Dilip Krishna Director, Governance, Regulatory & Risk Strategies, Deloitte & Touche

Transcription

1 Track 3: Risk Management in a Data Rich Environment Standardized Information for Increased Transparency 2:20pm 3:10pm Presenter: Dilip Krishna Director, Governance, Regulatory & Risk Strategies, Deloitte & Touche

2 Standardized information for increased transparency A stress testing example Dilip Krishna, Deloitte & Touche LLP March 4, 2014

3 Data is in the spotlight The Council continues to recommend that improvement in data standards should be a high priority for financial firms as part of their risk management process and for the regulatory community not just in the United States, but globally. The Council recommends that the Office of Financial Research continue to work with the Council s member agencies to promote data standards for identification of legal entities, financial products, and transactions, and to improve access to standardized, aggregate data by the regulators." - Testimony of Secretary Jacob J. Lew before the Senate Committee on Banking, Housing, and Urban Affairs 5/21/2013 The failure or misuse of technology can impact the safety and soundness of an institution with sudden and severe losses, directly harm consumers, or both. - Martin J. Gruenberg, Chairman, Federal Deposit Insurance Corporation Stress testing is already a complex and arduous process. The presence of poor data quality can exacerbate even minor data issues and significantly hinder a bank s ability to present regulators with accurate information, - David O Connell, senior analyst for Aite Group. The very fact that central banks bear the costs of analyzing a wide range of data series suggests that policy-makers view these activities as relevant to their decisions. - Ben S. Bernanke Monetary Policy in a Data-Rich Environment Data is crucial to our core objectives and all aspects of our work. Data is the foundation for developing international standards in bank capital and liquidity requirements. Data is an integral part of researching economic issues and the labor and financial markets. Data is also central to our jobs of forecasting and identifying trends. Our understanding of interest rates, reserves, and balance sheets is built on data. In our efforts to promote financial stability, data is fundamental to stress testing. - James McAndrews, Executive Vice President and Director of Research, BIS, Feb 4, 2014 The importance of data has been increasingly recognized by regulators and industry participants alike, with a focus in the following: Capital Planning at Large Bank Holding Companies (Federal Reserve Board) Principles for effective risk data aggregation and risk reporting (Basel Committee) Progress Report on Counterparty Risk Reporting (Senior Supervisors Group) Many large banks have launched large, ambitious projects to address data (with specific focus on risk data) 2 Standardized Information for Increased Transparency

4 So why is data so difficult to do? Large organizations Data is a business issue that requires business ownership to address Data ownership (and its importance) is conceptually not well-understood within the business Complex systems The systems landscape in banks is typically complex and multi-layered Grown over many years through mergers, acquisitions and divestitures Focus has usually been on operations, not analytics Challenging business and technology interface Technology is usually set up to build a factory environment that will stand the test of time with low-operating costs Business usually wants short time-to-market and flexibility to deal with changing requirements Data quality means different things to business and technology groups A problem that can be solved however Technology is available (and becoming more inexpensive) that is capable of addressing anything that is required Data management disciplines are becoming well-understood (e.g., data governance) Regulatory focus means availability of budgets and organizational focus 3 Standardized Information for Increased Transparency

5 U.S. stress testing principles a broad approach The capital planning and stress testing program require an integration approach be established across an organization s existing systems. The implications of this on data infrastructure are quite significant. Principle 1: Risk Identification, Measurement and Assessment Principle 2: Translating Risk Principle 3: Available Capital Resources Principle 4: Impact and loss Resource Estimation Principle 5: Process of assessing capital adequacy Principle 6: Internal Controls Principle 7: Board Oversight Information technology is particular as it interfaces with multiple functional areas but should consider be implemented with a single vision. For example, the creation of a Risk Appetite Statement (RAS) has significant implications for data systems and processes. Increased transparency of data infrastructure across an organization will help better manage these needs effectively. Risk Appetite Statement (RAS) Board Senior Mgmt. Business Units and Legal Entity Oversight of risk processes Establish enterprise/firm wide risk appetite statement Determine a broad IT and MIS is in place to determine effective risk management Manage risk infrastructure and inform Board of progress where appropriate Translate RAS objectives into incentives, limits and constraints for business units, plus link to results post adverse scenarios Establish controls and monitoring for risk processes Ascertain units are aligned to organization s overall risk profile Report breaches of risk limits and exposures to Chief Risk Officer (CRO) and senior management in a timely manner Data challenges Establish a common risk data and appetite language across the organization Legacy systems need to be consolidated Alignment of interests across many levels Transform risk data infrastructure from manual to automated Risk systems need to be dynamic to allow access across the organization Flexible systems needed to account for uncertainly inherent in forecasts Long term strategic focus towards a risk data framework to determine short term interests do not delay IT projects Determine systems consistency across organization with strong governance processes Establish links to stress test results Source: BIS; Federal Reserve Board Guidance and Proposed OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks 4 Standardized Information for Increased Transparency

