effective risk data aggregation & risk reporting - … · 1 effective risk data aggregation...

1

Effective Risk Data Aggregation & Risk Reporting

Presented by:

Ilia BolotineHead, Adastra Business Consulting (Canada)

2

The Evolving Regulatory Landscape in Risk Management

A significant lesson learned from the global financial crisis:

Banks’ information technology and data architectures were inadequate to support the broad management of financial risks

Better understanding of the risks and the introduction of new regulations will drive changes in the Risk Operation mandates and capabilities at banks

Challenges for Financial Institutions

■ Visibility of consolidated risk exposure

■ Inability to oversee risks

■ Financial stability of banks and financial

system

Response of Regulators

■ BCBS Principles and reporting

■ Increased regulatory supervision oversight

3

An increasingly complex regulatory environment

FATCAUS anti-tax evasion

Regulation WTransfer Pricing

Asset/Liability Management

Basel IIIMarket & Liquidity Risk

Basel IICredit & Operational Risk

RDARR-BCBS239Risk Data Aggregation and Risk Reporting

Dodd-Frank/Volker Rule

Local privacy

regulations

AML/KYC/Fraud Management

CRM IIDisclosure

CRSGlobal anti-tax evasion

4

• Governance applied to RDARR & risk reporting

• Data & IT Architecture supports RDARR

• Adaptable RDARR infrastructure

Governance & Infrastructure

• Accurate & reliable risk data

• Completeness (all material risks)

• Timeliness of RDARR

Risk Data Aggregation

• Accuracy

• Comprehensiveness

• Clarity & Usefulness

• Frequency

• Distribution

Risk Reporting Practices

• Supervisory Review

• Timely Remedial Action

• Home / Host Co-operations

Supervisory Review

No Action Required

for Banks

RDARR Requirements formalized in BCBS 239 Principles

Introduction of Principles to Improve Risk Data Aggregation

6

Ownership & StewardshipRDARR Governance Processes (1/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting

DQ Exceptions Management

Data Cleansing

Data Standardization

Reference Data Management

Data Steward Portal

Data Steward Workflows

Data Classification, Metadata

Ownership & Stewardship

Data Lineage

RDARR Use Cases• Board & senior management support for data

quality risk management • Periodic review of risk reporting framework

DefinitionAssigns all relevant data assets to owners and data stewards, who are accountable for ensuring data assets are properly managed. This includes responsibility and decision rights regarding data definitions, classification, quality controls, and usage.

7

Data Classification, MetadataRDARR Governance Processes (2/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Single authoritative source for each type of risk• Enhanced SLA for risk data-related processes• Firm’s policies on data confidentiality, integrity and

availability• Firm’s policies on data consumers and usage

governance

DefinitionEnumerates all relevant data assets, classifies them from the perspectives of security, privacy, retention and usage, and collects and maintains metadata about them.

8

Data LineageRDARR Governance Processes (3/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Maintain data lineage throughout the data cycle;

from source through risk calculations and aggregation

DefinitionEnsures full data lineage is collected and maintained for every data element, including its origination, storage location in each data repository, as well as all transformations, amendments, and derivations applied to it.

9

Data ProfilingRDARR Governance Processes (4/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Ensures the availability of data is known and can be

supported• Higher degree of automation to reduce the risk of

errors • Action plans to rectify poor data quality

DefinitionCreates, stores, and distributes data profiles for all relevant data sets. For each data element in a data set, data profiles include as a minimum: data availability, frequency distribution, uniqueness, pattern identification, range and outliers.

10

Data ValidationRDARR Governance Processes (5/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Robust, Accurate & Reliable controls surrounding

risk data • Risk Data Reconciliation• Single authoritative source for risk data per each

type of risk

DefinitionBased on a set of data quality business rules, data validation identifies data elements or records that do not pass a defined set of data quality standards. Data validation is the basis for enabling DQ reporting and DQ exception management.

11

DQ ReportingRDARR Governance Processes (6/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Appropriate balance between risk data, analysis

and interpretation, and qualitative explanations• Multiple level of risk reporting (i.e. Board, Senior

Management, Risk Committees etc.)

DefinitionBased on the outcomes of data validation, data quality reporting creates a set data quality dashboards and reports for review by the relevant stakeholders: executives, data owners and stewards, subject matter experts, etc. DQ reporting allows stakeholders to visualize the current DQ levels and trends.

