View
226
Download
2
Category
Preview:
Citation preview
1
Effective Risk Data Aggregation & Risk Reporting
Presented by:
Ilia BolotineHead, Adastra Business Consulting (Canada)
2
The Evolving Regulatory Landscape in Risk Management
A significant lesson learned from the global financial crisis:
Banks’ information technology and data architectures were inadequate to support the broad management of financial risks
Better understanding of the risks and the introduction of new regulations will drive changes in the Risk Operation mandates and capabilities at banks
Challenges for Financial Institutions
■ Visibility of consolidated risk exposure
■ Inability to oversee risks
■ Financial stability of banks and financial
system
Response of Regulators
■ BCBS Principles and reporting
■ Increased regulatory supervision oversight
3
An increasingly complex regulatory environment
FATCAUS anti-tax evasion
Regulation WTransfer Pricing
Asset/Liability Management
Basel IIIMarket & Liquidity Risk
Basel IICredit & Operational Risk
RDARR-BCBS239Risk Data Aggregation and Risk Reporting
Dodd-Frank/Volker Rule
Local privacy
regulations
AML/KYC/Fraud Management
CRM IIDisclosure
CRSGlobal anti-tax evasion
4
• Governance applied to RDARR & risk reporting
• Data & IT Architecture supports RDARR
• Adaptable RDARR infrastructure
Governance & Infrastructure
• Accurate & reliable risk data
• Completeness (all material risks)
• Timeliness of RDARR
Risk Data Aggregation
• Accuracy
• Comprehensiveness
• Clarity & Usefulness
• Frequency
• Distribution
Risk Reporting Practices
• Supervisory Review
• Timely Remedial Action
• Home / Host Co-operations
Supervisory Review
No Action Required
for Banks
RDARR Requirements formalized in BCBS 239 Principles
Introduction of Principles to Improve Risk Data Aggregation
6
Ownership & StewardshipRDARR Governance Processes (1/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Board & senior management support for data
quality risk management • Periodic review of risk reporting framework
DefinitionAssigns all relevant data assets to owners and data stewards, who are accountable for ensuring data assets are properly managed. This includes responsibility and decision rights regarding data definitions, classification, quality controls, and usage.
7
Data Classification, MetadataRDARR Governance Processes (2/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Single authoritative source for each type of risk• Enhanced SLA for risk data-related processes• Firm’s policies on data confidentiality, integrity and
availability• Firm’s policies on data consumers and usage
governance
DefinitionEnumerates all relevant data assets, classifies them from the perspectives of security, privacy, retention and usage, and collects and maintains metadata about them.
8
Data LineageRDARR Governance Processes (3/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Maintain data lineage throughout the data cycle;
from source through risk calculations and aggregation
DefinitionEnsures full data lineage is collected and maintained for every data element, including its origination, storage location in each data repository, as well as all transformations, amendments, and derivations applied to it.
9
Data ProfilingRDARR Governance Processes (4/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Ensures the availability of data is known and can be
supported• Higher degree of automation to reduce the risk of
errors • Action plans to rectify poor data quality
DefinitionCreates, stores, and distributes data profiles for all relevant data sets. For each data element in a data set, data profiles include as a minimum: data availability, frequency distribution, uniqueness, pattern identification, range and outliers.
10
Data ValidationRDARR Governance Processes (5/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Robust, Accurate & Reliable controls surrounding
risk data • Risk Data Reconciliation• Single authoritative source for risk data per each
type of risk
DefinitionBased on a set of data quality business rules, data validation identifies data elements or records that do not pass a defined set of data quality standards. Data validation is the basis for enabling DQ reporting and DQ exception management.
11
DQ ReportingRDARR Governance Processes (6/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Appropriate balance between risk data, analysis
and interpretation, and qualitative explanations• Multiple level of risk reporting (i.e. Board, Senior
Management, Risk Committees etc.)
DefinitionBased on the outcomes of data validation, data quality reporting creates a set data quality dashboards and reports for review by the relevant stakeholders: executives, data owners and stewards, subject matter experts, etc. DQ reporting allows stakeholders to visualize the current DQ levels and trends.