6 IT requirements for stress-testing data framework Several explicitly and implicitly stated IT requirements, related to Comprehensive Capital Analysis and Review (CCAR) data management and regulatory reporting, have been identified as a result of published regulations and supervisory guidance. Data Security and Privacy Data Quality Management Data Stewardship and Control/Data Governance Stress Testing Data Management Metadata Management Data Sourcing Data Processing and Storage/Data Analytics and Reporting Master Data Management Data sourcing Source complete, high-quality data elements from data producers/owners Data processing and storage Architectural components to integrate, process, store, and provide data (including risk calculation engines) Data analytics and reporting Reporting and analytics of capital and liquidity along with detailed output information including results view in management, Rosen's Acceptable Accounting Principles (RAAP) and Generally Accepted Accounting Principles (GAAP) hierarchies Master data management Harmonization and integrity of enterprise data using reference data elements Metadata management Framework and processes to determine common enterprise-wide data semantics Data quality management Framework and processes to diagnose and fix enterprise or line of business (LOB) data quality issues Data security and privacy Secure enterprise data assets from any unauthorized infringement Developing an end-to-end and comprehensive IT requirements framework will drive consistency, control, and efficiency 5 Standardized Information for Increased Transparency Data stewardship and control Organizational processes for data management Data governance Policies and processes to determine that data management is properly supported with appropriate senior management oversight and investment

7 Information architecture and data management A set of disciplines working together to determine that data is properly integrated and continuously maintained, and determine that information is available as required by users. Data Governance Metadata Data Architecture Security & Privacy Sources of Data Product/Portfolios Information Retail Exposures (Instalment) Commercial Exposure Loan Level Granularity Risk Information (Ratings, Collateral, Segments) Retail Risk Parameters (Internal and External) Commercial Involved Party Other Historical Information Delinquency Payments Charge off and Recovery Finance Information IMPR Hierarchy Balance Sheet Information Reference/master data Data Extraction Data processing and storage: Stress testing example Data Transformation, Integration Processes Model Reference Data Stress Test Model Development Data Storage Areas Detailed current position & risk parameter Data Historical Data Scenario results/forecast data Report Data Models Stress Test Scenario Definition Scenario Loss, PPNR, Capital Estimation Input Data Portfolio Analysis & Commentary Reconciliation, Hierarchies Data Reconciled, Filtered and Cleansed Data Quality Monitoring & Cleansing ICAAP Assessment & Challenge 7 Principles of ICAAP, Model Validation etc.. Analytics/Reporting Portfolio Analytics (Management Reporting, Management/RAAP/ GAAP Views, Effective Challenge etc.) DFAST Y- 14Q Y- 14M Y- 14A Capital Plan Data quality management Data Stewardship and Controls 6 Standardized Information for Increased Transparency

8 Data architecture Data architecture is composed of models, policies, rules or standards that determine which data is collected, how it is transformed, stored and accessed in data systems and in organizations. Collateral System Loans Real Estate Leasing Systems Loans - Commercial Market Data Source Systems Credit Cards Credit Systems Loans Residential General Ledger Data Investments Portfolio Data Movement Extract, transform, load Data Quality Analysis Metadata Storage Hierarchy Dimension s on each Record Data Storage and Aggregation Centralized Data Warehouse Detailed Underlying Data Loss Projection PPNR Projections Projected Financial Statements General Ledger Entries Review Reconciliation to G/L Variance analysis Questions back to data providers Model Output Analysis Projected Income Statement Losses PPNR Allowances Projected Balance Sheet Banking and Trading Book Asset Other Assets and Liabilities Capital, RWA Equity/Capital Tier 1 Capital and Tier 2 Capital Hold Co. Equity Capital Changes Data Architecture Components & Techniques Regulatory Reporting Process Reg. Report Creation Y14 A/M/Q Stress Testing Process Final Audit /Review Capital Policy (Capital Targets, Contingency Plan) Reg. Submission Architecture Components Conceptual Identification of all business entities within enterprise Integrated Create a framework that incorporates all functions within an institution. Data flow components Extract/transform/loading tools, data warehouses/ operational data stores/data marts, business intelligence and dash-boarding tools, logical data models Techniques used Relational databases, massively parallel databases, data replication, unstructured databases, statistical & data mining 7 Standardized Information for Increased Transparency

