© Copyright 2019 marcus evans. All rights reserved.

For all enquiries regarding speaking, sponsoring and attending this conference contact:

Yiota Andreou
Email: Yiotaa@marcusevanscy.com
Telephone: +357 22849 404
Fax: +357 22 849 394


More Information

8th Edition 
Risk Data Aggregation and Risk Reporting  

24th – 26th April 2019
De Vere Holborn Bars, London, United Kingdom 

How do GSIBs and DSIBs differ in their priorities and structures with regards to risk data aggregation and reporting?

It’s worth stating up front that the FSB (Financial Stability Board) set the GSIB (Global Systemically Important Bank) designations based upon the scale and degree of influence large banks have in global and domestic markets. They have been publishing lists of GSIBs since 2011 whilst individual countries are left to maintain their own lists of DSIBs (Domestic Systemically Important Banks) but this isn’t observed consistently across the board.

In general, the designations allow for a stricter set of regulatory requirements to apply. For example, any G/DSIBs headquartered in Europe or the USA must provide a yearly Resolution Plan to their supervisor. In addition, there are also implications with respect to CET, AT1 and T2 capital requirements.

With respect to BCBS 239 priorities for banks are different only up until the designation is made but even then, the matter isn’t clear. For instance, those under supervision from the PRA (Prudential Regulatory Authority) have 3 years to become compliant with the principles once designated a DSIB. However, the MAS (Monetary Authority of Singapore) expects all of its DSIBs to become compliant by the end of this year whilst in some other jurisdictions the supervisor does not mandate BCBS 239 compliance at all (yet) for DSIBs.

Where you have a global bank which is designated a GSIB at the group level but can be comprised of DSIBs at the country level, the strategy for compliance may simply be to adopt the compliance state of the group. Some supervisors however would require compliance to be demonstrated using local capabilities. This would genuinely mean a “fresh start”. Therefore, the priority for a pre-D/GSIB would be to prepare for the eventual need to become compliant at some point in the future. It would be prudent to establish data management principles, automate as much as possible and establish clear accountability for data aggregation and reporting. 

What can DSIBs learn from the example of GSIBs, who started their BCBS 239 initiatives significantly earlier?

A lot! There are a number of areas that can be touched upon but here are a few examples:

Ensuring the correct positioning of the programme – is it a risk programme, a data programme or an IT programme? Some GSIBs started in risk and then brought in their IT organisations given the emphasis of technology under Principle 2. They also sought to include Chief Data Officers given the primary focus on data quality (timeliness, accuracy and completeness) however, I’d argue strongly that the latter two functions are purely enablers and that any DSIB seeking to establish a BCBS 239 programme does so from within the risk organisation.

Linked to this is the need to involve senior risk managers, Risk Stewards and CROs (Chief Risk Officers) and potentially their counterparts in the finance and data organisations from the beginning. Giving them a seat at the table during compliance delivery makes sense as they would ultimately be accountable for ensuring ongoing compliance within BAU operations.

Scope setting is vitally important in terms of the choice of metrics to apply the principles to e.g. global metrics vs. local metrics vs. “sub” metrics. This also applies to process e.g. do you focus on just risk and finance processes or do you extend coverage to start from the point of data provenance i.e. upstream business processes that feed data into the calculation of risk metrics.

Of course underpinning the directive is the need for technical infrastructure which will enable the institute to meet its aggregation targets during stressed and normal times. It’s important to have a clear baseline and to ensure that change management either improves or maintains levels of functionality determined via risk appetite.

Finally, one part of BCBS 239 which has proven to be quite tricky is the demonstration of “integrated taxonomies” typically branded as lineage. Do they approach lineage from a physical perspective (table > field level) or conceptually (logical data elements). I’d argue that taking a top down approach to this is wise as it means focus can be placed on not only what data supports metric production today but also additional data requirements and overlaps in data use.

What are the main priorities and challenges for GSIBs in terms of moving beyond BCBS 239 and looking to optimise risk data governance and management?

Many GSIB have either closed out or close to closing out their BCBS 239 programmes. Beyond this the chief priority for them is to ensure that their compliance state is actively and periodically monitored and that controls are implemented in all the key change management processes of their institutes (e.g. IT, business, entity, structural) to ensure impact to compliance is not adversely affected. They should also consider staying abreast of key developments in the industry as a driver to improve their compliance state.

The challenging bit is going to be keeping people engaged post-programme. Far too often regulatory programmes are considered to be done once transitioned to BAU operations at which point, other competing priorities take president. This can lead to a rapid degradation in compliance. Where BAU controls and responsibilities are implemented the dialogue can continue. Specifically, it’s vital to ensure independent validation is established to actively monitor compliance state.

What would you like to achieve by attending the 8th Edition Risk Data Aggregation and Risk Reporting conference?

It’s primarily an opportunity to exchange insight with experts in the field and hopefully obtain a sense of direction from the regulators in attendance (within reason).

An interview with:

Randeep Buttar

Head of Data Change and Strategy at HSBC

As the 1st January 2019 deadline for BCBS 239 is closing in on DSIBs it becomes clear that none will be fully compliant, especially since implementation plans are expected to run till 2020. When it comes to the GSIBs, the January 2016 deadline has already come and gone - but where has this left things? Most GSIBs are now materially compliant, working towards being fully compliant, but it is difficult for all banks to understand what exactly being fully compliant means when the risk data aggregation and reporting regulation is principles based, with not only one way to deal with it. Progressing towards full compliance is tricky with a big regulation impacting more than just reporting, but also data management in the both risk and finance departments (the fundamental areas of a bank). At this point in time banks will be looking to confront self assessment of what they have implemented in order to improve processes but it is difficult to know exactly what the regulators want when Basel and ECB are not agreed on their views of BCBS 239 implementation. With this in mind, in this marcus evans conference we will look at the continued efforts placed to achieve sustainable and full compliance of BCBS 239 with focus on data lineage, taxonomy and consistency.

To view the Conference Agenda, click HERE! 

Follow us on Social Media!

About the conference

What can DSIBs learn from the example of GSIBs, who started their BCBS 239 initiatives significantly earlier?

We would be delighted to provide you with more information on the conference agenda.  Please fill in your details below and we will be in touch.

Founder and CEO of Compliance as a Service Ltd and also Interim Head of Data Change (Risk and Finance) at HSBC. Randeep has over 15 years’ experience delivering service, people, process, data and technology capabilities across multiple sectors. Most recently he has been responsible for group-wide BCBS 239 (Risk Data Aggregation and Risk Reporting) compliance delivery at HSBC.

To view the Conference Agenda, click HERE! 

Double-click to edit this text

Fix the following errors: