‘No, Sir, Your Risk Data Is Not Something Operational, It Is a Strategic Asset’

In many risk projects in the past I have come across bad data quality. Yes, there is a credit risk data mart that is the basis for credit risk models such as PD and LGD models. But this credit risk data mart does not contain all relevant loans. First step is always to check completeness. Do we have to model a wholesale credit portfolio of approximately EUR 20 bln? And how much is in the data mart? Only EUR 15 bln? How come? Why is 25% of the portfolio missing? And is it missing for a specific reason? E.g., is it a subportfolio that contains the loans of a specific label? And what is the credit quality of this subportfolio? If it is the same, then we could consider to start the analysis and add the subportfolio later on (since there is always time pressure on the model development). But if this is a specific subportfolio with credit approval standards that are different from the rest, we are facing a certain bias, right from the start.

Figure: New Basel Paper (January 2013) highlights risk data as strategic asset

New Basel Paper (January 2013) highlights risk data as strategic asset

The completeness check is far from trivial. A modeling data set that cannot be reconciled with the General Ledger is unacceptable. Risk management is about the entire balance sheet, not about the specific part of it that happens to be ending up in the data warehouse.

Once we have checked completeness we need the domain checks. I once came across a retail database containing the age of the mortgage customers. Many septuagenarians and even octogenarians. Of course, this is possible, but that many? We ended up suspecting that the underlying data generating process was not adequate. And why trust reasonable values of this variable if the underlying process is capable of generating outcomes that are obviously off the mark?

Risk is at the end of the data food chain

Often the modeling set contains some variables that may be relevant for the modeling, e.g. past default and arrears history for a behavioral credit scoring model. However, other relevant risk drivers are missing, such as current income and payment morale. Sometimes these drivers can only be added after linking to other, external databases that are available from data vendors. But in many cases the modeling data can be enriched by coupling data sources within the bank (e.g. operational front office systems).

And here’s the problem: the risk department is at the end of the data food chain. If it needs additional data from the upstream processes, it runs into all kinds of problems. Apart from the technical problems of merging customer data across systems (no, this is not easy!), it becomes transparent that the front office is not focused on capturing the accurate risk data, it is focused on selling the loan. No way that the risk department can enforce the data gathering of additional data that is relevant for risk modeling or quality improving procedures such as domain controls at input (‘Is this person really 80 years old?’).

The problems that we are facing here are not only at a technical level, they are also on a governance level. The only way we can resolve the end-of-the-food-chain situation is by implementing a governance structure in which risk data is recognized as a strategic asset.

Data governance

Proper risk data and risk models add value to a bank by improving the risk/reward steering of the bank and by a prompt identification of potential losses. Risk management is a strategic process within the bank and the data that it needs are strategic assets.

Interestingly, this risk data governance is highlighted in a recent Basel paper: Principles for effective data aggregation and risk reporting (January 2013).

In its explanation the Basel committee confirms that accurate aggregation of risk exposures and timely decision-making are often impaired leading to wide-ranging consequences:

The financial crisis that began in 2007 revealed that many banks, including global systemically important banks (G-SIBs), were unable to aggregate risk exposures and identify concentrations fully, quickly and accurately. This meant that banks’ ability to take risk decisions in a timely fashion was seriously impaired with wide-ranging consequences for the banks themselves and for the stability of the financial system as a whole.

The Basel paper describes principles related to four topics, the first of which is data governance. It contains very clear language about the position in the food chain:

A bank’s board and senior management should promote the identification, assessment and management of data quality risks as part of its overall risk management framework. The framework should include agreed service level standards for both outsourced and in-house risk data-related processes, and a firm’s policies on data confidentiality, integrity and availability, as well as risk management policies.

Other principles point out that senior management should approve the ‘bank’s group risk data aggregation’. It should also ensure that adequate resources are deployed for risk aggregation and reporting. It states explicitly that senior management should allocate ‘appropriate levels of financial and human resources’.

The principles also point out that risk management should be involved in the implementation of ‘adequate controls throughout the life-cycle of the data’. The role of the business owners includes ‘ensuring that data is correctly entered by the relevant front office unit’.

Also, the principles refer to the reconciliation with the General Ledger:

Risk data should be reconciled with bank’s sources, including accounting data where appropriate, to ensure that the risk data is accurate.

Timeliness of risk information is addressed as well. Banks should be able to generate aggregate risk data in a timely manner and the precise timing will depend on the ‘nature of the risk being measured’. The paper specifically mentions liquidity risk indicators and we all know that the timely calculation of the Liquidity Coverage Ratio can be quite a challenge, especially since Basel requires the LCR to be used on an ‘ongoing basis’. The reporting frequency is monthly, ‘with the operational capacity to increase the frequency to weekly or even daily in stressed situations.’

Boldness is needed

So next time the CFO states that data quality is only a concern for operations, dare to share the Basel principles with him/her: ‘No, your risk data is not something operational, it is a strategic asset.’


Over Folpmers
Financial Risk Management consultant, manager van een FRM consulting department, bijzonder hoogleraar FRM

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )


Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s