Without data that is accurate, reconciled and validated, risk reporting may be useless.

This is Part 2 in a four-part series on the key areas of the BCBS 239 risk data aggregation and reporting guidelines. View Part 1 here.

In its stocktaking report on BCBS 239 progress at the end of last year, the BIS highlighted how banks had assigned themselves higher ratings on the risk reporting principles than they did on the corresponding data aggregation principles. This raised the question as to how reliable and useful risk reports can be when the data within these reports and the processes to produce them are not in place.

The reports being produced need to be accurate, clear, complete, useful and frequent. The end game is simple: to enable informed decisions based on accurate information.

When you consider what a risk report usually looks like – a bunch of spreadsheets – and how long it has taken to produce – typically not a quick process, but rather a complex and time-consuming one that happens across silos – the ongoing challenge becomes clearer.

Exact reporting requires data that is accurate, reconciled and validated. Outside of the data architecture issues, an historic reliance on manual processes and inconsistencies in reconciliation procedures also hamper progress. BCBS 239 also requires firms to fully incorporate risk appetite into their risk reporting, which adds an additional layer to the challenge.

Risk management executives must be empowered to make informed decisions, and all roads lead back to the data. As a result, it's vital that banks have a system in place that can cope with the vast volumes of data across the institution. BCBS 239 is big on interdependencies across all three areas of the principles: governance and infrastructure, risk data aggregation, and risk reporting – without adherence to principles governing data, reporting adherence simply cannot happen.