SlideShare a Scribd company logo

KPMG - BCBS239_Bracing for Change

N
Nanda Thiruvengadam
1 of 16
Download to read offline
BCBS 239 BCBS 239: Bracing for Change and Capturing the Opportunity
2 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
4 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. CoreReform:UnderstandingBCBS239 “The requirements of BCBS 239 present an opportunity for financial institutions to look beyond basic compliance and unlock strategic value across the organization” Craig Davis, Partner, KPMG in Singapore One core regulatory initiative that aims to give greater transparency to the risk picture, yet has kept a low profile in Asia Pacific (APAC), is the Basel Committee on Banking Supervision (BCBS) document, “BCBS 239 – Principles for effective risk data aggregation and risk reporting (RDARR).” Representing the first time regulators have mandated technology-driven regulation, BCBS 239 is a result of the work spearheaded by the Basel Committee and the Financial Stability Board (FSB) to provide guidance to enhance banks’ ability to identify and manage bank-wide risks. Crucially, the principles seek to elevate data aggregation capabilities to a level where supervisors, firms and other users (for instance, resolution authorities) of the data, are confident that the reports accurately capture risks in the time of a crisis. As a result, existing gaps in RDARR can hopefully be closed. First issued by the BCBS in January 2013, the principles structured rulebook has very real and wide-ranging impacts for banks operating globally and in APAC. BCBS 239 pertains not only to the short-list of Global Systemically Important Banks (G-SIBs) but, as outlined in the report, “It is strongly suggested that national supervisors also apply these Principles to banks identified as Domestic Systemically Important Banks (D-SIBs),” as in the case of MAS in Singapore.
5 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. BCBS239–WhatTriggeredIt? In 2008, the G20 committed to fundamental reform of the global financial system, with the intention to stymie a repeat of the global financial crisis (GFC). As risk management became the main tool to combat vagaries causing financial volatility and systemic turmoil, multilateral bodies and international regulators cooperated through extensive dialogue to enhance the robustness of risk management processes. As the GFC highlighted, the banks’ incapacity to understand quickly and accurately their overall exposures and other key risk metrics influencing central decisions of the bank, represented a fundamental weakness and gap within the financial system. Without such competences, executive management cannot obtain an accurate and in-depth picture of the risks the bank faces. Without targeting such risk opaqueness, banks and subsequently the global financial system are exposed to acute uncertainty. Other Root Causes Prompting Basel Committee on Banking Supervision (BCBS) 239 Include: Immature Data Processes — GFC showed insufficient investment in data and Infrastructure — Data processes could not influence critical decision- making, especially so in systemic crisis situations Risk and Data Aggregation — No single source of truth — Manual processes Management Blindspot — Boards/Senior management not questioning veracity — Incoherent risk appetite policy — Data lifecycle escaping scrutiny Silo Mentality of Responsibility — Non-vertical ownership — Enforced through policy/politics, and unwilling to change — Business/IT perspective generate sub-optimal outcomes Bad Models or Bad Data — Poor models are usually an indication of poor data — Inadequate model performance – RWA divergences — Mistrust of risk models at the highest levels of management The 80% – 20% Problem — Not perceived as a problem but the cost of doing business — A lack of motivation internally to change despite models underperforming — Standard practice and technology no longer suitable Data Not Valued — What is the value locked in risk data itself? — Capital optimization?
