Article 6: Information Systems and Internal Reporting
C 153-2018 STA Effective from 27/6/2018
1. A bank’s comprehensive approach to risk management must include policies and procedures designed to provide risk data aggregation and reporting capabilities appropriate for the risk profile, nature, size and complexity of the bank's business and structure. The policies and procedures for risk data aggregation and reporting must provide for the design, implementation and maintenance of a data architecture and information technology infrastructure that supports the bank’s monitoring and reporting needs in normal times and periods of stress.
2.A bank’s systems must support supervisory reporting requirements and provision of risk reports to all relevant parties within the bank on a timely basis and in a format commensurate with their needs. The scope of reporting must be proportionate to the business activities and complexity of the bank. Ideally, banks will have a highly automated process, however, certain circumstances may mean that manual intervention is required to aggregate risk data and produce supervisory and internal risk management reports.
3.The processes for aggregating the necessary data and producing supervisory and internal risk management reports must be fully documented and establish standards, cutoff times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by the internal audit function using staff with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.
4.Banks are encouraged to adopt centralized databases with single identifiers and/or uniform naming conventions for legal entities, counterparties, customers and accounts to facilitate accessing multiple records of risk data across the bank or group in a timely manner. Bank systems must be adequate to compile gross and net exposures to institutional counterparties (i.e. interbank, central counterparties) and to capture credit risk concentrations on a bank-wide or, if applicable, group-wide basis, including on and off-balance sheet exposures, for individual counterparties, groups of related counterparties and other concentrations relevant to the bank’s business such as by currency, industry sector or geographic region. Banks are encouraged to have this information available on a daily basis.
Book traversal links for Article 6: Information Systems and Internal Reporting