Three Steps To Setting Out a Basel III-Ready Data Warehouse

Lots and Lots of Data

To better appreciate the magnitude of the challenge that lies ahead for banks with the coming into effect of Basel 3, let's place it in its proper context.

First the financial services industry holds enormous amounts of data - probably more than any other sector of the economy except the technology industry. In fact, to put this enormity in perspective, a an estimate from global consulting firm McKinsey put the size of all bank-stored information at 1 exabyte (EB) - the equivalent of 1,000,000 terabytes (TBs). Given the inherently sensitive nature of financial data, it would be safe to assume that majority of such stored data would play a part in computing the risk exposure of any given bank and also form the basis for the regulatory reporting envisaged in Basel III.

Looking at such copious amounts of data, it becomes clear that the need for a robust risk data warehouse is more than just preparing for compliance with Basel III provisions - it is instead about creating the right environment for consolidating and analyzing data that ensures risk management decisions and regulatory reports are based on complete, correct and uncompromised data. As you would expect, banks have throw hundreds of billions of dollars at their data management concerns over the years (they collectively spent over US$ 330 billion in 2011 by some estimates). Yet, even with such huge spending, many incidents continue to show that buying expensive systems is not a silver bullet that leads to better risk management and stronger internal controls.

Now, throw in the 3 challenges posed by Basel III (locating the right information, converting data in different formats into a single coherent format and finally, making available that data to the appropriate audience) and you can be sure that CEOs, CFOs, CROs and CIOs have their work cut out. Yet, the preparation, analysis and management of data for risk analysis and regulatory reporting (whether for Basel III or otherwise) can be condensed into 3 major steps:

Step 1 - Integrate Existing Systems

As opposed to the finance department using 5 different applications, credit risk depending on 6 systems and human resources having 3 distinct systems for employee appraisal, payroll and tracking personnel medical insurance, the first step any bank should take to have a seamless risk management and regulatory reporting framework is reducing the number of systems, data repositories and thus data formats found within the entire organization.

Transitioning an organization from disparate systems into more unified enterprise platforms greatly increases overall efficiency and provides a stable foundation for streamlining data that will eventually be fed into the risk management data warehouse.

In addition, the process of integrating existing systems also presents a rare opportunity for executives, line managers, risk officers and IT staff to ‘clean up’ processes in great detail - some form of business process re-engineering. Thus, the integration process ensures the correctness, completeness and integrity of the data that will be used for Basel III risk analysis and reporting while at the same time ensuring routine tactical and strategic decisions are based on high quality data.

Step 2 – Develop Risk-Aware Data Models

Let’s face it, risk management is not a bank’s core business. The constant friction that exists in almost any large bank between risk functions on the one hand (such as risk, audit, compliance and legal) and core business functions on the other (operations, marketing, customer service etcetera) is clear testament to this fact. Like any other business, banks exist primarily to make money whether it is through traditional bank earnings such as transaction fees, loan interest and foreign exchange trading, or it is via more sophisticated products such as derivatives.

For this reason, the natural approach toward structuring risk data warehouse models is creating the models built around transactions and bank products. It is the easy way out to avoid ‘upsetting the apple cart’. But as many banks have painfully learnt, such an approach to data modelling can make the process of managing risks and filing accurate regulatory reports a tedious and expensive affair especially when regulations are as constantly evolving as they are in the banking industry.

Whereas banks are in business to make profit, compliance with industry regulation is not an option - it can make the difference between winning public confidence and retaining a banking license or losing both. As such, the better and more cost effective approach in the long run is developing data models that are geared towards risk management and regulatory reporting but that also do not create roadblocks to the efficient flow of bank process. The data models should capture all vital risk factors, instruments, counter-parties and positions that would go into calculating the market, credit, liquidity and operational risks outlined under the Basel III accord.

This central data warehouse then becomes the sole originator for management, risk and regulatory reporting data.

Step 3 - A Clearly-defined Enterprise-wide Risk, Compliance and Governance Regime

Simply having a centralised risk data warehouse is not enough. Re-aligning reporting structures, redefining job descriptions and removing redundant risk reporting lines must go hand in hand with harmonised and risk-aware data warehouse systems.

There are many benefits that come with ensuring the bank’s reporting structure ensures consistent and accurate risk information. For instance, by harmonising responsibilities and reporting lines on risk and compliance responsibilities, the bank would have specific persons tasked with reviewing and updating data models to comply with emerging regulatory frameworks such as Basel 3 and the Dodd-Frank Act.

Specific action plans can be created with detailed road maps on how to achieve them and which departments will be involved. The bank’s board of directors and executive management would also have a clear line of sight on which department or individuals would be responsible for effecting what change. Management and the board can also be more confident that the risk reports they receive are complete and are coming from the department(s) that have an enterprise-wide view of the risks.