The best business decisions are based on relevant, comprehensive, actionable information, and the work of the Board Risk Committee (BRC) is no exception.
The BRC sits at the top of the systemically important banks (SIBs) framework of risk governance and in this regard has two primary functions: to set expectations and to review reports to ensure that those expectations are being met. If it is not functioning well, the chances are that risk of one kind or another is not being managed effectively. Despite the importance of risk data to the overall risk governance of the organization, there are significant challenges faced by the BRCs. Our recent analysis of 20 SIBs highlights some of these challenges.
Much of the information that passes through the risk department to the BRC is produced through systems with some manual intervention. The challenge is to obtain a more granular and detailed analysis of risk data that is available automatically. Various scenarios need to be run against the data to see what the impact would be of changing market conditions. Multiple systems and inconsistent data standards can cause this to be time consuming, reducing the time available to analyze the data.
One answer to the problem of quality and timeliness of information is to automate a greater proportion of the process of gathering it. While automation is needed at every point in the risk governance process, it is seen as a particularly vexing problem for banks when performing stress-tests, particularly when responding to regulatory requirements.
Half the SIBs in the survey perform five or more stress-test scenarios a year, but continue to require a significant amount of manual intervention. This is an onerous process, given the amount of data to be analyzed.
“The automation of risk-data analysis needs to be seen in the context of overall risk governance. It should enable people at key points in the risk architecture to have the time to think clearly of what the priorities are and how to deal with threats, both in the short- and long-term. Automation is an enabler.”
Michelle Hinchliffe, Partner KPMG in the UK
While automation can definitely help, it is only part of the solution. SIBs also need to capture the right data, which requires well-designed models that neither raise alarms too frequently nor instill a false sense of confidence that the banks are operating within risk parameters.