26th June 2014, Brussels: The European Banking Authority (EBA) has just released a consultation paper pertaining to the sequential approach of the Internal Ratings-Based (IRB) approach to capital requirements for credit risk. This paper also covers the limited permanent use under the Standardised Approach (SA) (Articles 148 (6), 150 (3) and 152 (5) of the EU Regulation 575/2013 under the Capital Requirements Regulation (on prudential requirements for credit institutions and investment firms).
Following its release, the EBA is inviting proposals, particularly relevant questions and/or points the body should take into consideration up till the 26.09.2014, following which it will subsequently submit the draft Regulatory Technical Standards (RTS) to the commission by the 31.12.2014. The Authority, following analysis of potential pegged costs as well as associated advantages, has also requested the option of the Banking Stakeholder Group (BSG) as per Article 37 of Regulation (EU) 1093/20102.
Supplementing EU Regulation 575/2013, this consultation paper assumes that specific exposure categories may be treated under the Standardised Approach permanently, depending on a predetermined subset of criteria (materiality of size and risk of the exempted exposures). This permanence will also prevail in situations where technical or operational difficulties are encountered during the deployment of the IRB approach. As a general rule of thumb, the paper advises that “competent authorities should ensure that the higher the potential for underestimating the risks stemming from its design, the quicker this potential should be reduced.”
The adoption of this regulation is sectioned into the following facets:
Article 1 defines the General principles related to all the relevant ‘exposure values’ and their associated ‘risk-weighted exposure amount’. Specifically, a) equity exposures as referred to in Articles 133 (1) and 147 (6) of Regulation (EU) No 575/2013 and b) all exposures for which the institutions have received permission to apply the Standardised Approach on the basis of Article 150 (1) (d) to (f), (i) and (j) of Regulation (EU) No 575/2013.
Article 2 defines the conditions of application of points (a) and (b) of Article 150(1) as per Regulation (EU) No 575/2013, related to conditions such as the aggregate threshold of 8% of all exposures as well as the aggregate risk-weighted exposure amount assigned to the class similarly does not exceed 8%; as well as the consideration to counterparties being materially significant (>= 10% total exposure of the institutions eligible capital). Article (2) also takes into consideration accessibility and availability of information, cost of developing the said ratings system as well as the institution’s operational capability to determine suitability for such rating-system implementation.
Article 3 treats the relevant conditions of point (c) of Article 150 (1) insofar as to application the SA being limited to classes or exposure types whose magnitude as well as risk profile is considered immaterial.
Article 4 deals with the specific conditions according to which competent authorities shall determine the various characteristics as well as scheduling of the successive IRB rollout. Contained within Article 148 (3) of the regulation, this consultation paper advises that (competent authorities) “shall ensure that the higher the potential for underestimating the risks, the quicker this potential shall be reduced” as well as sets forth a series of conditions that need to be adhered to insofar as permission being granted to apply the IRB approach. These include total exposure value and total risk-weighted exposures >= 50% of the set relevant exposures. Following the inclusions of the IRB Approach for a particular exposure class, Article (4) also states a set of considerations the EBA will take into account for an institutions’ rollout timing. These incorporate the availability of time series data, the institutions capability, acumen and preceding experience in developing the rating system as well whether there are occurrences of tied affiliates to the institution who are not subject to Regulation (EU) No 575/2013 or to the corresponding respective country’s legislature.
Article 5 decrees that the regulation shall come into force on the twentieth (20th) day following “its publication in the Official Journal of the European Union”
EBA Consultation Paper – Deadline 26th September 2014
Regulation (EU) No 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012
Back to News

A BI vendor surveyed banks in in December 2013 in Europe, North America and Asia-Pacific to explore data governance initiatives, highlights the need for Board-level representation and ownership to ensure that data governance frameworks meet the business objectives. Data governance has become more important following the global financial crisis, yet over two thirds (63%) of financial industry executives do not consider it to be a Board-level issue. .
The study also showed that one third (31%) of financial institutions do not have defined roles and responsibilities in the data governance space. despite the many business drivers for data governance in the financial world.
Achieving regulatory compliance and r educing regulatory risk .was recognized by 94% of banking executives as a business driver, followed closely by ensuring data consistency across the enterprise (88%) .and improving transparency of financial data and information (63%). Why the change of heart?
The Basel Committee on Banking Supervision’s BCBS 239 principles paper was introduced to transform the way risk data management and reporting is carried out internationally. It requires that be underway to meet their January 2016 deadline.
Originally released for comment in June 2012, the 14 principles of BCBS 239 cover a lot of ground, addressing areas ranging from IT infrastructure and governance arrangements, to the way that risk management departments generate ad hoc reports.
