Michael Shashoua: Stressing the Stress-Test

The Basel Committee on Banking Supervision (BCBS) report on the progress of compliance with its BCBS 239 risk data aggregation principles, issued in January, includes a statement that global systemically important banks (G-SIBs) are still having difficulty with data aggregation governance, architecture and processes, according to a comparison of results of surveys conducted for 2013 and 2014.

That's not for lack of trying, however, because firms are saying they've been devoting more resources to data management for stress-tests mandated under BCBS 239, according to a survey of risk professionals conducted by Moody's Analytics. They are either automating the stress-testing process, or are planning and developing systems for automation.

The BCBS report makes recommendations about what G-SIBs and all firms should do to be more prepared for the implementation of BCBS 239 principles by 2016. Those recommendations, however, are along the lines of instituting guidance and doing self-assessment, which falls short of concrete calls to action ─ in effect, not much of an advance beyond attempting to automate the process.

How to Aggregate
Certain industry experts say there should be no half measures if firms really want to pass the stress-tests prescribed in the BCBS 239 principles. In a recent webcast, John Eliseo, head of data modeling at Thomson Reuters, said firms have to define a set of policies for risk data aggregation, and be certain that there is only one way information should flow. Any data outside of that flow won't be supported and is at the user's own risk.
"Different systems are doing different things and you have to bring the information together to do any sort of analysis on it," Eliseo said. "The ideal is a system that is already integrated and connected, that ‘tends to just snap together like Lego.'"
Complete information sets can be scrutinized in any way a user wants, added Eliseo. As this suggests, data architecture, with consistent supporting data dictionaries, is an important basis for risk data aggregation.

Thomson Reuters began developing BCBS 239 compliance services by looking at data content in the aggregate, according to Eliseo, who adds that his group moved away from keeping duplicates of entity data, toward a core set of shared entity information, usable throughout the content ecosystem. Data aggregation can be done either with a single data repository or by using technology to build a federated model using layers on existing databases to feed into a single data model.

The BCBS report makes recommendations about what G-SIBs and all firms should do to be more prepared for the implementation of BCBS 239 principles by 2016.

Out With the Old
The first step, which is one that many have not yet taken, is freeing oneself from legacy systems, says John Bottega, principal at Data Management Advisory Services and a senior advisor to the EDM Council, a co-sponsor of the webcast.
"The first need is simplification ─ identifying and prioritizing what the most important data is," he said. "Start to extract that from the plethora of legacy environments."
Trying to alter a legacy system is too cumbersome, according to Bottega: "So we reverse-engineer from critical functions and data back to its source," he said. "This creates the methodology and approach."

Consolidating data and eliminating outmoded data management systems are concrete actions that the industry can take to better handle risk data aggregation and pass annual stress-tests. Although BCBS 239 charges G-SIBs with the directive to better control information management, the BCBS itself ─ the architect of the principles ─ falls short of prescribing decisive measures. Firms are aware of the problem and are evidently devising solutions, as explained by Eliseo and Bottega, but it remains to be seen if they will succeed ─ and if BCBS's next year-end report will be more promising, heading into 2016.