12

DQ Exceptions ManagementRDARR Governance Processes (7/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Procedures for reporting and explaining errors or

weaknesses in data integrity• Processes to reconcile reports to risk data• Automated and manual edit and reasonableness

checks• Inventory of the validation rules

DefinitionA process and associated workflow that identifies records with data quality issues that need to be reviewed and manually resolved by a business SME or a data steward.

13

Data CleansingRDARR Governance Processes (8/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Procedures for resolving errors or weaknesses in

data integrity• Support business rules for continual data quality

improvement

DefinitionThrough a set of automated DQ business rules, data cleansing improves the quality of data in the relevant data sets. It may include removal of unwanted data or characters from data elements, filtering out erroneous or irrelevant records, etc.

14

Data StandardizationRDARR Governance Processes (9/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Processes to build standardized data• Inventory of the validation rules • Procedures for reporting and explaining differing

business rules, to maintain accurate risk calculations and data integrity

DefinitionData standardization conforms the data to a common standard, format, and list of values (e.g., address standardization or code value standardization). It allows data to be consistently aggregated and analysed.

15

Reference Data ManagementRDARR Governance Processes (10/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Processes to build standardized reference data,

across risk systems• Shared inventory of the reference data• Managed by Data Stewards

DefinitionReference data ensures uniformity, accuracy, common understanding, accountability and governance of shared core entities used in operational process and analytics. Reference data defines the set of permissible values to be used by other data elements.

16

Data Steward PortalRDARR Governance Processes (11/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Roles and responsibilities for both the business and

IT functions. • Tools to support the data steward role

DefinitionProvides a common, shared environment for carrying out the key data governance and stewardship activities related to direct data management, including: data quality reporting, exceptions management and reference data management.

17

Data Steward WorkflowsRDARR Governance Processes (12/12)

RDARR Governance

Processes

Data Profiling

Data Validation

DQ Reporting


Data Cleansing



Data Steward Portal




Data Lineage

RDARR Use Cases• Placement of adequate controls throughout the

lifecycle of the data• Defined processes to support the ongoing data

quality and stewardship of the data governance

DefinitionA number of data stewardship activities require a multi-step process and multi-stakeholder collaboration. Data steward workflows enable effective collaboration and allow for tracking and auditing the data stewardship activities.

18

Governance Processes applied to RDARR

• Building data quality improvements throughout, from detailed P&L reporting through to Executive reports– Robust, Accurate & Reliable controls surrounding risk data

• Ensure accuracy and completeness of the balance sheet into the reports– Risk Reconciliation to trading positions

• Provide timely access to risks and exposures, integrating multiple risk measures– Providing DQ-adjusted Risk Reports on a frequent basis

• Comprehensiveness implies full risk exposure, from each risk area– Inclusion of all material risk exposures in data aggregation , including off-

balance sheet

• Flexible and adaptable risk data aggregation – Ability to meet changing requirements for reporting

• Provide forward-looking risk exposures – Support areas where risks emerging or concentrated

19

Infrastructure approach

• Risk Management and Reporting is largely automated.– Current automated process needs to be amended to allow for

• Collection of metadata

• Establishing data lineage

• Establishing links to Data Quality processes

• Risk Management and Reporting is largely manual.– Current process needs to be re-built

Stemming from two current states of Risk Management

21

Dealing with RDARR Data Principles

Data Lineage

Data Quality Management

Metadata Management

22


Data Lineage


Metadata Management

23

Metadata Management

• Metadata management is the mechanism for correctly defining, integrating, and managing business, technical and operational metadata within an organization

• Types of Metadata

– Business metadata

– Technical metadata

– Operational metadata

Definition

24

Classes of Metadata to Manage

• Data Definition– Data stores (Databases, Files, Universes)– Generic (e.g. Corporate Data Dictionary, Corporate Data Model)

• Data Classification– By data domain– By source system– By business area– By security/access– Etc.

