This document discusses Basel III compliance and operational risk measurement and reporting requirements for banks. It summarizes the key principles for effective risk data aggregation and reporting established by the Basel Committee on Banking Supervision. These include governance, data accuracy and integrity, completeness, timeliness, and adaptability of risk reporting. The document also provides examples of operational risk activity and business reporting, highlighting the largest losses come from retail banking and external fraud. It concludes with best practices for a pragmatic approach to risk detection and transparent, understandable reporting to improve risk management.

1. How do you monitor your Basel III Compliance?
Risk and Regulatory Solutions
Building Smarter Companies
November 2012

2. Basel III – Risk Reporting
“Many banks lacked the
ability to aggregate risk
exposures and
Bank of International Settlement - concentrations quickly
A Key issue from the 2007 crisis: and accurately at the
bank group level, across
business lines and
between legal entities”
Basel Committee on Banking
Supervision
“Principals for effective data Improving banks’ ability
aggregation and risk reporting.” to aggregate risk data
Compliance is required for the will improve their
large banks (G-SIBs) start 2013 – resolvability.
all other financial institutions
around the world by 2016
Source: The Bank of International Settlements: Basel Committee on Banking Supervision; Draft – Principals for effective risk data aggregation
and risk reporting– June 2012 – out for comments
2

3. Risk Reporting Requirements
1. Governance
2. Data Architecture and IT infrastructure for risk aggregation and risk reporting
3. Accuracy and Integrity of data
1. A bank should merge to a single authoritative source
2. A bank should have a dictionary of terms
4. Completeness
5. Timeliness
6. Adaptability
1. Data aggregations that are flexible and enable risk to be aggregated
2. Capabilities for data customization (“dashboards” and flash reports)
3. Capabilities to incorporate new developments and regulatory changes
7. Accuracy
8. Comprehensiveness
9. Clarity
10.Frequency
11.Distribution
12.Review – transparency
13.Remedial actions and supervisory methods
14.Home/Host cooperation
Source: The Bank of International Settlements: Basel Committee on Banking Supervision; Draft – Principals for effective risk data aggregation
and risk reporting– June 2012 – out for comments
3

4. Operational Risk Activity Reporting
Risk Dollars Activity Reporting
• Loss or damage
• Legal liability
• Restitution
• Write down
• Regulatory action 5 70 19 7
Risk Dollars x Risk Level Reporting = Reporting Variations
5 x 70 = 350 Reporting Variations
4

5. Operational Risk Business Reporting
Business Reporting
40 + 19 8 4
350 Reporting Variations x 40 Activity Groups = 14,000 Reporting Variations
Product Reporting for 100 products x 14,000 Reporting Variations =
5 5

6. Operational Risk - Highest Losses
Business Reporting Activity
Reporting
• Corporate Finance • Business disruption and
• Investment system failures
Banking • Trading and Sales
• Retail Banking • Execution, 37% of Loss
• Banking Delivery & Process
• Asset • Commercial Banking
• Internal Fraud
management • Payment and
• Retail Brokerage settlements • External Fraud 36% of Loss
• Agency serves • Employment Practices and
Workplace Safety
• Etc.
• Clients, Products & Business
Practices
• Damage to Physical Assets
Retail Banking
60% of loss
Source: Operational Risk data eXchange (ORX) – Operational Risk Report
6

7. Operational Risk – External Fraud
7

8. Risk is managed not eliminated
Operational Risk
Balance
Key attributes for Key attributes for customer
Bank Robbers satisfaction
Easy access to freeway Easy access to freeway
Longer hours Longer hours
Clustered banks with standard Clustered banks with standard
designs designs
Cash available at the teller Cash available at the teller
People shot – Not good People shot – Not good
8

9. External Fraud Mitigation
Dye-Stained Bills At Strip Club Lead To Bank
Robbery Arrest
9

10. Summary – Measuring and Reporting Risk
• A pragmatic approach to detection, consistent data definitions, simpler output
and ultimately requiring less data
• The simpler approach allows risks to be transparent & understood and can
therefore allows for better understanding at the first line of defense
• Operational limits based on history, trends, current capability constraints or the
risk appetite of the financial institution
• Enable the comparison of areas/franchises from an operational risk perspective
and provide a basis for operational risk capital management
• Using data comparison, provides insight to the firm on the interrelationships of
business characteristics and business entities to operational risk characteristics
10

11. Next Steps
• Determine where your Company stands today with respect
to measuring and reporting Operational Risk
• What’s measured
• How are the measurements defined
• Business unit measurements
• What are the current operational reports
• Determine the gap to best practice and to regulation
requirements
• Multi generational action plan
• Mitigate risk and save money
11

12. Questions?
Contact us:
Joe.Valasquez@pactera.com
Kurt.Lueck@pactera.com
12