The aftermath of the 2008 global financial meltdown created a whack of provisions and supervision recommendations for banks. Fast forward to today, and banks and regulators should, in theory, be able to avoid similar systemic meltdowns in the future. How strong is your bank’s ability to accurately assess and manage risk?
The Dodd-Frank and other provisions and banking supervision recommendations that resulted from the 2008 meltdown demand the ability of a bank to gather and understand key risk data that coincide with its risk tolerance. It’s not just a simple IT purchasing exercise, but rather a strategic approach to create a fully integrated data architecture which can aggregate and report on risk data from systems within hours instead of bi-weekly (or longer) time spans.
The Basel Committee for Banking Supervision (BCBS), a global forum and standard setter for regular cooperation and regulation of banks on banking supervisory matters, introduced BCBS 239, Principles for effective risk data aggregation and risk reporting, to address the challenge. BCBS 239 contains 14 principles aimed at strengthening risk data aggregation and reporting that touch upon key areas of systemically important banks.
For example, financial banking risk considerations should include credit risk, market risk, liquidity risk, and a number of operational risks. However, its not just about internal risks; third-party risks such as vendors and suppliers are critical considerations.
Today, if you’re part of a globally systemically important bank (G-SIB), you’re (hopefully) well on your way to meeting BCBS 239 requirements and principles with banking supervisors and financial regulators. On the other hand, if you are part of a domestically systemically important bank (D-SIB), you have a three-year requirement to comply with 239 after being designated as a D-SIB.
So, first things first: be sure to talk to your banking supervisor and make sure you got your dates and designation straight. Once you have that, there are ultimately just three big picture considerations you need to address.
Here are the three factors you really need to know about BCBS 239, whatever your designation:
Your team should communicate and have a good working relationship with the banking supervisor. Involve them early on, and show that the right risk tools are in place. This will help demonstrate a suitable level of cooperation.
Put the right internal compliance and operational risk team in place at both the IT and financial level to be able to pull together the right risk data quickly and efficiently to meet these regulatory requirements.
Be able to fully demonstrate a sound process to show that your organization has robust governance and risk management processes in place. Essentially, how does the bank satisfy each of the 14 principles in a structured manner? This process would include a combination of IT, risk data, and financial risks and illustrate how all of those moving parts interact with one another into a final report. Really, it’s that simple.
How does the bank utilize its existing IT systems and related data architecture to properly monitor their financial risks? Is the data organized in a manner that allows the bank to act in a manner to minimize risks quickly? How does all of this technology pull together risk data in a quick and efficient manner to report and monitor it? And, can you prove it with a log of required activities?
That’s it. Those are the three high level considerations to think about in your approach to BCBS 239—and with the final deadline is just around the corner, there’s no time to wait. Contact ACL to find out how our integrated data-driven solution can help you meet your regulatory requirements.
Learn more about ACL’s solutions for banks and credit unions.