9 Example data quality dashboards FR Y-14 schedule summary level First lien schedule Data Reasonableness Overall Status Y Federal Reserve Board Data Element Business Rule Exceptions Status Outliers Loan Closing (or Origination) Date Loan Closing (or Origination) Date > 30 yrs 25 Y First Payment Date First Payment Date > As of date + 1 yr 1 G Original Loan Amount 0 >= Original Loan Amount > XX 50 R Appraisal Amount - Original Property Value Appraisal Amount - Original Property Value < 10, Y Original LTV Original LTV = R Conditional Logic Original Loan Amount vs Appraisal Amount - Original Loan Amount > 100% of Original Property Value Y Original Property Value 15 ARM Periodic Rate Floor vs ARM Lifetime ARM Periodic Rate Floor < ARM Lifetime Rate Floor Rate Floor 5 G ARM Periodic Rate Cap vs ARM Lifetime Rate ARM Periodic Rate Cap > ARM Lifetime Rate Cap Cap 4 G Bankruptcy flag vs Bankruptcy Chapter Bankruptcy flag = Y and Bankruptcy Chapter not in (7, Y 9, 11, 12, 13, U) 20 Data Completeness Overall Status R FRB Data Element Business Rule Exceptions Status Completeness Loan Number If data value is null 25 Y Property State If data value is null 100 R Data Format Overall Status G FRB Data Element Business Rule Exceptions Status Data Format Property State If not two-letter postal codes for the state 1 G Property ZIP Code If not five-digit include leading zeroes 0 G Documentation Type If not in (1-8, Y, U) 2 G Occupancy If not in (1-3, Y, U) 1 G 8 Standardized Information for Increased Transparency

10 Stress-test process automation and control environment Process and governance Common policies and procedures to support stress-testing Organizational structure, roles and responsibilities Training and documentation Policies and procedures Software versioning/code management Change management procedures Shared Database with Detailed data: Model Inputs, Outputs, Analytics Data Security Framework Version Control Software Framework technology Common technology to manage stress-test process Status & Error Reporting Graphical User Interface Reporting Taxonomies Model Integration Models Integrated into Environment Model Management Reporting Scenario Management Consumer & Industrial Commercial Commercial Real Estate Fee Income Models Consumer Net Interest Income Market Risk Trading Book PPNR Non- Interest Income Other Models Implementation Guidelines Implementation Constraints Migrating Select Models Three major components 1. Process and governance: change management process, governance structure and training requirements 2. Framework technology Technology framework to allow models to be integrated and managed Enables access to detailed data (model input/output plus other data) for ad-hoc integrated analysis of portfolio and model results 3. Model integration: Integration of models into framework either direct technology integration or integration of model data Creation of rules for direct model integration, and migration of select models at initiation 9 Standardized Information for Increased Transparency

11 Detailed data to analyze stress-test results Analysis: Storing detailed model output in an ad-hoc data environment enables deep understanding of portfolio and the working of the model. Drillable: Loan level characteristics available before and after stress runs by location, product type and loan characteristic. Projection Month-End Charge-off by State by Projection Quarter Balances charted by LTV and DSCR bins Geographic Map showing Balances (color) and Max. LTV Non-Compliant DSCR (size) vs,. Max. LTV 10 Standardized Information for Increased Transparency

12 Data Management Tools And Technologies Are Readily Available 5 DATA GOVERNANCE 4 METADATA 4 SECURITY & PRIVACY DATA ARCHITECTURE SOURCES OF DATA 1 2 DATA PROCESSING AND STORAGE 3 ANALYTICS 4 REFERENCE/ MASTER DATA 4 DATA QUALITY MGMT. 5 DATA STEWARDSHIP AND CONTROLS 1. Data integration ETL Tools 2. Data storage and processing 5. Data governance stewardship and controls Sample Technologies Available For Data Management Enterprise Service Bus vendors MPP Relational Databases Big Data environments (Hadoop etc.) 3.Data access and visualization (including applications/analytics / reporting) Traditional BI software packages Data Discovery and visualization tools Real-time dash-boarding tools 4. Data management tools Data Quality measurement and management software Master Data Management Tools Metadata tools Data Security Software Data Management Process Tools Data Governance Organization, Tools and Templates Data Models Data Quality Rules Data Control Frameworks 11 Standardized Information for Increased Transparency

13 Further Reading The Handbook of Financial Data and Risk Information (Cambridge University Press Two Volumes) Authored by leading figures in risk management and analysis, this handbook serves as a unique and comprehensive reference for the technical, operational, regulatory and political issues in collecting, measuring and managing financial data. Meant for a wide range of audiences, from financial industry practitioners and regulators responsible for implementing risk management systems, to system integrators and software firms helping to improve such systems. Volume 1 examines the business and regulatory context that makes risk information so important. Volume 2 describes a structural and operational framework for managing a financial risk data repository. 12 Standardized Information for Increased Transparency

14 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Member of Deloitte Touche Tohmatsu Limited