Basel Committee Publishes Definitive Principles for Risk Data Aggregation and Reporting

The Basel Committee on Banking Supervision has published ‘Principles for effective risk data aggregation and risk reporting’, a final document based on an earlier version of the principles issued in June 2012 for consultative purposes. The document includes 14 principles grouped into four headline topics and states that global systemically important banks (G-Sibs) should start making progress towards implementing the principles early this year in time to meet the fully operational deadline of 2016. It also gives supervisors a wide remit to review and evaluate banks’ compliance with the principles.

Commenting on the document, Stefan Ingves, chairman of the Basel Committee on Banking Supervision and governor of the Sveriges Riksbank, says: ‘These principles are a significant step towards improving banks’ risk management capabilities and they will also contribute to G-Sibs’ resolvability, hence reducing potential recourse to taxpayers.”

The principles are set out under four headline topics: overarching governance and infrastructure; risk data aggregation capabilities, risk reporting practices; and supervisory review, tools and cooperation. They are broken down into detailed requirements and have the stated objectives of strengthening banks’ risk data aggregation capabilities and internal risk reporting practices to enhance risk management and decision-making processes.

While the Basel Committee’s overriding aim is to improve banks’ ability to cope with stress and crisis situations, the document also notes the potential of the principles to enhance banks’ status, stating: “Strong risk management capabilities are an integral part of the franchise value of a bank. Effective implementation of the principles should increase the value of the bank. The committee believes that the long-term benefits of improved risk data aggregation capabilities and risk reporting practices will outweigh the investment costs incurred by banks.”

The deadline for G-Sibs identified by the Financial Stability Board (FSB) in November 2011 or November 2012 to implement the principles in full is the beginning of 2016 at the latest. G-Sibs designated in subsequent FSB annual updates will need to meet the principles within three years of their designation. Extending its influence beyond G-Sibs, the committee document goes on to state: “It is strongly suggested that national supervisors also apply these principles to banks identified as domestic systemically important banks (D-Sibs) by their national supervisors three years after their designation as D-Sibs.”

In terms of the scope of the principles, the document says they apply to a bank’s risk management data, including data that is critical to enabling the bank to manage the risks it faces. The document states: “Risk data and reports should provide management with the ability to monitor and track risks relative to the bank’s risk tolerance/appetite.”

The principles also apply to key internal risk management models, including but not limited to, Basel Pillar 1 regulatory capital models, such as internal ratings-based approaches for credit risk and advanced measurement approaches for operational risk, and Pillar 2 capital models and other key risk management models, such as value at risk. Risk management processes, including any that are outsourced to third parties, must also comply with the principles.

The supervisory role related to the principles comes into play straight away, with national banking supervisors discussing banks’ analysis of risk data aggregation capabilities with senior management and agreeing to timelines for required improvements early this year. Further down the line, supervisors will periodically review and evaluate banks’ compliance with the principles, and can test a bank’s compliance by requesting information on selected risk issues within short deadlines. Ultimately, the document states: “Supervisors should have and use the appropriate tools and resources to require effective and timely remedial action by a bank to address deficiencies in its risk data aggregation capabilities and risk reporting practices. Supervisors should have the ability to use a range of tools, including Pillar 2 [the capital adequacy assessment process].”