欧盟银行面临的数据管理和风险报告挑战

© Oliver WymanWhen the European Central Bank included “addressing long standingdeficiencies in risk data aggregation and reporting”1as a supervisory priorityfor 2024–2026, it issued a critical challenge: Banks need to step up their datamanagement capabilities and processes right now. With the publication inMay 2024 of the “ECB Guide on effective risk data aggregation and reporting(RDARR),” the bar is nowset.The ECB Guide is in keeping with the renewed attention that regulators worldwidehave paid to RDARR. This has left no option for an increasing number of banks but tocome to terms with their practical failings on data, and the greater regulatory pressurewill significantly boost industrywide efforts to rectify those failings and create trueaccountability for higher quality data. The good news is that as difficult as that may seem,choosing the right strategies and implementing them skillfully can minimize the workrequired and realize significant commercialbenefits.HOW THE ECB IS RAISING THEBARRDARR implementations to date jump-started data management as a discipline for banksand helped lay the foundational elements for sound data management. It also uneartheda myriad of data issues front-to-back and improved the reporting and control infrastructure,mainly within riskfunctions.However, many banks strove only for minimum compliance with the letter of RDARR ratherthan embedding true ownership and accountability for risk data across the organization.As a result, their plans and execution approaches crumbled in practice, and there remainsa disconnect between the theory of risk data management and how it is executed by datapractitioners in theirday-to-day.The ECB Guide leverages more than 10 years of learnings in RDARR compliance. While it isnot considered new guidance by the ECB, practically it will mean that many banks will haveto raise the bar currently set for their risk datacapabilities.1ECB Banking Supervision: SSM supervisory priorities for 2024–2026, 19 December2023. © Oliver WymanBCBS239 is no longer only a “risk reporting” issue:The Guide makes BCBS239 a “bankwide”effort by explicitly including in its scope financial reporting and model development. Itmakes the management body responsible for “setting clear roles and responsibilities withinthe business organization” and calls for increased coordination and collaboration withIT changeinitiatives.A minimum set of conditions is set but banks need to go beyond:The Guide is articulatedas a set of “minimum supervisory expectations” and “prerequisites” for effectiveidentification, monitoring, and reporting of risks that are “not necessarily sufficient”to achieve soundRDARR.Threat of enforcement actions and capital add-ons is real:The Guide explicitly mentionsenforcement actions, capital add-ons, and the removal of responsible executives as potentialmeasures for banks that do not respond promptly to supervisory feedback, in line with theexpected increase in “supervisory escalation” announced by the Vice-Chair of SupervisoryBoard of the ECB.2The technical nature of RDARR is no longer an acceptable excuse for management:Bank leaders — specifically senior management — need to be familiar with datamanagement concepts like data lineage, understand key data quality performanceindicators, and keep an up-to-date knowledge of data management and IT.In addition to the above, we have included as an appendix some examples of the biggestissues observed from onsite inspections in the industry — lineage, golden sources, and datagovernance — as well as where the ECB has heightened its expectations across those issues.Taken together, it becomes clear why the ECB is now reimagining its stance on RDARR.2Power,abilityandwillingnesstoact—themainstayofeffectivebankingsupervision—SpeechbyFrankEldersonat HouseoftheEuro,Brussels,7December2023. © Oliver WymanWHAT BANKS NEED TO DO MOVING FORWARDBanks need to demonstrate meaningful progress on their BCBS239 journey with anappropriate level of priority and understanding, elevating it to among the issues at the topof their regulatory and transformation agenda. For those that are at the start of the journey,realistic definitions, scoping, and planning are essential. Some pioneers in the industryare providing useful examples of ways to accomplish those objectives. These includethe following:Implementing mechanismsto install true accountabilityfor dataqualityThis includes the application of tools that allow the riskand finance teams to enforce strict data quality standards.Among other examples, these banks are creating transparentoverviews of progress against process-level data qualityobjectives through data dashboards, structuring reporting toprovide immediate understanding of data quality status andtrigger remediation, and implementing data contracts/SLAs,automated controls, and incentive systems linked todataUsing lineage to improvedata quality andefficiencyBuilding systemic knowledge of critical data processes,diagnosing the root causes o