12
DQ Exceptions ManagementRDARR Governance Processes (7/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Procedures for reporting and explaining errors or
weaknesses in data integrity• Processes to reconcile reports to risk data• Automated and manual edit and reasonableness
checks• Inventory of the validation rules
DefinitionA process and associated workflow that identifies records with data quality issues that need to be reviewed and manually resolved by a business SME or a data steward.
13
Data CleansingRDARR Governance Processes (8/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Procedures for resolving errors or weaknesses in
data integrity• Support business rules for continual data quality
improvement
DefinitionThrough a set of automated DQ business rules, data cleansing improves the quality of data in the relevant data sets. It may include removal of unwanted data or characters from data elements, filtering out erroneous or irrelevant records, etc.
14
Data StandardizationRDARR Governance Processes (9/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Processes to build standardized data• Inventory of the validation rules • Procedures for reporting and explaining differing
business rules, to maintain accurate risk calculations and data integrity
DefinitionData standardization conforms the data to a common standard, format, and list of values (e.g., address standardization or code value standardization). It allows data to be consistently aggregated and analysed.
15
Reference Data ManagementRDARR Governance Processes (10/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Processes to build standardized reference data,
across risk systems• Shared inventory of the reference data• Managed by Data Stewards
DefinitionReference data ensures uniformity, accuracy, common understanding, accountability and governance of shared core entities used in operational process and analytics. Reference data defines the set of permissible values to be used by other data elements.
16
Data Steward PortalRDARR Governance Processes (11/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Roles and responsibilities for both the business and
IT functions. • Tools to support the data steward role
DefinitionProvides a common, shared environment for carrying out the key data governance and stewardship activities related to direct data management, including: data quality reporting, exceptions management and reference data management.
17
Data Steward WorkflowsRDARR Governance Processes (12/12)
RDARR Governance
Processes
Data Profiling
Data Validation
DQ Reporting
DQ Exceptions Management
Data Cleansing
Data Standardization
Reference Data Management
Data Steward Portal
Data Steward Workflows
Data Classification, Metadata
Ownership & Stewardship
Data Lineage
RDARR Use Cases• Placement of adequate controls throughout the
lifecycle of the data• Defined processes to support the ongoing data
quality and stewardship of the data governance
DefinitionA number of data stewardship activities require a multi-step process and multi-stakeholder collaboration. Data steward workflows enable effective collaboration and allow for tracking and auditing the data stewardship activities.
18
Governance Processes applied to RDARR
• Building data quality improvements throughout, from detailed P&L reporting through to Executive reports– Robust, Accurate & Reliable controls surrounding risk data
• Ensure accuracy and completeness of the balance sheet into the reports– Risk Reconciliation to trading positions
• Provide timely access to risks and exposures, integrating multiple risk measures– Providing DQ-adjusted Risk Reports on a frequent basis
• Comprehensiveness implies full risk exposure, from each risk area– Inclusion of all material risk exposures in data aggregation , including off-
balance sheet
• Flexible and adaptable risk data aggregation – Ability to meet changing requirements for reporting
• Provide forward-looking risk exposures – Support areas where risks emerging or concentrated
19
Infrastructure approach
• Risk Management and Reporting is largely automated.– Current automated process needs to be amended to allow for
• Collection of metadata
• Establishing data lineage
• Establishing links to Data Quality processes
• Risk Management and Reporting is largely manual.– Current process needs to be re-built
Stemming from two current states of Risk Management
23
Metadata Management
• Metadata management is the mechanism for correctly defining, integrating, and managing business, technical and operational metadata within an organization
• Types of Metadata
– Business metadata
– Technical metadata
– Operational metadata
Definition
24
Classes of Metadata to Manage
• Data Definition– Data stores (Databases, Files, Universes)– Generic (e.g. Corporate Data Dictionary, Corporate Data Model)
• Data Classification– By data domain– By source system– By business area– By security/access– Etc.