6 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. ProposedTimeline:Demanding The banks, particularly Systemically Important Banks (SIBs), face an aggressive timeline (Figure 1) to comply with Basel Committee on Banking Supervision (BCBS) 239. For instance, G-SIBs have until early 2016 to implement the principles in full. At the discretion of local regulators, D-SIBs may also be required to adhere to these principles within three years after they are designated as D-SIBs. The timeline challenge is further compounded by “simultaneous adoption” or the need to apply the principles on a consistent basis across a group. The deadline for IT implementation falls within deadlines for other regulations, making significant demands on existing bank resources. ImplicationsofComplianceFailure There are numerous consequences if banks fail to comply with the principles and if data and infrastructure platforms are not revamped to align with the impending BCBS 239 regulation. —Regulatory Penalties and Increased Capital Charges: Supervisory tools ranging from information-gathering powers to the enforcement of penalties and capital add-ons if regulated G-SIBs or D-SIBs fail to comply with the Principles. —Regulatory and Reputational Risk: Aside from possible specific supervisory measures against banks that don’t get it right, deficiencies reported in early assessments of BCBS 239 often figure in “break-up-the- banks” arguments. —Loss of Competitive Advantage: Enhanced risk and finance data and technology platforms should become – and for many financial institutions are becoming – a core part of business’ strategic decision making. Acting on the principles embedded in BCBS 239 will help banks upgrade RDARR, bringing improved insight and risk management processes to companies. Figure 1: Timeline Implementation 01/2013 2014 04/2015 01/2016 2017 Start of preliminary studies CompliantStart of preliminary studies 04/2018 Compliant G-SIB – Global D-SIB – Singapore Source: KPMG in Singapore
7 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. BCBS239Compliance:TriggeringValue Although the principles-based framework does have downsides, the ability for banks to interpret and construct bespoke approaches to strengthen their RDARR can be viewed as a great opportunity. Banks have the flexibility to interpret BCBS 239 with strategic scope and creativity, and set the tone for their own regulatory agenda. Data becomes a tool to compete and a virtuous cycle occurs – risk data continuously informs strategy. Strategy and informed decision making is driven by confidence in the Information. Banks can now think about monetizing the information advantage in their possession. Time to market shortens and data becomes cheaper, faster, better and safer. Ensuring you have a complete understanding of all data across the organization provides a platform to better understand your potential risks at any point in time. Greater value is derived from stress-testing ‒ data becomes an asset ‒ powerful and dependable, automated, less arduous and free of error ‒ providing senior management and the board with confidence in strategy and decision making. Having the power to analyze all touch-points between the bank and your client provides insight on potential future behavior, allowing more targeted cross-sell opportunities whilst early warning indicators can help to prevent risk before it occurs. Increased transparency minimizes risk Blind Spots. It also provides banks with a detailed understanding of all the touch- points across their business units, enabling management to understand business process inefficiencies, technology consumption, and ultimately the true cost-measurement of running the business. Better models can potentially result in lower capital, provide greater confidence in quantitative analysis and drive more efficient usage of external data and optimized internal collection. Banks become agile in their use of capital whilst identifying opportunities to unlock hidden value across the organization, for example within their collateral inventories. Utilizing pay-as-you-use storage and processing power, such as the cloud, for data storage and on- demand analytics lowers capital expenditure and technology investment. It also allows for decoupling of interdependencies, drives technology rationalization resulting in a leaner and simplified architecture. The vertical ownership of Risk Data from all stakeholders and business originators through reporting, modelling and capital estimation will drive teamwork, foster integration and ensure that all outcomes are jointly owned. Effective program management – across Basel IV, margin reform for uncleared OTC derivatives, IRRBB, SA-CCR and BCBS 239 – can drive maximum economic value by identifying commonalities between regulatory work streams. Setting the tone – Taking regulation beyond box-ticking to a Strategic Enabler Data strategy and driving continuous value Empowering Senior Management Know your client inside out An opportunity to deploy cost-effective technology and simplify the technology footprint Transparency and Granularity across the organization Organizational Culture Transformation More Risk Sensitive Models More effective Regulatory Compliance
