accenture risk aggregation reporting

8/12/2019 Accenture Risk Aggregation Reporting

1/20

Risk Aggregation and Reporting

More Than Just a Data Issue


2/20

ContentsCurrent Situation 4

Objectives - Basel Risk Data Aggregation and Risk Reporting 8

Observations on the Industrys Challenges 10

Formulating a Regulatory Response 12

Data as the Central Support for Risk Strategy 13

Implementation Themes and their Impact 14

Implementation Framework 16

Conclusion 18

2


3/20

3


4/20

Many banks feel overwhelmed by the sheervolume of regulation that is coming their way.It is not surprising, therefore, that when the

Basel Committee on Banking Supervision (BCBS)consultative paper, Principles for effectiverisk data aggregation and risk reporting waspublished in June 2012 it raised a numberof concerns.

Current Situation

4


5/20

In January 2013, the BaselCommittee released a final set ofPrinciples for effective risk dataaggregation and risk reporting toenhance banks ability to identifyand manage bank-wide risks. Thisdocument helps address some ofthe possible concerns raised and

it also brings up new elementsfor consideration.

The regulation outlines four key topics asshown in Figure 1. These are supportedby 14 high-level principles, intended tostrengthen banks risk data aggregationcapabilities and risk reporting practices.Globally Systemically Important Banks(G-SIBs) must implement these principlesby January 2016 and are expectedto start making progress towards

effectively implementing them fromearly 2013. National supervisors havethe discretion to apply these principlesto Domestically Systemically ImportantBanks (D-SIBs) as well.

Key Topics Summary of Four Key Topics

Overarching

governance andinfrastructure

A bank should have in place a strong governance

framework, risk data architecture and IT infrastructure.These are preconditions to ensure compliance with theseprinciples. In particular, a banks board should overseesenior managements ownership of implementing all therisk data aggregation and risk reporting principles and thestrategy to meet them within a timeframe agreed to bytheir supervisors.

Risk data aggregation

capabilities

Banks should develop and maintain strong risk dataaggregation capabilities to ensure that risk managementreports reflect the risks in a reliable way (i.e., meetingdata aggregation expectations is necessary to meetreporting expectations). Compliance with these principles

should not be at the expense of each other. These riskdata aggregation capabilities should meet all principlessimultaneously.

Risk reporting

practices

Accurate, complete and timely data is a foundation foreffective risk management. However, data alone does notguarantee that the board and senior management willreceive appropriate information to make effective decisionsabout risk. The right information needs to be presentedto the right people at the right time. Reports based onrisk data should be accurate, clear and complete. Theyshould contain the correct content and be presented to theappropriate decision-makers in a time that allows for an

appropriate response.

Supervisory review,

tools and cooperation

Supervisors will have an important role to play inmonitoring and providing incentives for a banksimplementation of, and on-going compliance with theseprinciples. They should also review compliance withthe principles across banks to determine whether theprinciples themselves are achieving their desired outcomeand whether further enhancementsare required.

5

Figure 1. Principles of Data Aggregation and Risk Reporting at a Glance

Source: Accenture analysis based upon information from the Basel Committee on Banking Supervision. Principles for ef fective risk data aggregation and risk reporting

Basel

Committee

on BankingSupervision

Principles

for effective

risk data

aggregation

and risk

reporting


6/20

6

Overall, the industry responded in apositive way, acknowledging the benefitsof improving banks risk data aggregationcapabilities and aligning their goals tothat effect.

The current regulation concerningenhancement of data process and ITsystems for measuring and reportingrisk follows a number of papers and

regulations which emphasize the needfor banks to enhance their data and ITinfrastructures. Despite the slight uneaseexpressed by the industry, the proposedtimeline for the implementation of theprinciples has not changed and 2016remains the target completion date,demonstrating the importance assignedby the regulators to this initiative.

These enhancements need to takeplace along with the implementation ofregulations addressing reporting, data andIT infrastructure. The banks are facingcompeting priorities, including multiplenew regulations such as Basel IIIReporting Rules, Recovery and ResolutionPlans (RRP), Common Reporting (COREP),Financial Reporting (FINREP), Foreign

Account Tax Compliance Act (FATCA),

Figure 2: Impact of the Data Aggregation and Reporting Regulation

The new regulation touches many points across banks operating models

Treasury

Capital Reporting

Portfolio Management

Risk Control

Accounting Group Portfolio and

Concentration Risk Control

Credit RatingManagement

Liquidity Management

Business ActivityManagement

Assets and LiabilityManagement

Cost Accounting

Implement the new riskreporting functions while majorFinance and Risk programs arein flight

Enhance infrastructure forreporting key informationparticularly that used by theboard and senior managementto identify, monitor and managethe risks

Regulators expect G-SIBs toimplement appropriate RiskReporting practices by 2016 will assess their implementationstarting in 2013 and share withFSB as of the end of 2013

Manage dependencies and implementation risk at the division

level to ensure risk reporting benefits are not compromised

Reporting / Management Information

Systems / Infrastructure

People

Investment Banking Retail Insurance

Board

Source: Accenture analysis based upon information from the Basel Committee on Banking Supervision. Principles for ef fective risk data aggregation and risk reporting


7/20

7

Improve the decision-makingprocess throughout theorganization

Reduce probability and severityof losses resulting from riskmanagement weakness(es)

BAU RiskOperations

Risk Change

Crisis ManagementSettlement Risk

Environmental Policy

Operational RiskManagement

Operational RiskControl

Group Risk Operations

and Change

Group Risk Policy Group Operational RiskImprove organizations quality ofstrategic planning and theability to manage the risk ofnew products and services

Manage dependencies and implementation risk at the division

level to ensure risk reporting benefits are not compromised

Improve speed of informationand hence decisions made

Increase the budget for start-upand operational costs moreFTEs to support extended

Finance and Risk Reportingcapabilities

Reporting / Management Information

Systems / Infrastructure

People

Private Banking International

Board

and U.S. generally accepted accountingprinciples (GAAP) as well as business-model changes that firms must undertake.

All of these require significant financialand human capital investments to deliverlong-term benefits and all make demandson the same limited resources.

As banks deal with regulatory change,they also are grappling with broadchanges in their business (see Figure2). Responding to difficult and volatileeconomic conditions, some are exitingcertain business lines or geographies,changing the profile of their portfolios ormoving to new products.


8/20

Objectives - Basel Risk Data Aggregationand Risk Reporting

Objectives Summary of ObjectivesInfrastructure Enhance the infrastructure for reporting key information,

particularly that used by the board and senior managementto identify, monitor and manage risks.

Decision-making Improve the decision-making process throughout thebanking organization.

Legal entity & global Enhance the management of information across legalentities, while facilitating a comprehensive assessment ofrisk exposures at the global consolidated level.

Reduce losses Reduce the probability and severity of losses resulting fromrisk management weaknesses.

Timeliness Improve the speed at which information is available andhence decisions can be made.

Strategic planning Improve the organizations quality of strategic planning andthe ability to manage the risk associated with new productsand services.

Table 1: Objectives Risk Data Aggregation and Risk Reporting

8

The final set of Principles for effectiverisk data aggregation and r isk reportingis intended to strengthen banks risk data

aggregation capabilities and internalrisk reporting practices. The principlesapply to risk management data, whichin the context of group risk managementalso impacts the use of P&L, regulatorycapital relevant measures such as risk-weighted assets (RWA), balance sheet,

and cash as integral and complementarydata. They also apply to internal riskmanagement models and regulatory

capital models.

Implementation is expected to enhancerisk management and decision-makingprocesses at banks . The adoption of theprinciples is expected to support thefollowing six objectives:1

1. Basel Committee on Banking Supervision. Principles for effective risk data aggregation and risk repor ting, Page 1, Introduction, item 4. Access at: http://www.bis.org/publ/bcbs239.htm


9/20

Key Topic Principles

Overarching

governance and

infrastructure

1. Governance Risk data aggregation capabilities and risk reporting practices should be subjectto strong governance arrangements consistent with other principles and guidanceestablished by the Basel Committee.

2. Data architectureand IT infrastructure

Data architecture and IT infrastructure should be designed, built and maintained tofully support risk data aggregation capabilities and risk reporting practices not onlyin normal times but also during times of stress or crisis.

Risk data

aggregation

capabilities

3. Accuracy andintegrity

A bank should be able to generate accurate and reliable risk data to meet normaland stress/crisis reporting accuracy requirements. Data should be aggregated on alargely automated basis so as to minimize errors.

4. Completeness A bank should be able to capture and aggregate all material risk data. Data

should be available by business, legal entity, asset type, industry, region and othergroupings, permitting identification of concentrations and emerging risks.

