Effective Risk Data Aggregation & Risk Reporting

Transcription

1 Effective Risk Data Aggregation & Risk Reporting Presented by: Ilia Bolotine Head, Adastra Business Consulting (Canada) 1

2 The Evolving Regulatory Landscape in Risk Management A significant lesson learned from the global financial crisis: Banks information technology and data architectures were inadequate to support the broad management of financial risks Challenges for Financial Institutions Visibility of consolidated risk exposure Inability to oversee risks Response of Regulators BCBS Principles and reporting Increased regulatory supervision oversight Financial stability of banks and financial system Better understanding of the risks and the introduction of new regulations will drive changes in the Risk Operation mandates and capabilities at banks 2

3 An increasingly complex regulatory environment FATCA US anti-tax evasion Basel II Credit & Operational Risk Asset/Liability Management CRS Global anti-tax evasion Basel III Market & Liquidity Risk RDARR-BCBS239 Risk Data Aggregation and Risk Reporting CRM II Disclosure Local privacy regulations AML/KYC/Fraud Management Dodd-Frank/Volker Rule Regulation W Transfer Pricing 3

4 RDARR Requirements formalized in BCBS 239 Principles Introduction of Principles to Improve Risk Data Aggregation Governance & Infrastructure Risk Data Aggregation Risk Reporting Practices Supervisory Review Governance applied to RDARR & risk reporting Data & IT Architecture supports RDARR Adaptable RDARR infrastructure Accurate & reliable risk data Completeness (all material risks) Timeliness of RDARR Accuracy Comprehensiveness Clarity & Usefulness Frequency Distribution Supervisory Review Timely Remedial Action for Home Banks / Host Co-operations No Action Required 4

5 5

6 Ownership & Stewardship RDARR Governance Processes (1/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation Definition Assigns all relevant data assets to owners and data stewards, who are accountable for ensuring data assets are properly managed. This includes responsibility and decision rights regarding data definitions, classification, quality controls, and usage. DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management RDARR Use Cases Board & senior management support for data quality risk management Periodic review of risk reporting framework Data Steward Portal Data Steward Workflows 6

7 Data Classification, Metadata RDARR Governance Processes (2/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Definition Enumerates all relevant data assets, classifies them from the perspectives of security, privacy, retention and usage, and collects and maintains metadata about them. Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Data Steward Portal RDARR Use Cases Single authoritative source for each type of risk Enhanced SLA for risk data-related processes Firm s policies on data confidentiality, integrity and availability Firm s policies on data consumers and usage governance Data Steward Workflows 7

8 Data Lineage RDARR Governance Processes (3/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Definition Ensures full data lineage is collected and maintained for every data element, including its origination, storage location in each data repository, as well as all transformations, amendments, and derivations applied to it. RDARR Use Cases Maintain data lineage throughout the data cycle; from source through risk calculations and aggregation Reference Data Management Data Steward Portal Data Steward Workflows 8

9 Data Profiling RDARR Governance Processes (4/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Creates, stores, and distributes data profiles for all relevant data sets. For each data element in a data set, data profiles include as a minimum: data availability, frequency distribution, uniqueness, pattern identification, range and outliers. RDARR Use Cases Ensures the availability of data is known and can be supported Higher degree of automation to reduce the risk of errors Action plans to rectify poor data quality Data Steward Portal Data Steward Workflows 9

10 Data Validation RDARR Governance Processes (5/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Based on a set of data quality business rules, data validation identifies data elements or records that do not pass a defined set of data quality standards. Data validation is the basis for enabling DQ reporting and DQ exception management. RDARR Use Cases Robust, Accurate & Reliable controls surrounding risk data Risk Data Reconciliation Single authoritative source for risk data per each type of risk Data Steward Portal Data Steward Workflows 10

11 DQ Reporting RDARR Governance Processes (6/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Based on the outcomes of data validation, data quality reporting creates a set data quality dashboards and reports for review by the relevant stakeholders: executives, data owners and stewards, subject matter experts, etc. DQ reporting allows stakeholders to visualize the current DQ levels and trends. RDARR Use Cases Appropriate balance between risk data, analysis and interpretation, and qualitative explanations Multiple level of risk reporting (i.e. Board, Senior Management, Risk Committees etc.) Data Steward Portal Data Steward Workflows 11