The BCBS 239 principles also affect G-SIBS (those subject to additional capital requirements), and additional D-SIBS requirement defined by local central banking authorities, who will only have three years to meet compliance.
The list of principles may seem overwhelming, and time is running out. Covering everything from IT infrastructure to governance and timeliness, the principles are an opportunity for firms to renovate, innovate, and proof their business with the most effective people and processes in place.
Three questions, to help you decide on an action plan for compliance on schedule and to also support growth and productivity.
1. Current status?
What are your real Strengths and Weaknesses, Opportunities and Threats on data risk management compliance?. In future supervisors will require documentation and proof, and this means you need a formal system and processes.
2. Which IT systems do you use now – are those adequate?
Near real-time aggregated data is key for timely alert to risk. BCBS’s report, ‘Progress highlights that banks feel they do have a compliant with strong IT infrastructure and data architecture.
Is your technology efficient and effective? Scalable and agile?

3. Do you have the right people on the job?
Risk management comes down to people. Technology can maximize their essential productivity in processing data, and reduce errors with in-built validations and standard data transformation and aggregation , with comments, logs, version controls and audit trials, risk. Help them better to manage risk by turning data into timely intelligence with kpis to manage, report and inquire on information.
The BCBS 239 framework can be broadly categorised into 4 main pillars.
“Pillar 1 Governance and Infrastructure.”
Governance entails implementing appropriate organisational and process structures to ensure that risk aggregation receives the same strategic importance of any of the bank’s other business critical processes.
This encompasses day to day management structures and the senior management and C-level ownership of risk data.
This Pillar requires organisations to put in place the right kind of technology and process infrastructure, not only for risk aggregation requirements, but also to offer an extensible framework that will allow easy incorporation of newer forms of risk and sudden spikes in computation capabilities in stress or crisis scenarios.
Pillar 2 “Risk aggregation” .
A bank must ensure that it has in place the right capability and resources to provide:
◾Accuracy and reliability via data quality processes
◾Adherence to an “enterprise data dictionary”
◾Well documented unambiguous processes – either automatic or manual
◾Completeness in terms of data usage and coverage
◾Consistent latency for aggregating risk within agreed SLAs
◾Flexibility and adaptability to provide new aggregations easily
Pillar 3 “Risk reporting”
The supervisors will need to be confident confident that the bank has a suitable risk reporting infrastructure that is:
◾Accurate with appropriate data quality processes
◾Comprehensive – covering all the agreed risk across agreed organisational entities i.e. asset classes, organisational structures, locations, counterparties, etc.
◾Clear, intuitive and useful for the end users to easily comprehend
◾Available and refreshed at agreed frequencies
◾Distributed to the users using appropriate content distribution processes
Pillar 4 “Review, Collaborate and Act”
Timely reports on aggregated risk data should be available. Supervisors require appropriate means to review the aggregated risk output, to inquire further and to make any remedial changes as part of the workflow.
Data Accuracy
Another essential factor to consider is data accuracy. Most big banks tell us they still struggle with data quality issues. Large global banks are often the product of complex mergers, that involves its own set of data and technology challenges. Banks have multiple systems introduced often ad hoc for new revenue streams from different asset classes. The systems were never designed to capture the data in a manner to support the reporting required by regulators. There is often very little integration in the front office and there are often more than 50 systems and subsystems that hold data. Each desk has its own: trading, booking, pricing and reporting systems. New product are then built on those legacy systems and copy data from middle-office risk aggregation systems and may receive risk in more than one data channel for the same asset class,. Risk managers need to know what is the real risk and it is not practical to do this efficiently or in a timely manner form front office systems aggregate din Excel.
The completeness and quality of data in the back office is more important than the mathematics underlying risk calculations in the front office. If you don’t have the right information, at the right time about a position, (or don’t even know it exists) then your risk calculations are irrelevant. IT investment in integrating and normalising banks data is even more important than updating risk engines. Consider whether your reporting solution should embed a risk engine maintained by the software author in lien with regulatory requirements.
BCBS requires board level review of the risk data aggregation for new product approval and also for other strategic business decisions such as: mergers, spinoffs and acquisitions. The uncertain nature of financial markets, makes it both more difficult and more important for investment banks to build an agile infrastructure and reporting capabilities to make faster and better informed investment and decisions.
There is an overlap of what BCBS 239 prescribes and similar initiatives supporting other regulatory frameworks (e.g. Basel III, MIFID II, COREP, CRD IV, etc.). Forward-looking finance executives are using high-performance technologies to create fundamentally superior, compliant risk reporting processes which also help executives meet their goal of sustainable profitability.