Banking Newsletter - March/April 2014

This edition covers local and global regulatory developments, using social media for customer engagement and the latest in real time payments.

Banking Newsletter

Banking Newsletter back-issues

View previous issues of KPMG's Banking Newsletter.

Banking Newsletter - March/April 2014

Reinforcing risk data infrastructure 

One of the main features of the financial crisis was that it revealed the inadequacy of banks’ risk data systems and processes. This had serious impacts both on managements’ ability to understand and manage risk, and on regulators’ attempts to maintain liquidity and limit contagion. Regulators are now seeking to instil more responsible and effective practice.

Banks need to review, and improve, their risk infrastructure. But there are benefits to be obtained which should outweigh the costs.

Over the years, management systems in banks – and other financial services companies – have had to cope with increasing regulatory requirements, new corporate structures, new products and operating models.


As with other infrastructure, systems for the collection, aggregation and analysis of risk data have typically developed in an incremental fashion, with different modules, incompatible data and a range of ad hoc processes.


In many cases, these systems have become so unwieldy and unstable that they are failing in their core purpose. Relevant data is missing or inadequately analysed, often resulting in the formation of 'reconciliation industries' within the organisation as data is passed between a multitude of systems across inconsistent integration mechanisms.


The extent to which these reconciliation industries have evolved within organisations is often underestimated and rarely quantified in terms of productivity loss. Risk data is being provided too late to influence the trading and operations which should depend on it. Responsible management and supervision are both compromised while operating costs are inflated unnecessarily.


Increasing regulatory attention

Regulators have become increasingly concerned about the implications of these inadequate or misleading risk data systems. Their shortcomings were exposed at the height of the financial crisis when regulators asked for up-to-date assessments of risk and exposures.


Many institutions were unable to provide the data required, or found themselves coordinating a massive manual and ad-hoc intervention to assemble the data demanded of their management teams and regulators. Major market participants could not extract the necessary information quickly enough to understand the location and extent of risks and exposures. This was one major cause of the catastrophic collapse of confidence in the global financial system.


As a result, regulators are now focusing not only on the results and outcomes of risk figures but also on the machinery and processes behind them. In 2009, the Basel Committee on Banking Supervision (BCBS) issued supplemental Pillar 2 (supervisory review process) guidance designed to enhance banks’ ability to identify and manage bank-wide risks;1 and in 2013 the Committee published a set of principles to strengthen risk data aggregation capabilities and internal risk reporting practices, along with guidance on their implementation.2


The Principles, which provide qualitative and quantitative measures, cover four key areas:

  • Importance of boards and senior management exercising strong governance over a bank’s risk data aggregation capabilities, risk reporting practices and IT capabilities.
  • Accuracy, integrity, completeness, timeliness and adaptability of aggregated risk data.
  • Accuracy, comprehensiveness, clarity, usefulness, frequency and distribution of risk management reports, including to the board and senior management.
  • The need for supervisors to review and evaluate a bank’s compliance with the first three sets of principles listed above, to take remedial action as necessary, and to cooperate across home and host supervisors.3


Key issues

Where banks have undertaken systematic analysis and testing of their current processes, the results have often been illuminating: in certain cases, it has revealed that compiling a comprehensive group-wide set of risk figures has been taking up to 60 days. The larger and more complex a bank, the more likely it is that risk data is incomplete, inadequate or out-of date, particularly on an aggregated and global level.


Banks may have all of the information, but it’s often inefficiently stored, inconsistently formatted, poorly integrated and difficult to interrogate. Senior management should be aware of the risk of ‘flying blind’, especially in extreme events, and of taking and implementing decisions in the absence of reliable risk metrics.


It is critical, therefore, that financial services firms review the strength and effectiveness of their risk data architecture and systems.


