RDARR 101: Risk Data Aggregation and Risk Reporting Explained
Name a risk-aware profession, and banking should be near the top of the list—right after, maybe, skydiving or lion tamer.
As anyone in banking knows, risk—understanding it, measuring it, and managing it—is at the very heart of the business. History has proven, most recently and dramatically with the 2008 financial crisis, that when risk isn’t properly understood, measured, or managed, it can lead to widespread instability and massive losses.
Since the Great Recession, risk management teams at banks around the world have been trying to manage risk data aggregation and risk reporting (RDARR) more effectively using an internationally accepted set of principles as a North Star: BCBS 239. Here’s a quick primer.
What is BCBS 239?
The international banking authorities that make up the Basel Committee on Banking Supervision (BCBS), based in Basel, Switzerland, work to create global standards for banking regulation. The group has 45 members from 28 jurisdictions around the world, including representatives from central banks and authorities who oversee the banking industry.
In 2013, the organization released BCBS 239, a new set of standards to help banks manage their risk data aggregation and risk reporting practices more holistically. BCBS 239 includes 14 principles that fall into four general categories: governance, data aggregation, risk reporting, and supervisory requirements. The goal? Enhance financial stability by creating greater trust in data, more informed decisions by banking leaders, and more clarity for regulators.
BCBS 239 applies to large banks worldwide that are either Global Systemically Important Banks (GSIBs) or Domestic Systemically Important Banks (DSIBs). While small and mid-tier banks don’t have to comply with the BCBS 239 standards, many of them are using the same principles to improve their RDARR programs.
The Basel Committee on Banking Supervision in April 2020 provided a summary of big banks’ progress on compliance.
Banks are still moving forward, but COVID-19 likely affected the pace of progress and resource deployment.
What is RDARR?
A strong risk data aggregation and risk reporting (RDARR) program is meant to help bank teams efficiently give managers the right data to accurately depict risks facing the organization at any given time.
Institutions not subject to BCBS 239 should consider the 14 principles of BCBS 239 as leading standards to implement to strengthen their RDARR capabilities.
Every financial institution should have a RDARR program that substantiates the quality of its management reporting, which includes financial metrics as well as narrative. The narrative is key in summarizing existing risk positions, corresponding drivers, conclusions related to risk versus reward, and can convey review and challenge considerations. Your datasets underscore all of that narrative.
That same program also can govern model development and forecasting. Automation, standardization, and connected data are fundamental components to strengthening adoption of RDARR principles.
How does RDARR work?
But how does the work actually get done? Not surprisingly, anyone on a bank’s risk reporting team will tell you that it’s not easy. The process is inherently complex, the stakes are high—and that’s just the start.
Two of the biggest challenges of managing RDARR are:
1. Decentralized information
Risk management teams collect risk data from throughout their organizations. Even in a small bank, that could mean receiving data from dozens of sources and in just as many formats. All institutions, from community banks to the largest GSIBs, have in common the variety and volume of financial and management reporting performed weekly, monthly, quarterly, and annually.
Data quality and governance are not concepts unique to the largest institutions. They are fundamental to risk management. Implementing a RDARR program should not be seen as a defensive exercise. There is significant opportunity to create value through transforming processes and supporting the evolution of your analytical routines.
Consider using a centralized environment to give teams one place to collect their data and collaborate on analysis and reporting. Standardizing reporting structures and providing cleaner, more transparent, more traceable data should free up time for risk practitioners to spend more time on analyzing, reviewing, and challenging.
2. Inadequate tools
Many risk teams manage RDARR with word processing and spreadsheet software tools that simply aren’t up to the task. Not only are these legacy tools unwieldy, but they also cause critical breaks in the data management chain, which can lead to inaccuracies, limit transparency, and reduce trust in the data.
Cloud platforms streamline RDARR and can help teams move toward achieving greater accuracy, clarity, and integrity of the data. They also can provide the scale that’s needed to process large amounts of data without crashing your files.
Modern platforms also give you the ability to dynamically link data across spreadsheets, presentations, and documents. Connecting data across reports and teams should reduce the risk of differences in numbers and conclusions. Meanwhile, linking data back to a source should support reviewers’ overall comfort with the data that are driving conclusions.
That’s just the start. For more detail, plus four ways to improve RDARR processes, check out our white paper.