8 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. 14. Home/host cooperation 13. Remedial actions and supervisory measures 12. Review 1. Governance 2. Data architecture and IT infrastructure 5. Timeliness 3. Accuracy and integrity 4. Completeness 6. Adaptability 9. Clarity and usefulness 8. Broad-ranging 7. Accuracy 10. Frequency 11. Distribution Effective Risk Data Aggregation and Risk Reporting KPMG:OurApproach–PrincipleClassification KPMG’s approach classifies and groups the 14 principles into 4 core areas: IT Architecture, Data Management Framework, Risk Data Aggregation and Reporting, and Organizational and IT Management. KPMG member firms then follow a modular project model – leveraging our own frameworks and toolkits, in conjunction with bespoke developments and commercial off-the-shelf technology solutions – to enable you to realize your BCBS 239 program objectives. A. Topic area “IT Architecture” A1 Risk data models unified or automatically reconcilable across banking group with unified naming conventions A2 Unified level of detail of data across the group to enable fully flexible reporting A3 Risk and accounting data to be reconciled A4 High degree of automation for risk data aggregation, manual steps as an exception only A5 Strive for single source of risk data per risk type B. Topic area "Data Management Framework" B1 Effective data quality management including automated measurement methods and escalation procedures B2 Broad-ranging data governance for risk data including data owners from business and IT B3 Documentation of reporting and reconciliation processes B4 Automatic and manual quality checks in the reporting process C. Topic area "Risk Reporting" C1 Adaptable and ad-hoc reporting capability with drill-down into various risk dimensions, stress testing C2 Broad-ranging, timely, dependable and adaptable risk reporting capability across all units and all material risks D. Topic area "Organizational and IT Management" D1 Risk reporting and aggregation to be mapped into IT strategy / implementation roadmap D2 Independent validation of standard compliance D3 Business continuity capability for risk reporting
9 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Consistent data taxonomies — Group-wide uniform risk data model or automatically convertible data models — Uniform metadata model — Uniform naming convention — Group-wide cataloguing of utilized data taxonomies and metadata — Design of a uniform risk data glossary and effective data management and if relevant, implementation of a data and metadata management tool Group-wide consistent level of data granularity for flexible adaptability in reporting — Risk data in reporting is often not flexible and capable of being analyzed group-wide in all "relevant" dimensions — Implementation of a central data layer for risk data and review of the effectiveness of existing data warehouse (DWH) solution — Development of applicable “data marts" including professional analysis tools — Improvements of data granularity and timely availability through utilization of high-capacity/In Memory technology Agreement of risk and accounting data — Existing reporting silos make group-wide convertibility and reconciliation between risk and accounting data laborious — Implementation of consistent definitions and methods for the entire bank management — Implementation of a central data layer for anticipated bank data and accordingly review of the effectiveness of existing DWH solution Group-wide high level of automation in risk data aggregation — Broad-ranging automation in risk data aggregation to satisfy demanding time requirements ("rapidly", "intraday" coupled with definitive accuracy) — Aggregation and subsequent processing of multiple types of risk data — Weakness analysis of the existing functions, processes, IT applications and data flows — Derivation and implementation of technical optimization potential in risk data aggregation Single source for risk data for each type of risk — Creation of a ‘Single Point of Truth’ for at least each type of risk is advisable — Design of group-wide DWH (or a respective access layer for risk data) with at least the risk data for each type of risk • Uniform supply of risk function with data • Consistent source of risk data for analysis and reporting — IT-strategy, development and implementation plan A A1 A3 A4 A5 A2 KPMG:ITArchitecture Challenge Approach
10 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Data Quality Controls through the journey of data — Lack of quantitative metrics and KPIs to determine data quality — Automatic measurement of completeness and data quality along the entire process chain — Rectification / escalation of errors using a defined and documented workflow — Group-wide uniform and broad- ranging DQM approach with organizational competence, in contrast to local measures — Meaningful actual analysis of the status of data quality — Establishment of specific data quality (DQ) metrics and KPIs — Underlying data quality metrics with automated tools for the identification and escalation of DQ errors in delivery routes — Identification, prioritization and implementation of urgent measures for improving data quality — Design of a DQM function with establishment of responsibilities and competencies — Adaptive utilization of "KPMG Data Quality Framework“ Challenge Approach Data Governance framework without gaps — Precise data governance with roles and responsibilities frequently not present / defined — Defining roles such as "data owner" for risk data inventories and source data in technical and IT departments — Definition of the governance model for data management with clear roles, responsibilities and communication to the significant parties on the basis of the KPMG blueprint — Strong integration of the management board and senior management via a broad-ranging risk and compliance reporting function Documentation of reporting and reconciliation processes — Multitude of undocumented interventions in the current reporting processes — High manual contribution and overlapping responsibilities and delays in the reporting processes — Analysis of reporting and reconciliation processes in the relevant departments including manual components — Consistent presentation, definition and documentation in the reporting processes — Integration of the reconciliation processes in the broad-ranging DQ Framework Assumption of manual adjustments and lack of quality controls and in the reporting process — No uniform definition, many manual adjustments and limited quality controls in the reporting process — Insufficient data quality for risk reporting and therefore no explicit identification and clarification of discrepancies — A lack of clearly defined and structured data quality tests — Definition and analysis of data quality controls along the process chain to help ensure reporting completeness and consistency — Implementation of plausibility checks of key indicators — Conception and implementation of necessary technical adjustments for the establishment of controls in the reporting processes B1 B2 B3 B4 BKPMG:DataManagementFramework