12 DQ Exceptions Management RDARR Governance Processes (7/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition A process and associated workflow that identifies records with data quality issues that need to be reviewed and manually resolved by a business SME or a data steward. RDARR Use Cases Procedures for reporting and explaining errors or weaknesses in data integrity Processes to reconcile reports to risk data Automated and manual edit and reasonableness checks Inventory of the validation rules Data Steward Portal Data Steward Workflows 12

13 Data Cleansing RDARR Governance Processes (8/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Through a set of automated DQ business rules, data cleansing improves the quality of data in the relevant data sets. It may include removal of unwanted data or characters from data elements, filtering out erroneous or irrelevant records, etc. RDARR Use Cases Procedures for resolving errors or weaknesses in data integrity Support business rules for continual data quality improvement Data Steward Portal Data Steward Workflows 13

14 Data Standardization RDARR Governance Processes (9/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Data standardization conforms the data to a common standard, format, and list of values (e.g., address standardization or code value standardization). It allows data to be consistently aggregated and analysed. RDARR Use Cases Processes to build standardized data Inventory of the validation rules Procedures for reporting and explaining differing business rules, to maintain accurate risk calculations and data integrity Data Steward Portal Data Steward Workflows 14

15 Reference Data Management RDARR Governance Processes (10/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition Reference data ensures uniformity, accuracy, common understanding, accountability and governance of shared core entities used in operational process and analytics. Reference data defines the set of permissible values to be used by other data elements. RDARR Use Cases Processes to build standardized reference data, across risk systems Shared inventory of the reference data Managed by Data Stewards Data Steward Portal Data Steward Workflows 15

16 Data Steward Portal RDARR Governance Processes (11/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation Definition Provides a common, shared environment for carrying out the key data governance and stewardship activities related to direct data management, including: data quality reporting, exceptions management and reference data management. DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management RDARR Use Cases Roles and responsibilities for both the business and IT functions. Tools to support the data steward role Data Steward Portal Data Steward Workflows 16

17 Data Steward Workflows RDARR Governance Processes (12/12) RDARR Governance Processes Ownership & Stewardship Data Classification, Metadata Data Lineage Data Profiling Data Validation DQ Reporting DQ Exceptions Management Data Cleansing Data Standardization Reference Data Management Definition A number of data stewardship activities require a multi-step process and multi-stakeholder collaboration. Data steward workflows enable effective collaboration and allow for tracking and auditing the data stewardship activities. RDARR Use Cases Placement of adequate controls throughout the lifecycle of the data Defined processes to support the ongoing data quality and stewardship of the data governance Data Steward Portal Data Steward Workflows 17

18 Governance Processes applied to RDARR Building data quality improvements throughout, from detailed P&L reporting through to Executive reports Robust, Accurate & Reliable controls surrounding risk data Ensure accuracy and completeness of the balance sheet into the reports Risk Reconciliation to trading positions Provide timely access to risks and exposures, integrating multiple risk measures Providing DQ-adjusted Risk Reports on a frequent basis Comprehensiveness implies full risk exposure, from each risk area Inclusion of all material risk exposures in data aggregation, including offbalance sheet Flexible and adaptable risk data aggregation Ability to meet changing requirements for reporting Provide forward-looking risk exposures Support areas where risks emerging or concentrated 18

19 Infrastructure approach Stemming from two current states of Risk Management Risk Management and Reporting is largely automated. Current automated process needs to be amended to allow for Collection of metadata Establishing data lineage Establishing links to Data Quality processes Risk Management and Reporting is largely manual. Current process needs to be re-built 19

20 20

21 Dealing with RDARR Data Principles Metadata Management Data Lineage Data Quality Management 21

22 Dealing with RDARR Data Principles Metadata Management Data Lineage Data Quality Management 22

23 Metadata Management Definition Metadata management is the mechanism for correctly defining, integrating, and managing business, technical and operational metadata within an organization Types of Metadata Business metadata Technical metadata Operational metadata 23

24 Classes of Metadata to Manage Data Definition Data stores (Databases, Files, Universes) Generic (e.g. Corporate Data Dictionary, Corporate Data Model) Data Classification By data domain By source system By business area By security/access Etc. Data Movement Data Profiles Data Quality Metrics Report Definitions Operational Metadata Process Execution Statistics Report Execution Statistics 24

25 Data Domains, Classification Data Domains Customer Product Employee Organization Financial (GL) Investment Mortgage Credit Align data domains with organization s view of its data assets Review available metadata / data definitions 25

26 Data Definitions Description of the meaning of the data and constraints applied to it 26

27 Metadata Management Artifacts Data Models Database DDLs Data Integration Layer Architecture and Specifications, including file layouts and copybooks Business Intelligence Layer Architecture and Specifications, including semantic layer and report definitions Mapping Documents BI and DI tool repository structures Reference Data Job schedules Data Quality process architecture and rules, including DQ profiles Master data process architecture and rules Metadata Architecture and specifications, including Metadata tool repository structure. 27

28 Metadata Architecture Framework 28

29 Metadata Management Processes Develop and baseline enterprise metadata management process Obtain and define metadata requirements. Determine the appropriate metadata architectural approach Identify and Establish Standards Establish Metadata Management Metrics Implement a Managed Metadata Environment Acquire, Integrate, & Populate Metadata Repository Provision Metadata Manage & Control Metadata Environment 29

30 Dealing with RDARR Data Principles Metadata Management Data Lineage Data Quality Management 30

31 RDARR Conceptual Data Flow Data Lineage Data lineage, traceability and audit on data element level is complex due to: Complex multistep calculations involving multiple input data elements Aggregations summarizing individual values from multiple input records Conditional logic selecting input depending on other conditions The best practice approach is to instrument the RDARR solution: Incorporate data traceability as part of the solution Data lineage labels are stored and travel with the data Underlying technology supports data traceability label maintenance Existing Multiple sources of data Data Integration Data Aggregation Reporting 31

32 Dealing with RDARR Data Principles Metadata Management Data Lineage Data Quality Management 32

33 Data Quality (DQ) Definitions How well does it represent the real world? The degree of excellence exhibited by the data in relation to the portrayal of the actual phenomena How well does it serve its purpose? The totality of features and characteristics of data that bears on their ability to satisfy a given purpose How well does it correspond to specifications? The conformance of data values to business requirements and acceptance criteria How well is it internally consistent? Does it possess quality characteristics? The level to which data possesses a set of desirable attributes accuracy, completeness, currency, validity,... 33

34 Data Quality Attributes help measure, analyse, and compare DQ DQ Attribute Definition Also called Metrics, Measures, Characteristics, etc. Metric Accuracy Completeness Validity Currency/Timeliness Consistency Uniqueness Definition Whether the data element contains a value representing the information as it exists in reality. For example a drivers license is verified against a reference source. Whether the data values contain all required information. For a data element: Whether the data element contains a meaningful value. This typically excludes values such as N/A,, Unknown, etc. For a set of data elements: Whether enough of the data elements are populated. For example for a name to be complete the First and Last name need to be populated, but the middle name may be empty. For a data set: Whether all of the relevant records are available. For example loaded from the source system. Whether the data element contains a value that satisfies an established set of constraints and rules. For example for a social insurance number to be valid it needs to contain only numbers and satisfy the checksum rules. Whether the data element contains values collected or verified recent enough to satisfy business needs. Whether the values contained in a data element are consistent with the values in other data elements. For example age and date of birth, first name and gender, first name in system A vs. first name in System B. Whether a data record describing a real world object is represented only once in a data set. For example there are no duplicate records representing the same person. 34

35 A Data Governance Program Institutionalizes DQM Data Quality Management DQM Defined: The set of practices, processes and technology solutions to ensure the level of data quality is measured and managed to meet the expectations of knowledge workers and end customers 35

36 DQM Example of an Integrated DQM Solution Source DQ Validation (DQ rules) Automated Data Cleansing Target Exceptions DQ Reports Data Stewards 36

37 DQM Applied to RDARR General rationale: Banks must maintain high data quality throughout the risk management process to ensure a complete and comprehensive view of the balance sheet Result: Data quality across Risk Management will ensure accuracy in business decisions Result: Increase in DQ improves reliability of reporting Control processes need to be in place covering data quality remediation and reporting processes Periodic review of reporting process Explanation where known poor data quality exists; remediation plan Data quality improves the data aggregation and ensures accurate reporting Gives visibility to improvements in systems needed over time 37