• Data Movement• Data Profiles• Data Quality Metrics• Report Definitions• Operational Metadata

– Process Execution Statistics– Report Execution Statistics

25

Data Domains, Classification

• Align data domains with organization’s view of its data assets• Review available metadata / data definitions

Data Domains

Customer Product

Investment

Mortgage

Credit

Employee OrganizationFinancial

(GL)

26

Data Definitions

• Description of the meaning of the data and constraints applied to it

27

Metadata Management Artifacts

• Data Models

• Database DDLs

• Data Integration Layer Architecture and Specifications, including file layouts and copybooks

• Business Intelligence Layer Architecture and Specifications, including semantic layer and report definitions

• Mapping Documents

• BI and DI tool repository structures

• Reference Data

• Job schedules

• Data Quality process architecture and rules, including DQ profiles

• Master data process architecture and rules

• Metadata Architecture and specifications, including Metadata tool repository structure.

28

Metadata ArchitectureFramework

29

Metadata Management

• Develop and baseline enterprise metadata management process

• Obtain and define metadata requirements.

• Determine the appropriate metadata architectural approach

• Identify and Establish Standards

• Establish Metadata Management Metrics

• Implement a Managed Metadata Environment

• Acquire, Integrate, & Populate Metadata Repository

• Provision Metadata

• Manage & Control Metadata Environment

Processes

30


Data Lineage


Metadata Management

31

RDARR Conceptual Data Flow

• Data lineage, traceability and audit on data element level is complex due to:– Complex multistep calculations involving multiple input data elements– Aggregations summarizing individual values from multiple input records– Conditional logic selecting input depending on other conditions

• The best practice approach is to instrument the RDARR solution:– Incorporate data traceability as part of the solution– Data lineage labels are stored and travel with the data– Underlying technology supports data traceability label maintenance

Data Lineage

Data IntegrationExisting Multiple sources of data

Data Aggregation

Reporting

32


Data Lineage


Metadata Management

33

Data Quality (DQ)

• How well does it represent the real world? – “The degree of excellence exhibited by the data in relation to

the portrayal of the actual phenomena”

• How well does it serve its purpose? – “The totality of features and characteristics of data that bears

on their ability to satisfy a given purpose”

• How well does it correspond to specifications? – “The conformance of data values to business requirements and

acceptance criteria”

• How well is it internally consistent?

• Does it possess quality characteristics?– “The level to which data possesses a set of desirable attributes –

accuracy, completeness, currency, validity, ...”

Definitions

34

Data Quality Attributes help measure, analyse, and compare DQ

• Also called Metrics, Measures, Characteristics, etc.

DQ Attribute Definition

Metric Definition

Accuracy Whether the data element contains a value representing the information as it exists in reality. For example a drivers license is verified against a reference source.

Completeness Whether the data values contain all required information. For a data element: Whether the data element contains a meaningful value. This

typically excludes values such as “N/A”, “ ”, “Unknown”, etc. For a set of data elements: Whether enough of the data elements are populated. For

example for a name to be complete the First and Last name need to be populated, but the middle name may be empty.

For a data set: Whether all of the relevant records are available. For example loaded from the source system.

Validity Whether the data element contains a value that satisfies an established set of constraints and rules. For example for a social insurance number to be valid it needs to contain only numbers and satisfy the checksum rules.

Currency/Timeliness Whether the data element contains values collected or verified recent enough to satisfy business needs.

Consistency Whether the values contained in a data element are consistent with the values in other data elements. For example age and date of birth, first name and gender, first name in system A vs. first name in System B.

Uniqueness Whether a data record describing a real world object is represented only once in a data set. For example there are no duplicate records representing the same person.

35

A Data Governance Program Institutionalizes DQM


• DQM Defined:– The set of practices, processes and technology solutions to

ensure the level of data quality is measured and managed to meet the expectations of knowledge workers and end customers

36

DQMExample of an Integrated DQM Solution

Exceptions

AutomatedData Cleansing

Source

DQ

Reports

Data Stewards

Target

DQ Validation (DQ rules)

37

DQM Applied to RDARR

• General rationale: Banks must maintain high data quality throughout the risk management process to ensure a complete and comprehensive view of the balance sheet– Result: Data quality across Risk Management will ensure

accuracy in business decisions– Result: Increase in DQ improves reliability of reporting

• Control processes need to be in place covering data quality remediation and reporting processes– Periodic review of reporting process– Explanation where known poor data quality exists; remediation plan– Data quality improves the data aggregation and ensures accurate

reporting

• Gives visibility to improvements in systems needed over time

39

Guiding Principles for CBA RDARR Measures and Thresholds

• Data Accuracy– Reports that accurately convey the risk data, based on CDE, number of invalid entries

and number of inaccurate internal loss events

• Data Completeness– Reports that capture all material risks across the enterprise; reconciled to the

authoritative source and number of inaccurate internal loss events

• Reporting Accuracy– Reports that convey risk data, reconciled and validated;