5. Timeliness A bank should generate aggregate and up-to-date data in a timely manner.The timing will depend upon the nature and potential volatility of risks, and itscriticality to the overall risk profile of the bank in normal and stress conditions.

6. Adaptability A bank should be able to generate aggregate risk data to meet a broad range ofon-demand, ad hoc risk management reporting requests, including requests duringcrises and requests to meet supervisory queries.

Risk reporting

practices

7. Accuracy Risk management reports should accurately and precisely convey aggregated riskdata and reflect risk in an exact manner. Reports should be reconciled and validated.

8. Comprehensiveness Risk management reports should cover all material risk areas. The depth and scopeof these reports should be consistent with the size and complexity of the banksoperations and risk profile, and the requirements of recipients.

9. Clarity andusefulness

Reports should communicate information in a clear and concise manner. They shouldbe easy to understand yet comprehensive enough to facilitate decision- making,including information tailored to the needs of recipients.

10. Frequency The board, senior management, and other recipients should set the frequency ofreport production and distribution. Frequency requirements should reflect theirneeds, the nature of risks, and the speed at which risks can change.

11. Distribution Risk management reports should be distributed to the relevant parties while ensuring

confidentiality is maintained.

Supervisory

review, tools and

cooperation

12. Review

13. Remedial actions& supervisorymeasures

14. Home/Hostcooperation

Note: Principles 12, 13, and 14 apply to National Supervisors. Supervisors shouldperiodically review and evaluate a banks compliance with the eleven principlesabove. They should have and use the appropriate tools and resources to requireeffective and timely remedial action by a bank to address deficiencies in its riskdata aggregation capabilities and risk reporting practices. They should cooperatewith relevant supervisors in other jurisdictions regarding the supervision andreview of the principles, and the implementation of any remedial actionif necessary.

Table 2: Risk Data Aggregation and Risk Reporting Summary of Principles

9

Risk Data Aggregation andRisk Reporting Summaryof Principles2

Source: Accenture analysis based upon information from Basel: Risk Data Aggregation & Risk Reporting

2. Basel Committee on Banking Supervision. Principles for effective risk data aggregation and risk reporting, Page 4, item 20, Page 6, Page 8, Page 11 and Page 14. Access at: http://www.bis.org/publ/bcbs239.htm

The Basel Committee provides an outlineof the four key topics, underpinned byfourteen high-level principles.


10/20

Observations on the Industrys Challenges

The final set of Principles for effectiverisk data aggregation and risk reportingoutlines some high-level guidance andimplementation themes.

The Supervisors issued the originalconsultative paper for the Principles foreffective risk data aggregation and riskreporting in June, 2012, which gave theindustry the opportunity to discuss andreflect on the potential impact of theproposed changes.3Overall, the industry issupportive of the BCBS approach and hasa number of internal programs under wayto enhance their capabilities in risk dataaggregation and risk reporting.

However, most of the banks still face

a number of challenges as they movetoward implementation of co-dependentregulations. These include:3

Board Governance andOversightThe new regulation calls for more activeinvolvement of the board of directors,which is seen as a tenet of good corporategovernance. As envisioned by the newregulation, the board is responsible foroversight while senior management isresponsible for daily operations includingrisk and controls. The regulation requiresthe board to not only understand thecontent of risk reports but to ensure thatit receives comprehensive informationwhich is pertinent and accurate to therisks of the firm. The board should alsochallenge and review risk appetite and

business plans and be assured of the riskcontrols in place for critical business.

Enhancing ExistingCapabilitiesThe new regulation calls for theimplementation or enhancement ofcapabilities such as an independentvalidation unit, automated reconciliationand other business functions whichare critical to the production of riskreports that accurately represent theaggregate risks across the enterprise.The creation of new business functionssuch as the independent validationunit with specific IT, data and reportingknowledge will impose extra costs andoperational complexity for the banks.Similarly, automated reconciliation with

single source of data requires massiveconsolidation of data sources, whichcannot be easily achieved in the contextof the current regulatory changes. Theregulators should allow some flexibilityin the way the banks can organizethemselves to address such requirements.

