Embed Size (px)
Citation preview
A S NA P SHO T O F B C B S 2 3 9
BCBS239
PRESENTEDBY:LEWISADAMS,MBA,CISA,
CRISC,CGEIT,[email protected]
BACKGROUNDOFBCBS239…
AsaresultoftheGlobalFinancialCrisisof2008,BCBSiniMatedabankingregulatoryframeworktoachievethefollowing:
Ø Ensureorincreasecapabilityofbankstomoreadequatelymeasureandmanageriskbyleveragingdata
Ø Morerobustdataadequacy1insupportof:- DecisionMaking
- StrategyFormulaMon
- ReporMng
Ø CompanyleadershipcanbeXermanagecompanywideriskandbyextensionregulatorscanbeXermanageindustrysystemicrisk
1AccordingtoareviewpublishedbyMcKinsey&Company–June2015,beyondBCBS239,ahostofothercriMcallyimportantregulatoryitemswillhaveimplicaMonsforriskandfinancedataandtechnologyinbanks(e.g.,ComprehensiveCapitalAnalysisandReview–CCAR,ComprehensiveLiquidityandReview–CLAR,AssetQualityReview–AQR,StressTesMng,AnalyMcalCredit,andSupervisoryReviewandEvaluaMonProcess-SREP
BCBS239-EXPLAINED…
GloballySystemaMcImportBanksandFinancialInsMtuMons
Has4secMonsand14underlyingpillars
Willenablecompanyleadersandregulatorstoreviewandmanagerisksinthemarketplace,intandem,toensurestabilityinthemarketplace
FrameworkadopMonandimplementaMontobemonitoredthroughSystemImplementaMonGroupandupdatedannuallybytheFSB
BCBS239–4SECTIONS…
BCBS239
IOverarchingGovernance
andInfrastructure
IIRiskData
AggregaMonCapabiliMes
IIIRiskReporMng
PracMces
IVSupervisory
Review,Tools,and
CooperaMon
MAPPINGTHEROUTETOBCBS239FRAMEWORK…
BankOverarchingGovernanceandInfrastructure
BankRiskDataAggregaMonCapabiliMes
BankRiskReporMngPracMces
BCBS239
Regulators
SupervisoryReview,Tools,andCooperaPon
BCBS239TIMELINE…
2016–Q1Deadline
2015–Q4Tac+calImplementa+on
2013–Q3DefineStrategy
2013–Q2SelfAssessments
PILLARI–OVERARCHINGGOVERNANCEANDINFRASTRUCTURE…
Principle1–Governance,consistentwithBaselstandards
• Enhancedataqualitymanagement• EnhanceriskdataaggregaMoncapabiliMes• EnhanceriskreporMngpracMces
Principle2–DataArchitectureandITInfrastructure
• ConsiderriskdataaggregaMonandriskreporMngrequirementsinBusinessImpactAssessmentsandBusinessConMnuityPlanning
• Design,build,andmaintaindataarchitectureandtaxonomies.Ensurebothsupportad-hocandBAUreporMngrequirements
• DataownershipanddataqualityrisksandcontrolsshouldbefactoredintoRoleandAccessManagementpracMces
PILLARII–RISKDATAAGGREGATIONCAPABILITIES…
Principle3–Accuracy&Integrity• AccurateandreliableBAU/Ad-Hoc/Crisisriskdata• AutomatedriskdatageneraMonandaggregaMon• ReconcileriskandaccounMngdata,whereappropriate• RiskaggregaMonprocessdocumentaMon
Principle4-Completeness• Captureandaggregatematerialriskdata• Abilitytodissectandreviewriskdatabylineofbusiness,legalenMty,assettype,industry,region,product,etc.–(SeeAppendix1)
Principle5-Timeliness• Abilitytogenerateup-to-dateriskdatainaMmelymanner• *Whilecoveringotherprinciples(accuracyandintegrity,completenessandadaptability)
Principle6–Adaptability• Abilitytocatertodynamicinternalandexternalrequirements
PILLARIII–RISKREPORTINGPRACTICES…
Principle7–Accuracy• Accurateandpreciseriskreports• Reconciledandvalidatedriskreports
Principle8-Comprehensiveness• Captureandcoverallmaterialrisks• Depthandscopeofreportsconsistentwithbank’sprofileandcomplexity
Principle9–ClarityandUsefulness• ClearandconcisereporMng• Balancebetweenriskdata,analysis&interpretaMon,andqualitaMve
Principle10–Frequency• SetcontextspecificfrequencyofriskreportproducMonanddistribuMon
Principle11–DistribuMon• DistributereportstorelevantparMes• EnsureconfidenMalityofreports
PILLARIV–SUPERVISORYREVIEW,TOOLS,ANDCOOPERATION…
Principle12–Review
• PeriodicreviewtoensureadherencewithPrinciples1thru11
Principle13–RemedialAcMonsandSupervisoryMeasures
• Shouldhaveandusetools(i.e.,PillarII)andresourcestorequireabanktoremediatedeficienciesinriskdataaggregaMoncapabiliMesandriskreporMngpracMces
Principle14–Home/HostCooperaMon
• Cross-jurisdicMonalcooperaMonamongstsupervisorsregardingimplementaMonandremedialacMon(s)
RiskAXribute Examples
RiskType OperaMons;Country;ReputaMonal;Strategic;Financial
Reports ReportDefiniMon;LinkagetoAudience
Audience Internalvs.External;BusinessUsers
RiskModels ModelDefiniMon;Materiality;LinkagetoRiskType
Metrics Materiality
Dataelements Materiality;LinkagetoMetrics
Processes Linkagetoreports;byrisktype
BusinessUnits ByRiskType;Sourcevs.Point(s)ofAggregaMon
LegalEnMMes RegulatedbyEnMty;Materiality;%Ownership
APPENDIX1–RISKDATAATTRIBUTESANDPARAMETERS…
