The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

BCBS’ Corporate Governance Paper Highlights Need for a “Sufficiently Robust” IT Infrastructure for Risk Management

Share article

In keeping with the recent onslaught of regulatory papers aimed at fostering a more risk aware financial services industry, the Basel Committee on Banking Supervision (BCBS) has published yet another consultative paper this week, this time focused on corporate governance. The paper includes 14 principles aimed at sparking investment by firms into their risk infrastructures and a more responsible attitude to risk management, a key part of which is having access to the right data at the right time.

Of course, the document is largely focused on the need for an independent risk function and details the governance structures and incentives that should be set in place around this function, rather than describing technology and data requirements per se. However, the principles do include recommendations around the amount and quality of the data that must be made available to the risk function and senior management for decision making purposes. It also stresses the need for firms to revisit their current technology capabilities in light of the changes in the market overall, thus using both quantitative and qualitative risk analysis.

The new BCBS principles are therefore based on its original 2006 guidance on the subject of governance that has been updated to reflect the failings highlighted during the financial crisis. This includes a call to action for banks to ensure their infrastructure is up to the task: “the sophistication of the bank’s risk management and internal control infrastructures should keep pace with any changes to the banks’ risk profile (including its growth) and to the external risk landscape”.

Much the same as other recent papers on the subject of risk, the notion of stress and scenario testing rears its head in the BCBS paper also. This adds fuel to the fire for the argument for firms to invest in risk analytics systems that are capable of producing a more forward looking approach to risk assessment.

Overall, the use of internal controls and systems to support the risk function should provide “comfort” that the financial and management information it is receiving is “reliable, timely and complete”, notes the BCBS. The idea of a more holistic approach to risk management across a group also entails the need for a more joined up risk management system. The BCBS paper states that the board of the parent must have “appropriate means” to monitor that each subsidiary is in compliance with all of the applicable governance requirements.

The regulatory body also notes that as financial institutions change over time, so too should their risk management systems. They should therefore: “keep pace with developments such as balance sheet and revenue growth, increasing complexity of the bank’s business or operating structure, geographic expansion, mergers and acquisitions, or the introduction of new products or business lines”.

All of this has a price tag, however, and the BCBS paper indicates that the board should take all of this into account when allocating resources. “A bank should ensure through its planning and budgeting processes that the risk management function has adequate resources (in both number and quality) necessary to assess risk, including personnel, access to information technology systems and systems development resources, and support and access to internal information,” says the paper.

The question of data quality is an important one and BCBS suggests that the board should give “special attention” to the quality, completeness and accuracy of the data it relies on to make risk decisions. This data must also be available for communication to senior management in as timely a manner as possible; a call to action for investment in data management if ever there was one.

Related content

WEBINAR

Recorded Webinar: The latest on identifiers and standards in data management – LEIs, ISINs, CFI codes and more

Don’t miss this opportunity to view the recording of this recently held webinar. The concept of data standardisation is gaining ground as financial firms tackle mounting regulatory requirements while seeking to improve efficiency and reduce costs. Identifiers such as Legal Entity Identifiers (LEIs) and International Securities Identification Numbers (ISINs), and classification codes such as Classification...

BLOG

Cloud Data Protection Specialist Clumio Teams up with Microsoft 365

Clumio, a California-based cloud-security start-up focusing on software-as-a-service (SaaS) for enterprise backup, has added Microsoft 365 to its secure backup-as-a-service, providing organisations running Microsoft 365 with a globally consolidated data protection service as the global coronavirus pandemic sees a rapid increase in ransomware attacks and email scams. The two-year old company, which in December 2019...

EVENT

Data Management Summit London

Now in its 10th year, the Data Management Summit (DMS) in London explores how financial institutions are shifting from defensive to offensive data management strategies, to improve operational efficiency and revenue enhancing opportunities. We’ll be putting the business lens on data and deep diving into the data management capabilities needed to deliver on business outcomes.

GUIDE

Preparing For Primetime – How to Benefit from the Global LEI

They say time flies when you’re enjoying yourself, and so it seems the industry have been having a blast with its preparations for the introduction of the global legal entity identifier (LEI) next month. But now it’s time to get serious. To date, much of the industry debate has centred on the identifier itself: its...