In January 2013, the Basel Committee released "Principles for effective risk data aggregation and risk reporting" to help banks focus their efforts and leverage best-practices in resolving errors in risk reporting. The Committee divided the reporting principles into three key areas: governance, data aggregation, and reporting.
Even before this report came out, banks had been investing huge sums of money to address reporting issues. However, if the current reporting practices of most banks are evaluated against these principles, most banks would fall short of what is required. In this blog I will look at various examples to illustrate some of the gaps or mistakes that banks still make when trying to solve problems in risk reporting.
Data governance and accuracy are synonymous
Let's look at separate approaches to address the problem of accuracy in risk reporting.
Anecdote: At the height of the credit crisis, the board of directors and senior management of a large US regional bank, Bank A, was hit with a Memorandum of Understanding from their regulators for providing inaccurate credit risk reports. The problems with the institution’s credit risk reporting had been apparent for years. The bank had been trying to solve the problem by investing in a large data warehouse and IT infrastructure. The project ran way over budget and could not be completed in time, and the reporting errors continued. Ultimately, the bank was absorbed by a competitor because it was unable to get a handle on its credit issues and reporting.
Anecdote: Another similar regional bank, Bank B in the Midwest, got hit with a number of MRA/MRIAs from regulators on reporting errors. The bank responded by initiating a process where every key regulatory report goes through a manual audit and accuracy check by operations folks knowledgeable in the area. This included assigning key owners for reports and a process that allowed for communicating errors across the data supply chain. The process was manual, mostly through email, and took almost two to three weeks before a report was certified to be accurate. But the errors got eliminated, and the bank was able to address the issues raised by regulators effectively.
[For more from Capco's Thadi Murali, check out Data Aggregation: Why Some Banks Succeed & Others Fail.]
Both the above approaches show solutions that are not perfect -- but one bank got it right. Bank A assumed data accuracy was essentially a data aggregation problem, while Bank B understood data accuracy is first and foremost a data governance issue. It also correctly understood data governance is not only about assigning responsibility but also about implementing process where data consumers can communicate with data owners.
In my experience, the above examples illustrate a common problem, especially with larger banks. Banks assign large sums of money, without spending enough time analyzing the root causes of a problem or just assuming technology can solve everything. The reasons are myriad, ranging from reporting errors being a lower priority to not getting enough involvement from business and letting IT make all the decisions.
Data aggregation isn't about accessing data from the source but about making data accessible to the end-user
Banks usually understand data aggregation to mean setting end infrastructure like data warehouses to address the problems of data access. However, as shown by the Basel Committee report, data access means not only enabling access to the sources, but also ensuring data access to the end-user. This means building flexibility in the reporting process to help meet different business needs. It includes accessing data through dashboards, summary takeaways, and detailed drill-downs, allowing for effective slice-and-dice of data.
Anecdote: For Bank C, every group from the board down was given the same month-end credit risk report aggregated at the corporate level, with breakdowns only to the line-of-business level. This report and other reports were created from the enterprise risk data warehouse, containing terabytes of data. Many of the available reports had limited relevance to line executives and managers, and there were limited insights available at intermediate levels between individual instruments and the lines of business.
The mistake the bank made in investing in its data aggregation technology was to focus too much on the back-end, namely, data access from the source, but not enough on the front-end, the delivery of data. This is a problem with many banks, where the data exists but is not easily accessible to the end-user due to the fact that many organizations are still working with outdated, archaic business intelligence (BI) technology.
Reporting is not just delivery of data but also clarity and usability
Anecdote: At one major West Coast financial institution, Bank D, executives were given a 600-page monthly credit risk report binder full of small-type tabular data with little formatting or organization. This report was created from the enterprise risk data warehouse, containing terabytes of data. However, the report had several weaknesses. While most executives claimed to have read the report, significant, non-obvious insights were admittedly hard to come by. The reality was reports were often ignored except for a few key pages.
To ensure good reporting, banks need to make sure those end-users, personnel from business and operations, are adequately involved in the design of reports. In most cases the reports are designed by IT folks, who look at their role as ensuring that information is put into the hands of the managers, but fail to go the extra mile and ensure the information is adequately organized.
In conclusion, the above illustrates that banks have made investments, but there are still gaps in ensuring that the reports meet regulatory standards effectively for reporting. How is your organization putting the Basel Committee’s regulatory guidelines into practice? And which reporting problems do you think your bank still has?
The author would like to thank Sandeep Vishnu, as some of the anecdotes in this article are from his Capco whitepaper, "Ten Pitfalls with Credit Risk Reporting."
[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the Information IT Leadership Summit.]
Thadi Murali, CFA, is a principal consultant in Capco's banking practice. He has more than 18 years of consulting experience focusing on risk, compliance, and IT across banking, asset management, and security operations. He has helped financial industry clients in the US, ... View Full Bio