• Marlon Arthur, Client Relationship Manager at Alpha Insight


• 02.12.2015 11:32 am

As a set of principles, rather than hard and fast requirements, the guidelines of BCBS239 laid down by the Basel Committee on Banking Supervision can present substantial challenges to compliance. One of the biggest tasks is working out what to monitor, measure and report on, as well as how to present these findings.

In particular, while BCBS239 sets out a clear requirement for timely, complete and accurate risk reports, many banks are unsure how to precisely measure and benchmark themselves accordingly. Faced with this dilemma, it is only natural they will look to the many consultancy offerings, methodologies and off-the-shelf solutions that promise one-size-fits-all compliance with BCBS239.

In reality however, each bank will still need to use all of the in-house knowledge and expertise of its business processes and the IT systems that underpin them to establish the most effective way to demonstrate compliance, not least because there are subtle differences in each institutions business operations and the legacy of systems that support them.

With this in mind, effective compliance with the principles-based regulations of BCBS239 requires each bank to develop their own compliance metrics and work out their own way of successfully embedding the monitoring and measurement of these fundamental KPIs into everyday processes – rather than simply buying solutions that introduce additional layers of monitoring and reporting on top of those that already exist.

While this may not seem like an overwhelming challenge, it is often the point where financial institutions will take a wrong turn. Having engaged external advisers to help them understand the regulations’ principles and to create large-scale programmes to position themselves to achieve compliance, they frequently commit three fundamental errors.

Mistake One: Defining metrics that don’t relate to normal operational processes

The first common mistake is to define metrics that fall outside of normal operational processes. For example, most banks will have daily process for creating Value at Risk (VAR), just as there are processes for risk-weighted assets and other risk reports. Get this wrong and Banks can end up defining KPIs specifically to address the regulation resulting in additional sub-processes which add very little value in achieving the business process outcome.

Rather than create additional metrics to report on VAR, banks should document their current VAR creation process and align the critical metrics to the steps that drive a successful process outcome.

Mistake Two: Treating compliance monitoring and measurement as a standalone activity

The second mistake frequently made by banks is to treat compliance monitoring as a standalone activity separate from other service management activities.  For example many risk metrics rely on data in files to perform a risk calculation.  Missing or late files could result in unreliable calculations, which in turn could understate or overstate the level of risk exposure.  By thinking about compliance monitoring and measurement more holistically organisations can use the same set of metrics, monitoring and measurement solutions and metric performance data to not only measure compliance but also to proactively identify potential process breaks or IT failures that could result in inaccurate risk reports and potentially non-compliance.  Taking this a step further providing early warnings of potential breaks or failures could trigger actions to remediate the situation prior to it becoming critical and affecting compliance.

This effective prevention requires considerable expertise in flow monitoring so that clarity and smart thinking shape the KPIs that are reported on. If banks succeed in making these KPIs precise, sensible and measurable, immediate action can to be taken to prevent process breaks, triggered by early-warning alerts, rather than retrospective red-light compliance indicators.

Mistake Three: Wasting budget by not capitalising on existing systems

While it is true that banks often have a plethora of monitoring and control systems, too often the response to their inadequacies is to procure yet more applications and tools that do yet more monitoring.

Rather than unnecessarily procuring additional solutions to monitor and measure the BCBS239 KPIs, banks should capitalise on the IT monitoring solutions they have already invested in. Using a combination of expertise in banking sector flow monitoring, embedding risk controls within the key risk processes and leveraging existing IT monitoring tools, meaningful real-time insights can instantly become available without the need to make additional investments in new tools.