Post #2 in my series on Data aggregation and reporting principles (BCBS 239) – applied common sense
I was saddened to hear of the death on July 16th of Steven Covey, author of The Seven Habits of Highly Effective People. I have found the 7 habits very useful in my work as a data consultant.
Two of the habits apply directly to this blog post.
- Habit 1: Be Proactive
- Habit 2: Begin with the End in Mind
I imagine the authors of BCBS 239, “Principles for effective risk data aggregation and reporting principles” are also familiar with the 7 habits, since the principles appear to be based on them.
Habit 1: Be Proactive
Regulatory supervisors expect the board and senior management to “be proactive” in taking responsibility for risk data aggregation and risk reporting. The following quotes from the document illustrate my point:
Section I. “Overarching governance and infrastructure”
Paragraph 20: “… In particular, a bank’s board and senior management should take ownership of implementing all the risk data aggregation and risk reporting principles and have a strategy to meet them within a timeframe agreed with their supervisors… by 2016 at the latest.”
Paragraph 21. “A bank’s board and senior management should promote the identification, assessment and management of data quality risks as part of its overall risk management framework…. A bank’s board and senior management should review and approve the bank’s group risk data aggregation and risk reporting and ensure that adequate resources are deployed.”
Habit 2: Begin with the End in Mind
I advise my clients to “Begin with the end in mind” – by defining clear, measurable and testable requirements.
The authors of the Basel principles appear to agree. The board and senior management are the people who must assess the risks faced by the financial institution, therefore they are the people who must specify the information they want in the risk reports. Don’t take my word for it – the following quotes from the document illustrate my point:
Principle 9: Clarity
Paragraph 53. “As one of the key recipients of risk management reports, the bank’s board is responsible for determining its own risk reporting requirements.
Paragraph 55: “Senior management is one of the key recipients of risk reports and is also responsible for determining its own risk reporting requirements.”
What is the impact of the above?
Regulators will expect to see evidence of documented risk reporting requirements, signed off by the board and senior management.
Where are yours?