• Data Movement• Data Profiles• Data Quality Metrics• Report Definitions• Operational Metadata
– Process Execution Statistics– Report Execution Statistics
25
Data Domains, Classification
• Align data domains with organization’s view of its data assets• Review available metadata / data definitions
Data Domains
Customer Product
Investment
Mortgage
Credit
Employee OrganizationFinancial
(GL)
27
Metadata Management Artifacts
• Data Models
• Database DDLs
• Data Integration Layer Architecture and Specifications, including file layouts and copybooks
• Business Intelligence Layer Architecture and Specifications, including semantic layer and report definitions
• Mapping Documents
• BI and DI tool repository structures
• Reference Data
• Job schedules
• Data Quality process architecture and rules, including DQ profiles
• Master data process architecture and rules
• Metadata Architecture and specifications, including Metadata tool repository structure.
29
Metadata Management
• Develop and baseline enterprise metadata management process
• Obtain and define metadata requirements.
• Determine the appropriate metadata architectural approach
• Identify and Establish Standards
• Establish Metadata Management Metrics
• Implement a Managed Metadata Environment
• Acquire, Integrate, & Populate Metadata Repository
• Provision Metadata
• Manage & Control Metadata Environment
Processes
31
RDARR Conceptual Data Flow
• Data lineage, traceability and audit on data element level is complex due to:– Complex multistep calculations involving multiple input data elements– Aggregations summarizing individual values from multiple input records– Conditional logic selecting input depending on other conditions
• The best practice approach is to instrument the RDARR solution:– Incorporate data traceability as part of the solution– Data lineage labels are stored and travel with the data– Underlying technology supports data traceability label maintenance
Data Lineage
Data IntegrationExisting Multiple sources of data
Data Aggregation
Reporting
33
Data Quality (DQ)
• How well does it represent the real world? – “The degree of excellence exhibited by the data in relation to
the portrayal of the actual phenomena”
• How well does it serve its purpose? – “The totality of features and characteristics of data that bears
on their ability to satisfy a given purpose”
• How well does it correspond to specifications? – “The conformance of data values to business requirements and
acceptance criteria”
• How well is it internally consistent?
• Does it possess quality characteristics?– “The level to which data possesses a set of desirable attributes –
accuracy, completeness, currency, validity, ...”
Definitions
34
Data Quality Attributes help measure, analyse, and compare DQ
• Also called Metrics, Measures, Characteristics, etc.
DQ Attribute Definition
Metric Definition
Accuracy Whether the data element contains a value representing the information as it exists in reality. For example a drivers license is verified against a reference source.
Completeness Whether the data values contain all required information. For a data element: Whether the data element contains a meaningful value. This
typically excludes values such as “N/A”, “ ”, “Unknown”, etc. For a set of data elements: Whether enough of the data elements are populated. For
example for a name to be complete the First and Last name need to be populated, but the middle name may be empty.
For a data set: Whether all of the relevant records are available. For example loaded from the source system.
Validity Whether the data element contains a value that satisfies an established set of constraints and rules. For example for a social insurance number to be valid it needs to contain only numbers and satisfy the checksum rules.
Currency/Timeliness Whether the data element contains values collected or verified recent enough to satisfy business needs.
Consistency Whether the values contained in a data element are consistent with the values in other data elements. For example age and date of birth, first name and gender, first name in system A vs. first name in System B.
Uniqueness Whether a data record describing a real world object is represented only once in a data set. For example there are no duplicate records representing the same person.
