Strategic Enterprise Risk Architecture aims to create an end-to-end architecture for risk management including data, processing, and reporting. This would satisfy both regulatory requirements and internal risk analysis while reducing costs and improving data consistency. The target state architecture features shared data services, model development sandboxes, reusable risk calculators, configurable aggregations, integrated workflows, and advanced reporting. This provides a single source of risk data, controls, and governance to analyze things like credit, market, and liquidity risk across the organization.

1. Strategic Enterprise Risk
Architecture
Sandeep Maira
Head, Enterprise Risk & Compliance Technology
The Bank of New York Mellon

2. 2 Information Classification: General
Enterprise Risk Architecture Objectives
E2E Architecture for risk (and beyond) including data, processing and reporting
Benefits include -
• Satisfy regulatory as well as internal risk management objectives. Support CCAR but also
internal risk analysis.
• Reduce overall costs
• Improve enterprise wide data consistency
• Leverage advances in Big Data and computing power to provide advanced and predictive
analysis

3. 3 Information Classification: General
Regulatory
Risk
Ad-hoc
Data Science
Control Framework :Data Governance, System Monitoring
Classification
Model
Development
Data Sourcing &
Staging
Model Dev/
Management
Aggregation
Credit Risk
Ops Risk
Liquidity Risk
Market Risk
Model
Management
Scenario
Management
CCAR
Calculators
Model
Parameters
Reporting/
Analysis
DataLake
CommonStagingDB
Reference Data
Collateral
Positions
Transactions
Credit Liquidity Basel
Business Process Management: Reviews, Handoffs
Target State Logical Architecture – Component View
VaR

4. 4 Information Classification: General
3
1
4
5
Architecture
Components
Design Approach Benefits Challenges
Data • Leverage shared
position, transaction,
collateral and reference
data services across risk,
finance, treasury
• Provides data consistency
and traceability. Reduces
costs.
• Helps satisfy BCBS 239
and SR14-1
• Provides the basis for
advanced analysis
• Organizational
boundaries
• Upfront expense
Model
development
• Sandbox for model
development purposes
• Model registry for model
definitions and approval
• Scenario registry for
regulatory & internal
scenarios
• Scalable infrastructure for
model development
• Improve controls and
governance
• Reduce costs through
model re-use
• Ownership model
between business
and technology
• Multiple coding
languages
Calculators • Calculators as services • Consistent results for
given inputs
• Reusability and cost
reduction
• Integrating disparate
technologies
• Retrofitting can be
difficult
Risk Architecture Design Objectives and Approach

5. 5 Information Classification: General
1
Architecture
Components
Design Approach Benefits Challenges
Aggregations • Configurable
aggregations for risk
measures
• Flexibility to aggregate and
drill down at all levels
• Deep and accurate
datasets
Workflow • Integrated workflows for
handoffs, approvals and
validations
• Single inbox for all tasks
• Streamline and reduce
operational overhead
• Improved data validation
• Enforce risk policies
• Integration of different
platforms
Reporting • Support static and flexible
ad-hoc capabilities
• Ability to slice and dice
on all major dimensions
and support rich
visualizations
• Threshold capabilities on
all required measures
• In-depth analysis of all
types of risk events
• Early and easy
identification of outliers
• Helps satisfy BCBS 239
and SR 14-1
• Acquiring breadth
and depth of data
Control • Support data lineage,
validations and glossaries
• Data reconciliations
• Robust exception
handling and alerting
• Satisfy BCBS 239 and
ensure data consistency,
accuracy and
completeness
• Monitor health of
production infrastructure
• Operational
ownership across
multiple business
lines
• Agreement on terms
Risk Architecture Design Objectives and Approach

6. 6 Information Classification: General
Use Case - CCAR
• Acquire data from
master data sources into
common data staging
• Handoffs are validated
Models are developed
• Model risk management
approves models
• Scenarios are updated
• Models move to
production and source
data
• Results are aggregated
• Results are available for
reporting
• Data quality and system
monitoring checks
CCAR Process
1
1
2
6
3
4
5
7
8
9
2
3
4
5
6
7
8
9

7. 7 Information Classification: General
What is my ‘exposure’ to Greece?
What is my credit risk?
What is my market risk?
What potential exposure will I
have with a further worsening?
Do I have any compliance
issues?
What ‘Greek’ counterparties do I have?
What is the current exposure and future
potential exposure?
What collateral do I have?
What Greek instruments do I have?
What hedges do I have in place?
Are there any AML issues?
For counterparty ABC with
high credit exposure, what
instruments do I hold? Do I
have any AML concerns ?
With further worsening of
conditions what might
happen?
What is my exposure with a 30
percent drop in Greek bonds?
More Interesting Q’s……..

8. 8 Information Classification: General
Regulatory
Risk/Finance/
Treasury/
Compliance
Business
Intelligence
Reporting / Analysis
Risk
Treasury
Finance
‘Big Data’
DB
Regulatory
• The data lake can provide ‘Business Intelligence’ within and
across domains
• The ‘Big Data’ DB has very wide depth and breadth of data, for
advanced analysis. Data science analytics, including (for
example) statistical analysis and machine learning, can be
performed in this environment. This DB can also be used for
model development.
Compliance
Target State Logical Architecture – Modeling and Data
Science
Historical
Data

9. 9 Information Classification: General
Appendix

10. 10 Information Classification: General
Regulatory
Risk/Finance/
Treasury/
Compliance
Business
Intelligence
Reporting / Analysis
Risk
Treasury
Finance
‘Big Data’
DB
Regulatory
Compliance
Data Pathway
Control Frame Work :Data Governance Tools
• Data governance tools including data lineage, glossaries
• The ‘Big Data’ environment can also be used for ad-hoc
analysis
Target State Logical Architecture – Data Lineage