There are four key issues which need to be addressed:


  • Efficiency: very often, data resides in different silos, owned by different functions (markets, risk control, finance, back-office), all with different attitudes and approaches to data management. With multiple systems and incompatible data, risk professionals spend too much time and effort on data aggregation, reconciliation and analysis and too little time on applying the results to risk management and decision making.
  • Flexibility: it is important to be able to react quickly to market events in terms of preparing scenario analysis and reports which are not in the standard set up. Similarly, the flexibility to react rapidly to regulators’ requests for reports and data without a huge amount of manual work is also important.
  • Quality: with multiple, discrete systems, the quality of data is degraded by incompatible definitions, inconsistency, incompleteness and duplication. Very often, efforts at data cleansing are only partially successful. With poor quality data, the effectiveness of risk management can be seriously compromised.
  • Ownership: too often, ownership of risk data is shuffled uneasily between the control function and the IT function, with senior management taking little direct responsibility. Without a clear structure of governance and ownership there is no accountability and no prime commitment to quality.


Improvements and benefits

This review of common problems naturally also suggests the scope for improvement, and the value that can be obtained from effective  risk data aggregation, storage and analysis. The ability to consolidate and synchronise all relevant risk data can lay the foundation for a more overarching and consistent analysis, enabling better business management, better risk management and optimised operating models. Leading banks appreciate the potential benefits, and are working to strengthen the contribution of effective risk management to business judgment and corporate strategy.


High-quality and quality-assured risk data should lead to improved decision-making, greater confidence and more stable strategy. With greater confidence in data validity, risk IT architecture can be streamlined, leading to efficiencies in both routine operations and in maintenance and development.


In turn, these benefits offer improved ability to respond quickly and effectively to changes in corporate strategy, operating environment or indeed regulatory demands. If regulators have greater confidence in a bank’s risk data and the aggregation machinery underlying it, the whole regulatory compliance system can become simpler and less challenging.


Improved data aggregation can bring direct economic benefits and reduced capital requirements. Currently, for example, a significant proportion of a bank’s collateral contracts are ineffectively captured, and so cannot contribute to risk-weighted capital calculations. More comprehensive and accurate data aggregation methodology can bring this into the equation.


Systems for transmitting and reporting risk data need to be built into any improved data aggregation framework, since its value is dependent on the ease and timeliness with which senior management can take the results into account. The same argument applies to communication with regulators, who will value rapid and accurate regular reporting as well as a speedy response to ad hoc requirements.


Achieving the benefits requires moves towards greater standardisation, common data models, integrated systems and in some circumstances consolidated data warehouses. These initiatives need to be defined and implemented in ways which balance costs and potential benefits. But since the results should include increased confidence, reduced potential for loss, efficiency gains and increased profits, significant effort and expenditure can often be worthwhile.



Risk data aggregation and reporting are too important to be left to the risk function or – more seriously – IT professionals. Regulators are demanding better performance; but equally, senior executives and boards will derive significant benefits from improving their risk infrastructure and processes. However, this is not a simple or straightforward challenge. Success requires fundamental changes in the way core functions operate, with significant potential consequences for organisation and processes. Inevitably, this can be expensive. However, effective renovation of the risk IT infrastructure is a strategic investment which can not only satisfy regulatory demands but also lead to competitive advantage.


Responsible governance therefore requires that these issues are given appropriate strategic attention at the highest levels.



1 Basel Committee on Banking Supervision (BCBS), Enhancements to the Basel II framework July 2009, BCBS158,
2 Basel Committee on Banking Supervision, Principles for effective risk data aggregation and risk reporting, BCBS239, , January 2013
3 For more detailed discussion, cf BCBS 239 – another technical paper, or a fundamental challenge for the industry?, Journal of Business Compliance, forthcoming.


From KPMG’s Frontiers in Finance / March 2014.


Mike Ritchie

Partner in Charge, Financial Risk Management

+61 2 9335 8251

Sascha Chandler

Partner, Financial Risk Management

+61 2 9455 9596

Share this

Share this

 In this issue

Risk, trading and treasury systems in financial services

Risk, trading and treasury systems in financial services
Financial services institutions are seeking new approaches to managing the increasing demands on their risk, trading and treasury systems.