CP10 (Full Document) - European Banking Authority

More documents

Recommendations

Info

4.3.3. Data 438. The CRD requires data to be held and stored for several different purposes. The various databases and datasets could be differentiated according to the purposes they are meant to support: · Those used to build models based on the institution’s own internal riskmeasurement systems for the purpose of calculating the own funds requirement (Article 105(1); · Those that enable regular reporting of operational risk exposures and loss experience (Annex X, Part 3, Paragraph 4); · Those used for the internal generation of operational risk measures, based on a corresponding historical observation period (Annex X, Part 3, Paragraph 13); · Those used to map internal loss data into business lines and event types, and to record operational riskrelated credit and market risk losses (Annex X, Part 3, Paragraph 14); · Those used in collecting various information about event types(Annex X, Part 3, Paragraph 16); · Those used in collecting data from external sources(Annex X, Part 3, Paragraph 19). IT systems 439. Institutions’ physical databases need not be built to address each of these purposes separately, but may contain data relating to a mix of purposes. 440. Institutions should have an IT systems that ensures: · Appropriate availability and maintenance of all relevant databases; · Appropriate modelling and computing capacity at all times; and · Appropriate controls on the datacapture process. 441. These IT systems should be included in the institution’s general contingency plans, in order to guarantee the recovery of the information. Established controls should prevent access by unauthorised people and ensure the integrity of the data. Data quality standards 442. To ensure data quality, Internal Audit should conduct at least the following: · a regular review of controls; · a review of the system forcross checking operational loss data with material accounting data. 443. Institutions should perform consistency checks that include an audit trail of data sources, total and record count checks when data move Page 104 of 123
etween systems, recording of data that are excluded or introduced at different stages of data manipulation, etc. Significant discrepancies should be investigated. 444. Institutions should work on an ongoing basis to ensure that their data is of good enough quality to support their risk management processes and to calculate their capital requirements. 445. Institutions should define their own standards for ensuring data quality and should look to develop and improve these over time. It is the institutions' responsibility to ensure the quality of their data. The institutions should be able to demonstrate that they achieve high standards in terms of coverage, completeness and correctness of their data. Examples of activities aiming to improve the data quality standards are: · the construction of decision trees to assign losses to event type and business lines; · the computation of average time between when loss events occurred and when they are captured; · the review of the structure of input data to identify outliers or implausible values and changes from previous periods; · periodic cross checking against material accounting data with institutions needing to identify and explain material divergences. 446. There should be minimum checks by an independent function to ensure that internal data are comprehensive and external data are relevant. Supervisors could assess specific parts of this process to verify the conclusions reached by the independent function. 447. Institutions should have policies concerning their tolerance for any gaps in their internal data. They should also be able to fully justify their approaches to adjusting values. Data documentation 448. While all the relevant documentation should be available for assessment by supervisors, the following types of documentation are essential: · Data policy and statement of responsibility: Institutions should establish an explicit data policy. · Institutions should document workflows, procedures and systems related to data collection and data storage. · Data directory: Institutions should have clear definitions of data items that are made available for inspection by supervisors. · Database descriptions: <strong>Document</strong>ation for material databases should be sufficient to allow institutions to provide supervisors Page 105 of 123
Page 1 and 2:
CEBS CP 10 11 July 2005 Guidelines
Page 3 and 4:
ANNEXES ...........................
Page 5 and 6:
to use these approaches. 6. The gui
Page 7 and 8:
IRB approach can be given only if t
Page 9 and 10:
approaches for regulatory purposes
Page 11 and 12:
purposes, when the group has submit
Page 13 and 14:
efficient running of the process, u
Page 15 and 16:
and/or 105 of the CRD, subject to t
Page 17 and 18:
58. Institutions intending to move
Page 19 and 20:
translated, supervisors will organi
Page 21 and 22:
76. The issues that supervisors are
Page 23 and 24:
holding company, the competent auth
Page 25 and 26:
· A new approval process shall not
Page 27 and 28:
· Institutions may not be ready to
Page 29 and 30:
2. Asking institutions to notify su
Page 31 and 32:
116. ‘Immaterial’ should refer
Page 33 and 34:
128. The EU Council has proposed th
Page 35 and 36:
should start with inputs, and those
Page 37 and 38:
to be only broadly compliant with t
Page 39 and 40:
institutions to be able to identify
Page 41 and 42:
differentiated if their loss rates
Page 43 and 44:
payments are originating from the s
Page 45 and 46:
any of its subsidiaries in full, wi
Page 47 and 48:
197. As a general rule, the rating
Page 49 and 50:
· Their discounting method results
Page 51 and 52:
grades. In this case, all of the re
Page 53 and 54: of challenges, including choosing t
Page 55 and 56: 228. In principle, supervisors do n
Page 57 and 58: prices on defaulted exposures, and
Page 59 and 60: LGD estimation, they have to be tak
Page 61 and 62: The exposure value for the followin
Page 63 and 64: investigating the potential drivers
Page 65 and 66: advisable in some circumstances not
Page 67 and 68: terms) the proof of consistency wit
Page 69 and 70: 302. The information used in credit
Page 71 and 72: exposures to obligors or facilities
Page 73 and 74: Pooled data sets for good predictiv
Page 75 and 76: inputs to the IRB approach. Supervi
Page 77 and 78: used to quantify the risk parameter
Page 79 and 80: years for the economy as a whole, a
Page 81 and 82: · Institutions must be able to bri
Page 83 and 84: Benchmarking the outputs of interna
Page 85 and 86: model, and the internal use of the
Page 87 and 88: systems” (Annex VII, Part 4, Para
Page 89 and 90: · Examining reports from Internal
Page 91 and 92: organisational point of view (e.g.,
Page 93 and 94: conclusions are wellfounded. Inte
Page 95 and 96: 401. The role played by the CRC fun
Page 97 and 98: subsidiary, or by different subsidi
Page 99 and 100: way of a formal notification). The
Page 101 and 102: · The rollout plan should have a
Page 103: Principles and examples 1. The purp
Page 107 and 108: · The definition of an appropriate
Page 109 and 110: incorporate forwardlooking elemen
Page 111 and 112: · Approving proactive risk managem
Page 113 and 114: frequency and format of the interna
Page 115 and 116: · Development of internal processe
Page 117 and 118: · Understanding the extent and nat
Page 119 and 120: ‣ If not, inform the other superv
Page 121 and 122: the decision. ‣ Agree on the proc
show all

CP10 (Full Document) - European Banking Authority

Create successful ePaper yourself

Delete template?

Save as template?