Embed Size (px)
Citation preview
Amsterdam • 12 October 2015
BCBS 239ING BankFabienne LibertHead of Risk Services
1. About ING
2. BCBS 239
3. Global Data Management
4. Finance Risk integration
Index
2
• ING is a global financial institution with a strong European base, offering banking services through its operating company ING Bank and holding a significant stake in the listed insurer NN Group N.V. The purpose of ING Bank is to empower people to stay a step ahead in life and in business. ING Bank’s more than 52,000 employees offer retail and commercial banking services to customers in over 40 countries.
• ING Group shares are listed (in the form of depositary receipts) on the exchanges of Amsterdam (INGA NA, ING.AS), Brussels and on the New York Stock Exchange (ADRs: ING US, ING.N).
About ING
3
• Sustainability forms an integral part of ING’s corporate strategy, which is demonstrated by the inclusion of ING Group shares in the FTSE4Good index and the Dow Jones Sustainability Index (Europe and World), in which ING is the industry leader in the diversified financials group.
Our purpose
4
5
BCBS 239Principles for effective risk data aggregation and risk reporting
6
Background (1/2)BCBS 239 Principles
Overarching Governance and Infrastructure
Risk Data Aggregation Capabilities
P1: Governance
P2: Data Architecture and IT infrastructure
Governance – A bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee.
Data architecture and IT infrastructure – A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles.
P3: Accuracy and Integrity Accuracy and Integrity – A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimise the probability of errors.
P4: Completeness
P5: Timeliness
P6: Adaptability
Completeness – A bank should be able to capture and aggregate all material risk data across the banking group. Data should be available by business line, legal entity, asset type, industry, region and other groupings, as relevant for the risk in question, that permit identifying and reporting risk exposures, concentrations and emerging risks.
Timeliness – A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principles relating to accuracy and integrity, completeness and adaptability. The precise timing will depend upon the nature and potential volatility of the risk being measured as well as its criticality to the overall risk profile of the bank. The precise timing will also depend on the bank-specific frequency requirements for risk management reporting, under both normal and stress/crisis situations, set based on the characteristics and overall risk profile of the bank.
Category Principle Summary
Adaptability – A bank should be able to generate aggregate risk data to meet a broad range of on-demand, ad hoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
7
Risk Reporting Practices
Supervisory Review, tools and cooperation *
P7: Accuracy
P8: Comprehensiveness
Accuracy - Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated.
Comprehensiveness - Risk management reports should cover all material risk areas within the organisation. The depth and scope of these reports should be consistent with the size and complexity of the bank’s operations and risk profile, as well as the requirements of the recipients. .
P9: Clarity and usefulness Accuracy and Integrity – A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimize the probability of errors.
P10: Frequency
P11: Distribution
Frequency – The board and senior management (or other recipients as appropriate) should set the frequency of risk management report production and distribution. Frequency requirements should reflect the needs of the recipients, the nature of the risk reported, and the speed, at which the risk can change, as well as the importance of reports in contributing to sound risk management and effective and efficient decision-making across the bank. The frequency of reports should be increased during times of stress/crisis.
Distribution - Risk management reports should be distributed to the relevant parties while ensuring confidentiality is maintained.
Category Principle Summary
Principles 1 to 11 are the guidelines for Banks, while the principles 12-14 (*) describe the role the supervisors play in monitoring ongoing compliance.
Background (2/2)BCBS 239 Principles
BCBS 239 principles
8
You can only manage what you measure
9
BCBS239: Executive Summary14 Principles for effective risk data aggregation and risk reporting were issued by the Basel Committee in January 2013 under the BCBS 239 paper)
Effective implementation of the Principles is expected to enhance the risk management as well as the decision-making processes and further improve the resolvability of the banks in order to avoid another 2008 crisis.
External:• Moving from a template-driven reporting to data-driven reporting
(AQR lessons learned)• Achieving compliance towards the BCBS 239 principles
Internal:• ING colleagues to treat data as a valuable asset• ING colleagues to improve the effectiveness of the reporting
process as they should be enabled to put more time to gain insight and make sense of data instead of effort in the creation of the reports
• Management to take decisions based on reliable and trustable data, in time of “business-as-usual” or in time of crisis
• Embed BCBS 239 principles in policies and procedures
Strategic FitBCBS 239, although a regulatory program, is a key foundation underlying the CRO vision to empower a state of the art risk management as well as the COO vision to become the 2020 next generation digital bank, in support of the thinkforward strategy.
Time linesThe deadline has been set @ Jan 1, 2016 as so far G-SIB are concerned while for the D-SIB a 3 years compliance deadline is foreseen.
10
ING BCBS 239 Program
Getting ING’s data management right across the entire bank is essential
11
Global data management
World is changing fastRegulation and Risk culture
Digital revolution
Client’s behaviour change
New competitors
Multispeed world
COO response “In line with the Think Forward strategy, the long long-term vision for the COO domain is to be the Next Generation Digital Bank”
Building blocks Uniform & easy processes
Reliable & modern banking systems
Global data management
Enabled people with right skills
Collaborative performance culture
Uniform data governance across the bank
Trustable data: one single source of truth
Foundation for predictive data analytics
Operational excellence in data exchange
Global Data Management
Key components of ING´s global data management strategy
12
We implement a uniform data governance throughout ING
We drive a culture change that radiates data is a valued asset
We harmonise the definitions of data that we exchange across ING
We implement a standard reference architecture for data
We uniformly measure the quality of data
We use uniform policies and processes around data across ING
1 2
3 4
5 6
Brief abstract on next slides
Key components of 4Sight: Finance Risk integration
13
Common data foundation for Finance and Risk1
2
5
Reconciliation by Design
Simplify (Finance / Risk) IT process; standardise and optimise,
while being compliant with all regulations
Questions on BCBS 239
14
1. Which percentage of G-Sibs plan to be compliant by January 2016? More or less than 70%?
2. How much are banking investing to achieve compliance? (GSIBs industry average)
More or less than 100 metrics?3. Scope: Are most banks (roughly 80%) scoping more or less than 100 metrics?
More or less than USD 200 million?
(Based on McKinsey paper July 2015)
4. On average how much could a typical G-SIB extract of annual benefits with strategically targeted and run Risk and
Finance Data and technology programs? More or less than 500 million?