3. IBFed (International Banking Federation) Response on Data Aggregation and Risk Reporting, 24/09/2012. Accessed at: http://www.ibfed.org/news/ibfed-response-on-data-aggregation-and-risk-reporting-24-09-2012

10


11/20

Control FrameworkThe new regulation calls for enhancedcapabilities within the banks to managethe data quality of the risk reports, so

that the data is materially complete, withany exceptions identified and explained.Along with other requirements for on-demand reporting and ad-hoc reporting,this will require a flexible infrastructureand an operational environment thatcan meet demands for high-frequencyreporting during crises. Establishing sucha framework necessitates significantchange in banks operating modelsaccompanied by considerable investment.Similarly, the regulations call for forwardlooking capabilities to provide early

warnings of any potential breaches of risklimits, which will require the developmentof new quantitative and qualitativemethods and processes to enable thebanks to anticipate problems and providea forward looking assessment of risk.Banks may want to consider an approachthat would allow for reasonable levels ofcontrols and response to risk reporting, asthis may be more appropriate.

Implementation of thePrinciplesThe regulations call for an implementationof the principles by 2016, a timeframewhich is demanding when consideredwithin the context of other regulationsbanks are currently implementing. Thechallenge is further compounded bysimultaneous adoption or the needto apply the principles on a consistentbasis across the group. The banksneed to satisfy both the home countryand host country supervisors , whichcan also increase the difficulty ofimplementation. In addition, the deadlinefor IT implementation falls within similar

deadlines for other regulations, makingsignificant demands on existing bankresources. Banks should be accordedsome flexibility for the implementationof these principles to ref lect the multipleareas needing change.

IT/InfrastructureEnhancementThe enhancement of banks IT andinfrastructure capabilities (includingupstream and risk systems, risk data andreporting) requires significant investmentand change management. The banksare implementing a number of changeprograms and the challenge of aligningthese efforts to the rest of the regulatorychange portfolio is considerable.Moreover, the banking business ischanging its focus in terms of products,clients and geographies which putsadditional strain on regulatory changemanagement projects.

11


12/20

Formulating a Regulatory ResponseThe Regulators overriding objective is to establish financialstability. The principle-based approach defined in theBasel Committee report was developed in response tothe failures of the industry during the financial crisis.

In particular, the industry demonstrated insufficientcapabilities to aggregate risk exposures and to identifyrisk concentrations quickly and accurately, at the grouplevel and across all portfolios and legal entities. Theimplementation of these principles can help provide strongfoundations for banks resolvability, improved governance,improved business control, enhanced strategic decision-making and, ultimately, increased profitability.

Banks may want to consider the Basel Committeereport in the context of other international initiativeswhich are underway and that make concrete progress instrengthening their data aggregation capabilities. Theseinclude the Financial Stability Board (FSB) initiativesrelated to development of common data template forG-SIFIs (systemically important financial institutions) toaddress key information gaps identified during the crisis

such as bilateral exposures and exposures to countries/sectors/instruments; a public/private sector initiative todevelop a Legal Entity Identifier (LEI) system; and otherinitiatives related to data standards, such as reporting forRRP, FINREP, COREP and finally IFRS (international financialreporting standards) and FATCA.

12


13/20

4. BCBS. Principles for effective risk data aggregation and risk reporting,Page 2, Def inition. Access at: ht tp://www.bis.org/publ/bcbs239.htm

13

Data as the Central Supportfor Risk StrategyThe BCBS regulation has a strongemphasis on data aggregationcapabilities. This is a very specificconcern and explores the organizationsability to manage its risks properly andensure that they align with the businessstrategy. The regulators clearly definedthe term risk data aggregation asdefining, gathering and processing riskdata according to the banks reportingrequirements to enable the bank tomeasure its performance against it risktolerances/appetite. 4

Risk appetite is closely interlinked tothe business strategy and, togetherwith stress testing and risk/return, helpsform the framework for implementingand monitoring the business strategy.The business and risk strategy requires aprocess framework, which encompassesmultiple functions from front office torisk and reporting. The risk aggregateddata depend on the banks divisionaloperations, risk controls, governance andcapabilities. Banks may want to recognizethe importance of the new regulatorydemands given their wider focus and

consider how to address this across thedifferent dimensions of governance, riskmanagement and control, and operationsand IT capabilities.

Figure 3: Business Strategy and

Risk Appetite

Liquidity

Stress TestingRisk Appetite

Risk and Return

Holistic Approach

A B

C

Source: Accenture


14/20

Implementation Themes and their ImpactAlthough different banks are workingtowards improving their risk dataaggregation capabilities, they may wantto consider enhancing and/or changingtheir existing capabilities, or implementnew capabilities.

We have identified a number of themesemerging from these new regulations,and which banks may want to explore asthey consider actions to fill regulatorygaps. These themes include:

Inter-linkageRisk aggregation capabilities need toextend across the legal entities anddivisions of the banks. This meanschanges for local governance and for

the board, as well as risk managementcontrols and tools and IT infrastructure.

Simultaneous AdoptionCapabilities for sound risk dataaggregation and reporting principlesneed to be implemented across theorganization simultaneously, whichrequires strong coordination between thegroup and the legal entities.

Risk controlWhere there are trade-offs, banks maywant to consider increasing their visibilityand help factor the impact of such trade-offs into decision making.

Materiality

Banks may choose to consider anyrisks that have material impact uponthe overall exposure of their business,possibly extending reporting into itemswhich affect the balance sheet.

Forward-looking and early warnings

Banks may also give thought todeveloping capabilities such as earlywarning systems which can help forecastpotential breaches of risk limits that can

exceed risk tolerance. This may requirethe development of new systems andenhancements to IT capabilities and otherdata which would ultimately percolatethrough various divisions.

Incomplete data

Using incomplete data to implementprocesses and procedures or to supportexpert judgment can create challenges.Banks may consider how this couldimpact their risk analysis and reportingoperations, as more controls, resourcesand additional processes would beimplemented. They may also wantto explore how this could increaseoperational costs and IT demands acrossthe enterprise.

The themes discussed above help providea general framework for regulatoryimplementation, although the focusand effort will vary from bank to bank.Banks have already embarked on some ofthese changes and are making progress;however, they may want to approach thefull implementation of the BCBS principlesas an orchestrated response from thegroup level downwards, with strongprogram execution governance and thecareful leveraging of internal resources.

Finally, banks may want to also considerhow the implementation of theseprinciples which will inevitably changethe operating model of the bank couldintroduce volatile operational risks.

14


15/20

Implementation Themes Description of Themes

Inter-linkage High quality risk management reports rely on the existence of strong risk dataaggregation capabilities, and sound infrastructure and governance ensures theinformation flows from one to the other. Risk data aggregation capabilities and riskreporting practices are clearly inter-linked and cannot exist in isolation.

Simultaneous adoption Banks should meet all risk data aggregation and risk reporting principlessimultaneously. However, trade-offs among principles could be accepted inexceptional circumstances such as urgent/ad hoc requests for information on newor unknown areas of risk. There should be no trade-offs that materially impact riskmanagement decisions. Decision-makers at banks, in particular the board and seniormanagement, should be aware of these trade-offs and the associated limitations orshortcomings associated.

Policies and procedures Banks to have policies and processes in place regarding the application of trade-offs.Banks should be able to explain the impact of these trade-offs on their decision-making process through qualitative reports and, to the extent possible, quantitativemeasures.

Materiality In applying materiality*, banks will take into account considerations that go beyondthe number or size of the exposures not included, such as the type of risks involved,or the evolving and dynamic nature of the banking business. Banks should alsotake into account the potential future impact of the information excluded fromthe decision-making process. Supervisors expect banks to be able to explain theomissions of information as a result of applying the materiality concept.

Forward-looking and early warnings Banks should develop forward-looking reporting capabilities to provide early warningsof any potential breaches of risk limits that may exceed their risk tolerance/appetite.These risk reporting capabilities should also allow banks to conduct flexible andeffective stress testing capable of providing forward-looking risk assessments.

Supervisors expect risk management reports to enable banks to anticipate problems andprovide a forward-looking assessment of risk.

Incomplete data Expert judgment may occasionally be applied to incomplete data to facilitatethe aggregation process, as well as the interpretation of results within the riskreporting process. Reliance on expert judgment in place of complete and accuratedata should occur only on an exception basis, and should not materially impact thebanks compliance with the principles. When expert judgment is applied, supervisorsexpect that the process be clearly documented and transparent so as to allow for anindependent review of the process.

* Materiality (as defined by Basel) is the view that data and reports c an exceptionally exclude information onlyif it does not affect the banks decision-making process (i.e., decision-makers, in particular the board and senior

management, would have been influenced by the omitted information or made a different judgment if the correctinformation had been known).