– number of report restatements and manual adjustments

• Data and Reporting Timeliness and Frequency– Up-to-date risk data generated on time and as per frequency required for risk reporting

– Reports that reflect the up-to-date risks meet on-time delivery expectations by the board

Credit RiskLiquidity

RiskMarket Risk

Operational Risk

The CBA reporting approach focuses on 4 key measurable Principles:

40

Measuring against CBA-established thresholds

• Direct result of Data Quality validations of Critical Risk Data Elements used in Risk Reporting.– Credit Risk – results aggregated by Retail and Non-Retail portfolios

– Liquidity Risk – results aggregated at Enterprise level

– Market Risk – results aggregated by Market, Non-Trading, and Counterparty risks

– Operational Risk – DQ validation applied to ILED data at Enterprise level

• Definitions of Critical Risk Data Elements are maintained as Metadata

• Data Lineage does not apply due to direct nature of the measurements

• Measures – G/Y/R percent of accuracy (by number of records and outstanding)

Data Accuracy

41

Measuring against CBA established thresholds

• Demonstrable ability to capture and aggregate all material risk data • Reconciliation of aggregated risk amounts against bank’s financials

(GL, etc.)– Definitions of Risks, data elements, and business rules used in calculations

have to be maintained as metadata– Data Lineage is applied to demonstrate Integrity of Completeness on both

sides of reconciliation equation

• Levels of aggregation– Credit Risk – results aggregated by Enterprise, Business & Government

and Consumer portfolios– Liquidity Risk – results aggregated at Enterprise level– Market Risk – results aggregated by Market, Non-Trading, and

Counterparty risks– Operational Risk – validation applied to ILED data at Enterprise level

• Measures – G/Y/R percent of coverage (by number of records and outstanding)

Data Completeness

42


• Reconciliation of risk amounts in reports against an authoritative source of risk data– Definitions of Risks, data elements, and business rules used in

calculations have to be maintained as metadata– Data Lineage is applied to demonstrate Integrity of Accuracy on

both sides of reconciliation equation

• Number of restatements – banks need to consider creating an automated system for generation and submission of risk reports

• Level of aggregation – enterprise • Measures – pass/fail or G/Y/R percent of availability,

depending on type of risk• Additional dimension – demonstrable automated DQ

processes applied to critical risk data

Reporting Accuracy

43


• Availability of Critical Risk Data and Reports, as measured against SLAs

• Banks need to consider creating an automated system for measuring SLAs

• Level of aggregation – enterprise

• Measures – pass/fail or G/Y/R percent of availability, depending on type of risk

Data and Reporting Timeliness and Frequency

44


Data Lineage


Plus: Enabling Technologies

Metadata Management

RDARR Governance Processes

45

Features of a RDARR Toolkit

• Capture Risk Data – Ability to capture source data for use within the RDARR

processes to be able to measure and assign values for RDARR metrics

• Business Rules Engine – Feature to assign key business rules to identify the

inputs for metrics within the RDARR requirements

• Calculate RDARR Metrics – Generate the RDARR metrics to support the

reporting requirements

• Generate RDARR Reports – Generate the RDARR metrics and be able to

present the results to be used at various levels within the organization and for publish to the regulators in appropriate format

• Track and Monitor Regulatory Reporting – the tool should be

able to track and measure the timeliness and frequency of the regulatory reporting, which will support the RDARR metrics

A Toolkit should have the following features:

46

Business Value of a RDARR Toolkit

• Accelerate RDARR compliance with CBA Measuresand Thresholds

• Business-focused rules engine for quick mapping to the RDARR deliverables

• Immediately identify all RDARR Issues and Risks in support of the measureable principles - ability to obtain a view of current RDARR compliance

• Quickly map all domestic, global and manual data sources into the RDARR toolkit for measures and thresholds

• Provide a complete and transparent RDARR implementation

47

Thank you

ADASTRA GROUP Europe

Karolinská 654/2

186 00 Praha 8

Prague, CZECH REPUBLIC

Tel.: +420 271 733 303

[email protected]

ADASTRA GROUP North America

8500 Leslie St., Suite 600

Markham, Ontario

CANADA L3T 7M8

Tel: +1 905 881 7946

[email protected]