35
A Data Governance Program Institutionalizes DQM
Data Quality Management
• DQM Defined:– The set of practices, processes and technology solutions to
ensure the level of data quality is measured and managed to meet the expectations of knowledge workers and end customers
36
DQMExample of an Integrated DQM Solution
Exceptions
AutomatedData Cleansing
Source
DQ
Reports
Data Stewards
Target
DQ Validation (DQ rules)
37
DQM Applied to RDARR
• General rationale: Banks must maintain high data quality throughout the risk management process to ensure a complete and comprehensive view of the balance sheet– Result: Data quality across Risk Management will ensure
accuracy in business decisions– Result: Increase in DQ improves reliability of reporting
• Control processes need to be in place covering data quality remediation and reporting processes– Periodic review of reporting process– Explanation where known poor data quality exists; remediation plan– Data quality improves the data aggregation and ensures accurate
reporting
• Gives visibility to improvements in systems needed over time
39
Guiding Principles for CBA RDARR Measures and Thresholds
• Data Accuracy– Reports that accurately convey the risk data, based on CDE, number of invalid entries
and number of inaccurate internal loss events
• Data Completeness– Reports that capture all material risks across the enterprise; reconciled to the
authoritative source and number of inaccurate internal loss events
• Reporting Accuracy– Reports that convey risk data, reconciled and validated;
– number of report restatements and manual adjustments
• Data and Reporting Timeliness and Frequency– Up-to-date risk data generated on time and as per frequency required for risk reporting
– Reports that reflect the up-to-date risks meet on-time delivery expectations by the board
Credit RiskLiquidity
RiskMarket Risk
Operational Risk
The CBA reporting approach focuses on 4 key measurable Principles:
40
Measuring against CBA-established thresholds
• Direct result of Data Quality validations of Critical Risk Data Elements used in Risk Reporting.– Credit Risk – results aggregated by Retail and Non-Retail portfolios
– Liquidity Risk – results aggregated at Enterprise level
– Market Risk – results aggregated by Market, Non-Trading, and Counterparty risks
– Operational Risk – DQ validation applied to ILED data at Enterprise level
• Definitions of Critical Risk Data Elements are maintained as Metadata
• Data Lineage does not apply due to direct nature of the measurements
• Measures – G/Y/R percent of accuracy (by number of records and outstanding)
Data Accuracy
41
Measuring against CBA established thresholds
• Demonstrable ability to capture and aggregate all material risk data • Reconciliation of aggregated risk amounts against bank’s financials
(GL, etc.)– Definitions of Risks, data elements, and business rules used in calculations
have to be maintained as metadata– Data Lineage is applied to demonstrate Integrity of Completeness on both
sides of reconciliation equation
• Levels of aggregation– Credit Risk – results aggregated by Enterprise, Business & Government
and Consumer portfolios– Liquidity Risk – results aggregated at Enterprise level– Market Risk – results aggregated by Market, Non-Trading, and
Counterparty risks– Operational Risk – validation applied to ILED data at Enterprise level
• Measures – G/Y/R percent of coverage (by number of records and outstanding)
Data Completeness
42
Measuring against CBA established thresholds
• Reconciliation of risk amounts in reports against an authoritative source of risk data– Definitions of Risks, data elements, and business rules used in
calculations have to be maintained as metadata– Data Lineage is applied to demonstrate Integrity of Accuracy on
both sides of reconciliation equation
• Number of restatements – banks need to consider creating an automated system for generation and submission of risk reports
• Level of aggregation – enterprise • Measures – pass/fail or G/Y/R percent of availability,
depending on type of risk• Additional dimension – demonstrable automated DQ
processes applied to critical risk data
Reporting Accuracy
43
Measuring against CBA established thresholds
• Availability of Critical Risk Data and Reports, as measured against SLAs
• Banks need to consider creating an automated system for measuring SLAs
• Level of aggregation – enterprise
• Measures – pass/fail or G/Y/R percent of availability, depending on type of risk
Data and Reporting Timeliness and Frequency
44
Dealing with RDARR Data Principles
Data Lineage
Data Quality Management
Plus: Enabling Technologies
Metadata Management
RDARR Governance Processes
45
Features of a RDARR Toolkit
• Capture Risk Data – Ability to capture source data for use within the RDARR
processes to be able to measure and assign values for RDARR metrics
• Business Rules Engine – Feature to assign key business rules to identify the
inputs for metrics within the RDARR requirements
• Calculate RDARR Metrics – Generate the RDARR metrics to support the
reporting requirements
• Generate RDARR Reports – Generate the RDARR metrics and be able to
present the results to be used at various levels within the organization and for publish to the regulators in appropriate format
• Track and Monitor Regulatory Reporting – the tool should be
able to track and measure the timeliness and frequency of the regulatory reporting, which will support the RDARR metrics
A Toolkit should have the following features:
46
Business Value of a RDARR Toolkit
• Accelerate RDARR compliance with CBA Measuresand Thresholds
• Business-focused rules engine for quick mapping to the RDARR deliverables
• Immediately identify all RDARR Issues and Risks in support of the measureable principles - ability to obtain a view of current RDARR compliance
• Quickly map all domestic, global and manual data sources into the RDARR toolkit for measures and thresholds
• Provide a complete and transparent RDARR implementation
Recommended