Source: Accenture analysis based upon information from Basel: Risk Data Aggregation & Risk Reporting

Table 3: Implementation Themes

15


16/20

Implementation FrameworkThe regulators expect the G-SIBssubject to the 2016 timeline to startmaking progress towards effectiveimplementation of the principles, startingin early 2013. The banks are required toperform a self-assessment exercise and

define plans for the enhancement oftheir capabilities, which they would sharewith the home supervisors.5Consideringthe other regulatory initiatives thatare taking place concurrently (Basel III,Dodd-Frank, FATCA and others) banksmay also give thought to ensuring thatthe new program aligns, leverages andcomplements the initiatives withinthe bank.

As the implementation of the riskaggregation and reporting principles isfar reaching within the group, a reviewof the effective principles within theappropriate context may be considered.

We have developed a framework forimplementing the BCBS principlesconsisting of the following components(see Agile Risk Control Framework):

Governance and Risk Control

Agile Risk Control Framework

Indicators and their Aggregation

Early Warning

Risk and control governance is reflectedin an agile framework. This can allowrisk and control to adapt to their newrole of helping to improve oversightand accountability for risk and strategy.With an emphasis on the operatingeffectiveness of the board and itsability to challenge and help control themanagement of risk exposures, as wellas its alignment to the organizations riskappetite. (Figure 3).

16

Figure 3: Agile Risk Control Framework

Risk Monitoring and Control Emerging Practices and Focus Areas

Governance and Risk Control

Board and Senior Management to takeownership of risk change programs,compliance results and risk appetiteEmbed risk culture also with appropriatetargets based on risk metrics, affectingservice lines and controlling functions

Agile Risk Control Framework

Simplify the control framework,

reaffirming the role of 2nd line of defencePush controls to 1st line of defencepromoting cross checking while detailedresults are available for 2nd line of defence

Indicators and their Aggregation

MI and reporting responsibilities(indicators and aggregation) moved to the2nd line of defence

Early Warning

New efforts to invest in early warningstools (EWT) enabling a better forward-

looking reach and allowing sufficienttime to address the emerging risk situation

Governance and Risk Control is reflected in an agile framework

The Risk Control Framework includes appropriate indicators and

the capability to help aggregate them to the right level in order to bemeaningful inside the organization

Forward-looking early warning mechanism are developed to help provideappropriate advance notice about events that still have to come

Governance and

Risk Control

Indicators and

their AggregationEarly Warning

Agile Risk Control

Framework

5. Basel Committee on Banking Supervision. Principles for ef fective risk data aggregation and risk reporting, Page 16, Section V, Implementation timelines and transitionalarrangements, item 88. Access at: http://www.bis.org/publ/bcbs239.htm


17/20

Risk measures and their aggregationinclude key measures that cover on- andoff- balance sheet items. Aggregatedto the appropriate level in order to bemeaningful inside the organization,leading, for example, to risk measures thatare reconcilable to financial statements orother resources.

Early warningsare developed to helpprovide appropriate advance notice ofevents that might have an impact on thebanks resolvability.

Finally, all these components areintegrated into an Agile Risk ControlFramework.

This can provide a platform for helping toimplement the risk aggregation principleswithin the organization, balancing short-and long- term benefits and change whilealso helping to enhance capabilities in riskcontrol and risk IT infrastructure.

This approach will deliver short-termbenefits, such as the ability to betteridentify and monitor risks, whileimproving the speed of deliveringinformation to key stakeholders. This willhelp improve overall decision-making.Successive enhancements will helpimprove the organizations ability to alignits strategic planning to its risk appetiteand better manage its new products andrisk services while ensuring compliance.

17


18/20

Conclusion

The BCBS Principles on Data Aggregationand Risk Reporting have been finalizedwith the current compliance date of2016, which sets a demanding goal forglobally significant important financial

institutions. As banks mobilize toimplement the principles, they may findthemselves also balancing demandsfor other regulatory implementations,addressing changes in the currentbusiness landscape and improvements inthe effectiveness of their expenditures.

As banks explore how to properlyimplement these principles, considerationshould be given to the applicationof a sound and robust risk appetiteframework aligned to the business

strategy. The BCBS principles areintended to help strengthen the banksrisk data aggregation capabilities andinternal risk reporting practices.

However, a closer examination of howthese principles might be implementedpoints to a number of areas for possibleimprovement.

Board Governance

More responsibility and accountabilityfor the board as it is expected to befully aware of any limitation on dataaggregation. Banks may want to considera new operating model for the group andits legal entities, and between the boardand its risk function(s).

