver Marketing for KPMG OM017246A June 2014 Printed on recycled material.
FINANCIAL SERVICES Managing the data challenge in banking Why is it so hard? kpmg.com 1 Risk Data Aggregation Risk Data Aggregation 2 Managing the data challenge in banking Many banking organizations continue
Basel Committee on Banking Supervision Progress in adopting the principles for effective risk data aggregation and risk reporting December 2013 This publication is available on the BIS website (www.bis.org).
Basel Committee on Banking Supervision Progress in adopting the principles for effective risk data aggregation and risk reporting January 2015 This publication is available on the BIS website (www.bis.org).
Risk and Regulation It s not just about getting your ratios right Basel s far-reaching new risk IT requirements January 2013 Keiichi Aritomo Tommaso Cohen Philipp Härle Holger Harreis Kayvaun Rowshankish
Governance, Risk and Compliance (GRC) - IT perspective Introduction Current regulatory and economic conditions have created a need for financial services firms to accurately scale required levels of regulatory
Stress testing & scenario analysis 1 Enterprise stress testing and scenario analysis, the process whereby s assess their financial resilience to macro-economic or market-driven scenarios, has changed almost
Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners
Risk appetite as a dynamic management tool Background The topic of risk appetite is at the centre of attention currently. There are various reasons for this: the financial crisis, which has made it clear
IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
Regulation and Risk as Data Management Drivers September 2014 Sponsored by: Legal Entity Identifiers Editor Andrew P. Delaney email@example.com Managing Editor Sarah Underwood firstname.lastname@example.org
Basel Committee on Banking Supervision Review of the Principles for the Sound Management of Operational Risk 6 October 2014 This publication is available on the BIS website (www.bis.org). Bank for International
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
EBA/RTS/2014/11 18 July 2014 EBA final draft Regulatory Technical Standards on the content of recovery plans under Article 5(10) of Directive 2014/59/EU establishing a framework for the recovery and resolution
SOLUTION OVERVIEW SAS Solutions for Enterprise Risk Management A holistic view of risk of risk and exposures for better risk management Overview The principal goal of any financial institution is to generate
Automatic Exchange of Information The Common Reporting Standard: helping clients kpmg.com Building on FATCA: getting ready for the Common Reporting Standard The Organisation for Economic Co-operation and
www.pwc.com.cy Navigate the regulatory maze Delivering Regulatory Compliance services to the Financial Services industry September 2014 As at July 2014 there were more than 40 licensed banking institutions
Enterprise Risk Management: Time for Data Excellence Initiating a strategic response to the new Basel requirements on risk data aggregation and risk reporting Basel Committee on Banking Supervision 239,
Financial Services Regulatory Point of View The Changing Face of Regulatory Reporting: Challenges and Opportunities for Financial Institutions kpmg.com Contents Time to fix regulatory reporting Regulators
October 2015 Credit Data Management Looking Beyond DFAST, Basel III, and CECL By Oleg A. Blokhin, Jack A. Gregory, and David W. Keever Audit Tax Advisory Risk Performance An array of new and evolving regulatory
Comprehensive Assessment Q&A 22 October 2014 This document has been prepared to assist the ECB media team with queries on the comprehensive assessment. SSM in Numbers Description Number Number of banks
19.2.2013 Official Journal of the European Union C 47/1 III (Preparatory acts) EUROPEAN CENTRAL BANK OPINION OF THE EUROPEAN CENTRAL BANK of 24 May 2012 on a draft Commission delegated regulation supplementing
Basel II Pillar 3 Market Discipline and Transparency Simon Topping Hong Kong Monetary Authority 1 Outline of Presentation Market discipline and transparency the theory The challenges of achieving market
Risk & Compliance the way we see it Integrated Stress Testing A Practical Approach Contents 1 Introduction 3 2 Stress Testing Framework 4 3 Data Management 6 3.1 Data Quality 6 4 Governance 7 4.1 Scenarios,
APEX COLLATERAL Innovative solutions for enterprise-wide collateral management and optimization Post-crisis reform is driving a critical need for advanced collateral management. The parallel implementation
EIOPA-BoS-14/120 24 November 2014 Opinion of the European Insurance and Occupational Pensions Authority of 24 November 2014 on Sound principles for Crisis Prevention, Management and Resolution preparedness
SECTORS AND THEMES Successful Business Model Transformation Title here in the Financial Services Industry Additional information in Univers 45 Light 12pt on 16pt leading KPMG s Evolving World of Risk Management
Regulatory February 2014 brief A publication of PwC s financial services regulatory practice Risk governance: OCC codifies risk standards, paving the way for increased enforcement actions The Office of
Interim report: Review of the optimal approach to transition to the full NDIS This interim report has been prepared for the Board of the National Disability Insurance Agency 16 July 2014 Disclaimer Inherent
Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
From principles to practicalities Addressing Basel risk data aggregation and reporting requirements In January 2013, the Basel Committee on Banking Supervision (BCBS) issued the document Principles for
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
Data Quality for BASEL II Meeting the demand for transparent, correct and repeatable data process controls Harte-Hanks Trillium Software www.trilliumsoftware.com Corporate Headquarters + 1 (978) 436-8900
Meet challenges head on Deal Advisory / Global We can help you master Financial Restructuring. Enhancing value through financial restructuring. / 1 Your vision. Our proven capabilities. Despite its challenges,
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
Information Enabled Banking Information Management Survey - South based private sector banks kpmg.com/in Foreword KPMG India s Information Enabled Banking Survey (IEB) was conducted amongst select 10 banks.
. IOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS June 2010 1 GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS 1 Introduction 1. The objective
FINANCIAL MANAGEMENT Standard costing Insights from leading companies February 2010 ADVISORY Executive Summary The current economic crisis has created significant cost pressures on businesses. This coupled
The APRA Supervision Blueprint May 2015 www.apra.gov.au Australian Prudential Regulation Authority Contents Introduction 3 Section 1: Principles and approach 4 APRA s mission and supervisory approach 4
CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS 2 PROPOSAL 1.1 It is now widely recognised that one of the causes of the international financial
MANAGEMENT CONSULTING Planning, Budgeting and Forecasting How is your planning process helping you identify and unlock value? kpmg.co.uk Key considerations How effective and efficient is your organisation
Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
30 th January 2015 Markets Infrastructure Team, Markets Policy Division, Central Bank of Ireland, Block D, Iveagh Court, Harcourt Road, Dublin 2 RE: Consultation on Supervision of Non-Financial Counterparties
Trading Services I Spotlight Moving to the Standard Legal Entity Identifier Client Data Management 2 Understanding Client Relationships When large financial institutions refer to their clients, they are
ADVISORY SERVICES Transforming Internal Audit: A Model from Data Analytics to Assurance kpmg.com Contents Executive summary 1 Making the journey 2 The value of identifying maturity levels 4 Internal audit
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
Managing supplier failure risk kpmg.com 1 Supplier Failure Risk Management Supplier failure can destroy value in your business The failure of a critical supplier or of a supplier s critical supplier can
Enterprise Risk Management Enterprise Risk Management Understand and manage your enterprise risk to strike the optimal dynamic balance between minimizing exposures and maximizing opportunities. Today s
Public in a Survey report August 014 kpmg.co.uk 0 PUBLIC REPORTING IN A SOLVENCY ENVIRONMENT Contents Page 1 4 5 Introduction Executive Summary Public Disclosures 4 Changes to Financial Framework 11 KPMG
CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value May 2012 May 2012 1 1. Introduction 1.1. Purpose of the paper In this discussion paper
Ms. Marcia E. Asquith Office of the Corporate Secretary FINRA 1735 K Street, NW Washington, DC 20006 Re: FINRA Regulatory Notice 13-42: FINRA Requests Comments on a Concept Proposal to Develop the Comprehensive
Risk & Compliance the way we see it Credit Risk Management: Trends and Opportunities The Current State of Credit Risk Management 1 Overview The crisis exposed the shortcomings of existing risk management
Basel Committee on Banking Supervision Reducing excessive variability in banks regulatory capital ratios A report to the G20 November 2014 This publication is available on the BIS website (www.bis.org).
Basel Committee on Banking Supervision Working Paper No. 17 Vendor models for credit risk measurement and management Observations from a review of selected models February 2010 The Working Papers of the
Responsibilities, interfaces and outsourcing under Solvency II Author Lars Moormann Contact solvency email@example.com January 2013 2013 Münchener Rückversicherungs Gesellschaft Königinstrasse 107,
An economic review of the proposed change in UK legislation for online gambling taxation Summary view September 2013 This report has been prepared by KPMG LLP ( KPMG ) solely for the Remote Gambling Association
Definition: Financial management is the system by which the resources of an organisation s business are planned, directed, monitored and controlled to enable the organisation s goals to be achieved. Guidance
2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for
Bridging The Gap: Solving the Challenge of Compliance & Data Governance Banks are struggling to keep up with the data demands of regulators. New global regulations require Bank Compliance groups to provide
Advisory Risk management and the transition of projects to business as usual Financial Services kpmg.com 2 Risk Management and the Transition of Projects to Business as Usual Introduction Today s banks,
Memorandum of Understanding between the Financial Conduct Authority and the Bank of England, including the Prudential Regulation Authority Purpose and scope 1. This Memorandum of Understanding (MoU) sets
Oracle Financial Services Broker Compliance Financial institutions with retail, wealth management, and private banking businesses recognize the direct relationship between rigorous compliance processes
IBM Cognos Controller Accurate, auditable close, consolidation and reporting in a solution managed by the office of finance Highlights Provides all close, consolidation and reporting capabilities Automates
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
CPSS IOSCO Principles for financial market infrastructures: vectors of international convergence Daniela RUSSO Director General of the Directorate General Payments and Market Infrastructure European Central
Data Sheet IBM Cognos 8 Controller Financial consolidation, reporting and analytics drive performance and compliance Overview Highlights: Provides all financial and management consolidation capabilities
THOMSON REUTERS ACCELUS Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy Background
Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance
Integrating Risk and Capital Management into Strategy and Planning Key to Assessing Risk and Reward for Insurers 1 Tough Times for Insurers Many insurance company board members face the challenge of satisfying
INTEREST RATE RISK IN THE BANKING BOOK Over the past decade the Basel Committee on Banking Supervision (the Basel Committee) has released a number of consultative documents discussing the management and
Own Risk and Solvency Assessment Putting an ORSA into practice March 2014 Introduction MAS Notice 126 on Enterprise Risk Management (ERM) was released in April 2013. Included within this was the introduction
Memorandum by the Association of Investment Companies (AIC) FSA proposals fail to maintain standards for UK stock markets: The broader implications of its review of the investment entity rules 1. The AIC
PROJECT ADVISORY Effective reporting for construction projects: increasing the likelihood of project success Thought Leadership Series 13 kpmg.com/nz About the Leadership Series KPMG s Leadership Series
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
PERFORMANCE & TECHNOLOGY Using business intelligence to drive performance through accuracy in insight ADVISORY Even when a BI implementation represents a significant technical achievement processing terabytes
Enterprise Health Information Management Framework: Charting the path to bring efficiency in business operations and reduce administrative costs for healthcare payer organizations. By Santhosh Patil, Infogix
/01 PROJECT ADVISORY Stakeholder management and communication Leadership Series 3 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital programmes,
A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall