CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.3.3. Data<br />
438. The CRD requires data to be held and stored for several different<br />
purposes. The various databases and datasets could be differentiated<br />
according to the purposes they are meant to support:<br />
· Those used to build models based on the institution’s own internal<br />
riskmeasurement systems for the purpose of calculating the own<br />
funds requirement (Article 105(1);<br />
· Those that enable regular reporting of operational risk exposures<br />
and loss experience (Annex X, Part 3, Paragraph 4);<br />
· Those used for the internal generation of operational risk<br />
measures, based on a corresponding historical observation period<br />
(Annex X, Part 3, Paragraph 13);<br />
· Those used to map internal loss data into business lines and<br />
event types, and to record operational riskrelated credit and<br />
market risk losses (Annex X, Part 3, Paragraph 14);<br />
· Those used in collecting various information about event<br />
types(Annex X, Part 3, Paragraph 16);<br />
· Those used in collecting data from external sources(Annex X, Part<br />
3, Paragraph 19).<br />
IT systems<br />
439. Institutions’ physical databases need not be built to address each of<br />
these purposes separately, but may contain data relating to a mix of<br />
purposes.<br />
440. Institutions should have an IT systems that ensures:<br />
· Appropriate availability and maintenance of all relevant<br />
databases;<br />
· Appropriate modelling and computing capacity at all times; and<br />
· Appropriate controls on the datacapture process.<br />
441. These IT systems should be included in the institution’s general<br />
contingency plans, in order to guarantee the recovery of the<br />
information. Established controls should prevent access by<br />
unauthorised people and ensure the integrity of the data.<br />
Data quality standards<br />
442. To ensure data quality, Internal Audit should conduct at least the<br />
following:<br />
· a regular review of controls;<br />
· a review of the system forcross checking operational loss data<br />
with material accounting data.<br />
443. Institutions should perform consistency checks that include an audit<br />
trail of data sources, total and record count checks when data move<br />
Page 104 of 123