This column is excerpted from the white paper Data Warehouse Solutions for Achieving Compliance and Managing Operational Risk by William McKnight. For a copy of the full paper, please visit www.csiwhq.com/news/whitepaper_requests.asp.


When preparing to achieve compliance, it is clear that the rules will continue to be hotly debated from all points of view until - and after - the implementation dates, such as December 2006 for Basel II. U.S. domestic banks are widely viewing the draft Basel II rules as expensive to conform to and overly burdensome. A staggered adoption is inevitable, as 100 countries have indicated a direction of ultimate conformance.

Nonetheless, domestic and "home-host" banks are in various degrees of preparation for the inevitable implementation, which will include 10 to 20 banks who will be mandatory adaptors based on their total foreign exposure and total assets. Others will opt in. Observers expect that adoption of Basel II practices will be heavily encouraged by regulators and rating agencies for large banks below the mandatory threshold. Mandatory banks will be required to comply with Basel II-based requirements for the Advanced Measurement Approach (AMA). The remainder will be in "non-Basel bank" status but will remain subject to existing capital adequacy requirements. Small banks will fall into this category.

Banks are encouraged to move along the spectrum of available approaches as they develop more sophisticated operational risk measurement systems and practices. Under AMA, capital requirements are aligned more accurately to actual operational risk exposure by using a combination of qualitative and quantitative risk measurement techniques. This framework intends to reward stronger and more accurate measurements. Analytic capabilities that continually test and support the rules are a required part of the solution.

Compliance with the implementation objectives for eight key operational risk components are required to fulfill the AMA and standardized requirements. Banks are charged with developing the appropriate measurement frameworks. Regulators have presented a broad picture of their expectations, but it's the responsibility of the banks to translate these ideas into effective risk management tools.

As for Sarbanes-Oxley (SOX), so far compliance efforts have tightened up numerous internal control deficiencies. Furthermore, key control measures have been standardized, streamlined and put into place. Undoubtedly, companies benefit from all of this, which preempts public misstatement and problematic financial statements. Over time, we'll have fewer restatements and less fraud.

Data collection and reporting are large components of these efforts. IT systems must ensure high integrity of the information used to calculate the bank's risk or face higher levels of capital requirements. For example, a five-year minimum of transaction information must be retained for Basel II.

Additional Benefits

While risk mitigation is clearly an objective of each banking institution, meeting Basel II, SOX and other operational risk management opportunities will be the overriding objective of those subscribing institutions. However, there are some significant advantages a company can enjoy as a result of having a robust compliance effort. Several objectives of each subscribing business can be considered areas of opportunity supported by or directly strengthened with operational risk management initiatives. They include:

  • Engendering customer trust and confidence,
  • Improving and strengthening shareholder value,
  • Reducing exposure and losses,
  • Adopting proactive risk management and measurement,
  • Strengthening internal controls,
  • Meeting and exceeding regulatory requirements, and
  • Demonstrating risk management awareness and controls to the investment community.

Detailed-level data will be required from all areas of the business, from which portfolios will be determined based on company hierarchies. Companies will need a system for transforming, loading, reporting and scorecarding a vast amount of enterprise information. This information includes internal workflow, loss event data capture and management, identification and monitoring of key risk indicators.
In the new regulatory environment, a centralized approach is required to manage operational risk, and the same holds true for managing the information that supports the identification and mitigation of risk.

The Enterprise Data Warehouse for Operational Risk Management

The required approach to mitigating risk and complying with risk initiatives is exactly the concept and science of data warehousing. Historically, data warehouses have not served information for such precise purposes. That must change in institutions now that risk initiatives require enterprise-reconciled data that mitigates, reduces and improves operational risk factors with real-time alert capabilities. It requires more of that information than is likely presently being collected. Operational risk management will become a prime mover in the ever-expanding volume of data management.

Success with operational risk management begins with all the factors that lead to enterprise data warehouse success. However, there are several business-environment and control-factor issues that receive a heightened focus when it comes to risk management initiatives. They include:

  • Senior management buy-in and accountability,
  • Culture supporting integrity and ethical values,
  • Commitment to competence,
  • Organizational structure for risk governance,
  • Assignment of responsibility and delegation of authority,
  • Operational risk oversight function ensuring effective internal controls,
  • Formalized policies and governance, and
  • Risk performance goals to specify risk tolerance and acceptance levels.

As with data quality, data privacy, customer relationship management or whatever else comes along, those companies with a robust data warehouse feel the pain a little less than the others. A well-done enterprise data warehouse brings all these necessary elements together to become the cornerstone of the required operational risk management response.
Even companies that are not directly affected by operational risk mandates need access to timely, clean, integrated and detailed enterprise data to have a world-class finance environment and compete with companies further down the path of information harnessing. Achieving this requires a commitment to accurate and reliable information management. 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access