11 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Simulations and early warning mechanisms in reporting — Possibility for control and monitoring of emerging trends through projections and stress tests — Forward-looking presentations on assessment of risks and support of the disclosures not only on current and historical data — Integration of scenarios for the most important markets and risk parameters and the effects on the bank — Development of early warning indicators and definition of a system of graded thresholds for which measures take effect when the thresholds are reached — Integration of business planning and management processes together with risk levels to obtain assessments and projections — Definition and implementation of scenario analysis, taking into account the institution's risk profile and business model Challenge Approach Possibilities for timely and flexible reporting and analysis — Increasing the frequency in times of crisis in order to identify response in a timely manner — Flexible possibilities for analysis, considered as value added for effective and efficient decision- making — Rotational review of publications´ adequacy in normal and crisis times — Set of measures to accelerate the preparation of reports and define standard processes of the central reporting function and, where appropriate, decentralized deliveries — Build an efficient IT-supported process to recommend measures — Development of suitable data marts including efficient analysis tools Risk Reporting being broad-ranging in its content and qualitatively suitable — Broad-ranging Risk Reporting in content, covering all significant risk drivers and areas within the organization — Orientation of the depth and scope of the risk reporting on the size and complexity of bank operations as well as the risk profile of the organization — Presentation of recommendations for measures and well-balanced relationships between quantitative and qualitative information — Benchmarking of existing reporting contents, processes and IT landscape — Through benchmarking, comparison of regulatory requirements and relevance of steering / suitability — Conception of a reporting framework with group- wide uniformly defined information and transparent presentation for the intended audience — Assuring the flexible handling on an individual basis by harmonizing structures, contents and forms of display — Efficient processes and quality of the databases enable more time for commenting / derivation of measures and contribute to the decision process C C1 C2 C3 KPMG:RiskDataAggregationandReporting
12 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Clear mapping of risk data aggregation in IT strategy and development planning — Consideration of risk data for annual IT development planning; plans for addressing defects in compliance with standards; availability of adequate resources for implementation — Consideration and management of risk data already in IT strategy and strategic decisions — Testing the sustainability of the IT architecture and the IT strategy of risk management systems — Analysis of necessary measures, development of alternative solution scenarios, decision for a roadmap, creation of/allocation to projects — Implementation of IT portfolio management for tracking purposes Challenge Approach Independent validation of compliance of standards — The review of compliance with standards must meet demanding benchmarks — This validation shall be performed independently (and independently from the external auditor) and is intended to examine the compliance with the principles specified in the standard by the bank — Establishment of the organizational unit (e.g. internal audit) or invitations to tender for regular review — Design of a systematic bank specific audit scheme on the basis of the principles 1 – 11 — Documentation of the processes and planned activities of the bank for each audit aspect Incorporation in business continuity management — Frequently, when setting up the Business Continuity Management (BCM) policy or the business impact analysis, the available risk data and risk reporting are not sufficiently tested for risk aspects, or risk grading is inadequate — Review of BCM policy with adequate consideration of risk data provisioning • Has the entire spectrum of risk data provisioning been investigated in the business impact analysis? • Is the assessment of criticality, extent of damages and risk-bearing capacity still appropriate? • Do appropriate continuity strategies and plans for risk data provisioning exist in the event of damage? — If relevant, adjustment of the business impact analysis and the BCM policy of the bank D D1 D2 D3 KPMG:OrganizationalandITManagement
13 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Phase 1 Phase 2 Analysis and Design Long-Term Actions Phase 3 Phase 4 Short- and Medium-Term Actions Monitoring Program Initialization Risk Data Aggregation and Reporting Organizational and Governance Source markets Example2: Collaboration Source markets Example3:Integration Source markets Functionalteams Shared/scarceresource SharedServices/ Outsource Divisional Impactonkeystrategic aims TourOps Airline Retail Online Example1:Sharedservice Integrated,flexible,EuropeanAirline divisionsharingPlanning,Scheduling andMaintenancefunctions Alignedchannelstrategybysource market;commonOTAplatform,content managedlocally Integratedomni-channelapproachwith singleP&Laccountabilityandall- encompassingstrategybysource market;singleOTAplatform;local Retail Ops strategy social media gains leveragescalebenefitsatkey strategicOnline:Sourcemarketseachaccountablefor