38 38

39 Guiding Principles for CBA RDARR Measures and Thresholds The CBA reporting approach focuses on 4 key measurable Principles: Market Risk Credit Risk Liquidity Risk Operational Risk Data Accuracy Reports that accurately convey the risk data, based on CDE, number of invalid entries and number of inaccurate internal loss events Data Completeness Reports that capture all material risks across the enterprise; reconciled to the authoritative source and number of inaccurate internal loss events Reporting Accuracy Reports that convey risk data, reconciled and validated; number of report restatements and manual adjustments Data and Reporting Timeliness and Frequency Up-to-date risk data generated on time and as per frequency required for risk reporting Reports that reflect the up-to-date risks meet on-time delivery expectations by the board 39

40 Measuring against CBA-established thresholds Data Accuracy Direct result of Data Quality validations of Critical Risk Data Elements used in Risk Reporting. Credit Risk results aggregated by Retail and Non-Retail portfolios Liquidity Risk results aggregated at Enterprise level Market Risk results aggregated by Market, Non-Trading, and Counterparty risks Operational Risk DQ validation applied to ILED data at Enterprise level Definitions of Critical Risk Data Elements are maintained as Metadata Data Lineage does not apply due to direct nature of the measurements Measures G/Y/R percent of accuracy (by number of records and outstanding) 40

41 Measuring against CBA established thresholds Data Completeness Demonstrable ability to capture and aggregate all material risk data Reconciliation of aggregated risk amounts against bank s financials (GL, etc.) Definitions of Risks, data elements, and business rules used in calculations have to be maintained as metadata Data Lineage is applied to demonstrate Integrity of Completeness on both sides of reconciliation equation Levels of aggregation Credit Risk results aggregated by Enterprise, Business & Government and Consumer portfolios Liquidity Risk results aggregated at Enterprise level Market Risk results aggregated by Market, Non-Trading, and Counterparty risks Operational Risk validation applied to ILED data at Enterprise level Measures G/Y/R percent of coverage (by number of records and outstanding) 41

42 Measuring against CBA established thresholds Reporting Accuracy Reconciliation of risk amounts in reports against an authoritative source of risk data Definitions of Risks, data elements, and business rules used in calculations have to be maintained as metadata Data Lineage is applied to demonstrate Integrity of Accuracy on both sides of reconciliation equation Number of restatements banks need to consider creating an automated system for generation and submission of risk reports Level of aggregation enterprise Measures pass/fail or G/Y/R percent of availability, depending on type of risk Additional dimension demonstrable automated DQ processes applied to critical risk data 42

43 Measuring against CBA established thresholds Data and Reporting Timeliness and Frequency Availability of Critical Risk Data and Reports, as measured against SLAs Banks need to consider creating an automated system for measuring SLAs Level of aggregation enterprise Measures pass/fail or G/Y/R percent of availability, depending on type of risk 43

44 Dealing with RDARR Data Principles RDARR Governance Processes Metadata Management Data Lineage Data Quality Management Plus: Enabling Technologies 44

45 Features of a RDARR Toolkit A Toolkit should have the following features: Capture Risk Data Ability to capture source data for use within the RDARR processes to be able to measure and assign values for RDARR metrics Business Rules Engine Feature to assign key business rules to identify the inputs for metrics within the RDARR requirements Calculate RDARR Metrics Generate the RDARR metrics to support the reporting requirements Generate RDARR Reports Generate the RDARR metrics and be able to present the results to be used at various levels within the organization and for publish to the regulators in appropriate format Track and Monitor Regulatory Reporting the tool should be able to track and measure the timeliness and frequency of the regulatory reporting, which will support the RDARR metrics 45

46 Business Value of a RDARR Toolkit Accelerate RDARR compliance with CBA Measures and Thresholds Business-focused rules engine for quick mapping to the RDARR deliverables Immediately identify all RDARR Issues and Risks in support of the measureable principles - ability to obtain a view of current RDARR compliance Quickly map all domestic, global and manual data sources into the RDARR toolkit for measures and thresholds Provide a complete and transparent RDARR implementation 46

47 Thank you ADASTRA GROUP North America 8500 Leslie St., Suite 600 Markham, Ontario CANADA L3T 7M8 Tel: ADASTRA GROUP Europe Karolinská 654/ Praha 8 Prague, CZECH REPUBLIC Tel.: info@adastragrp.com 47