As the board improves the enterprisesoversight and accountability overrisk strategy for all entities and allmaterial business activities, banks maywant to consider how to educate onrisk and the management approachtaken by the firm. Another area ofconsideration is the composition ofnew risk committees to oversee theimplementation of the risk strategy.

Essential to performing this roleis the enterprises risk reportingcapabilities which can help deepen theorganizations line of sight by offeringthe board access to robust risk reportsinto the completeness, frequency andcomprehensiveness of material risksthey face.

Operating Effectiveness

As banks explore their options, theymay want to give thought to meetingall risk aggregation and reportingprinciples simultaneously which callsfor new functional distribution of riskmanagement and reporting. As theregulators call for the board and thesenior management to be aware of thetrade-offs and limitations across theimplementation of the different principles,establishing standards between homeand host entities is something banksmay want to consider.

Risk Management / Control

The quality of the risk reporting

information, depends upon the qualityof the risk control functions, the riskmanagement and the client relatedprocesses. A more robust Risk AppetiteFramework, with a stronger role for theRisk Management function across theorganization is an approach banks maywant to consider.

18


19/20

Capability Enhancement Risk Analytics and Reporting

As banks address this issue, more holisticdata management and forecasting

capabilities and risk reportinginfrastructure are areas of attention.Though these enhancements would varyacross different entities, risk types andbusiness lines, banks may want to givethought to how they could be integratedwithin the affected functions. Also ofinterest are the development of newapplications which can help anticipatepossible problems and provide a forwardlooking assessment of the risk.

19


20/20

References

Key Topics

Overarching Governance and Infrastructure,Risk Data Aggregation Capabilities, RiskReporting Practices, Supervisory Review,Tools and Cooperation.

Principles

Governance, Data & IT Architecture,Accuracy & Integrity, Completeness,Timeliness, Adaptability, ReportingAccuracy, Comprehensiveness, Clarityand Usefulness, Frequency, Distribution,Supervisory Review, Remedial Actions,Home /Host cooperation.

See IIF-McKinsey report on RiskIT and Operations

Strengthening Capabilities, June 2011, andIIF-Ernst & Young report on Progress in

Financial Services Risk Management,June 2012.

Author

Takis Sironis

Takis Sironis is a senior principal Accenture Risk Management. Basedin London, Takis brings 20 years ofdeep experience in business and ITtransformation in the risk managementspace for investment and retail banking.

His extensive knowledge and technicalskills in risk management processes andmethodologies and risk technologies helpsTakis drive and implement risk programs,align risk functions to business strategy andbring to market new operating models andrisk architectures. With his current focuson Capital Optimization, Stress Testingand Risk Transformation, Takis guidesorganizations on their journey to highperformance.

We would like to thank Accenture employee

John R. Morrison for his contribution to thispublication.

About AccentureManagement Consulting

Accenture is a leading provider ofmanagement consulting services worldwide.Drawing on the extensive experience of its16,000 management consultants globally,Accenture Management Consulting workswith companies and governments to

achieve high performance by combiningbroad and deep industry knowledgewith functional capabilities to provideservices in Strategy, Analytics, CustomerRelationship Management, Finance &Enterprise Performance, Operations, RiskManagement, Sustainability, and Talent andOrganization.

About Accenture RiskManagement

Accenture Risk Management consultingservices work with clients to create andimplement integrated risk managementcapabilities designed to gain highereconomic returns, improve shareholder valueand increase stakeholder confidence.

About Accenture

Accenture is a global managementconsulting, technology services andoutsourcing company, with approximately

259,000 people serving clients in morethan 120 countries. Combining unparalleledexperience, comprehensive capabilitiesacross all industries and business functions,and extensive research on the worldsmost successful companies, Accenturecollaborates with clients to help thembecome high-performance businesses andgovernments. The company generated netrevenues of US$27.9 billion for the fiscalyear ended Aug. 31, 2012. Its home page iswww.accenture.com.

DISCLAIMER:

This document is intended for generalinformational purposes only, does nottake into account the readers specificcircumstances, and may not reflect themost current developments. Accenturedisclaims, to the fullest extent permitted byapplicable law, all liability for the accuracyand completeness of the information in this

document and for any acts or omissionsmade based on such information. Accenturedoes not provide legal, regulatory, auditor tax advice. Readers are responsible forobtaining such advice from their own legalcounsel or other licensed professional.

Copyright 2013 AccentureAll rights reserved.

Accenture, its logo, andHigh Performance Delivered

13-0500_lc

accenture risk aggregation reporting

Documents