differentiated properties definedinventory rules strategy Productdifferentiation:Sourcemarketseach Productdifferentiation:Alignedapproach, Productdifferentiation:Group purchasingaccountableforexecutionofdifferentiation utilisingaGrouppurchasingfunctionto functioncoveringallpropertiesintax efficient location Technology:singleintegratedsystem managedincreasingonlinedistributionandaccessing Technology:Integratedsystemswithlocally inoneplacebasedoninputfromsource market Overheads:greatercentralisationof non-Overheads:Standardisationof ‘mid-office’(non- Online:CommonGroup-wideplatformwithlocal customer-facingactivities(e.g. Aviation&customer-facing)activitiestorealiseefficiency contentgenerationandexecutionofchannel Planning) Customer&Brands:Group-wide reviewElementsmayremainlocally-managed suchasCustomerInsight,RetailandAirline Operations,Customer Service Minimum: Management, financialreporting/control,HR policy/Comms,PR/Marketing, Strategy Own &delivercommonbackoffice/non-coreprocessesagainstagreedservicelevelsfortheFunctionalteams(e.g. TransactionalFinance,HR, ITmaintenance ) Greater partnershipbetweenGroup Airlinedivisionsincludingaircraft borrowingandpotentiallyMaintenance outsourcing GroupPurchasingteamandother selected Shared /scarceresourceacrosssourcemarkets(e.g.BusinessIntelligence,Operations Research) Integratedpan-EuropeanTour Operator,combiningProduct,Purchasing, Yield, functionswheretherearegreatestsynergies Aviation,Planningand Inventory Sourcemarketseachownanddeliver allactivities(excludingsharedservice activities)andincludingstrategyand policy Gap-Analysis and Regulatory Alignment IT Architecture Data Management Framework Quick scan/ Tool- supported gap analysis Review and alignment of ongoing projects/ initiatives ProjectInitialization 2-3 months (Special)AuditRegulatorSupervision Roadmap Realization Operating Model Re-alignment Regulatory Management Stress Testing A: IT Infrastructure On- going B. Data Management Framework 12 months C. Risk Data Aggregation and Reporting 6-12 months D. Organizational and IT Management 6-9 months 1 2 3 4 5 6 1 3 4 2 5 6 Data Strategy Realization Scalable Data Architecture KPMG:AModularProjectApproach
14 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. KPMG:ServiceOffering–fromA-Z The KPMG Difference Through working with KPMG member firms and leveraging our experience and breadth, banks can have a guide through their BCBS 239 journey. The lifecycle framework enables KPMG to draw together multi-disciplinary teams, leading practices, methodologies, insights and project delivery tools in order to help member firm clients achieve transformation. KPMG: Advisors of Choice KPMG member firms use a lifecycle framework to help banks comply with the Principles of BCBS 239. Through a multi-step approach, KPMG can identify, design, implement and support banks with their RDARR services. The approach is designed to engage stakeholders to customize RDARR requirements to their business needs and continuously adapt to changes in the business environment. Portfolio, program and project management Establishing an integrated delivery program and governance model to manage the ongoing transformation through effective Portfolio, Program and Project Management. Leadership and change Helping the business to achieve tangible and concrete business results by getting people ready, willing and able to deliver sustainable change at all levels of the organization Value delivery Defining and tracking how tangible value is built and sustained through transformation, with an ongoing focus on the delivery of outcomes and benefits realization Bracing for Change This paper aims to emphasize that BCBS 239 will have very real implications for banks; indeed the regulation ushers in not just a technology but a business change. Although adapting to the Principles will likely require substantial investment and time, successfully aligning to them will strengthen the footing of banks over the long-term. Incorporating positive change and technological upgrades will not only tick the regulator box, it will help banks and senior management make timely, sustainable and better-informed decisions. Strategy Defining the strategy, including the overarching ambition/goal and business operating model — Strategic and Financial Ambition — Business Model Strategy — Operating Model Strategy High-level design Defining how the operating model needs to be reconfigured to deliver the vision, strategy and value. Determining a course of action to implement the new ways of working — Enterprise-wide future technology and operations architecture — Target operating model for execution — Roadmap definition Detailed design Capturing the detailed requirements and defining the solution design that will deliver the target operating model — Requirements Management — Solution Design Build Developing, prototyping and testing the changes according to the Solution Design — Develop — Test Implement Deploying the changes and new ways of working into the business — Deployment — Release Management Improve Extracting the value from the transformation, maintaining the value created, and assisting the post- transformation organization to continue to improve performance incrementally — Transition to Steady State — Continuous Improvement
15 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. OurCapabilitiesandTools Transformation KPMG member firms are able to support you through your journey using frameworks, tried and tested toolkits and bespoke technology solutions. We assist clients in the implementation of our advice and support implementations; we walk the talk! Source This proprietary toolkit combines a deep knowledge base across KPMG’s global network as it brings together complex program management, reference models, best practices and client collaboration tools. Governance, Risk and Compliance (GRC) Model This framework provides an integrated approach for developing and establishing a successful and sustainable GRC framework. Regulatory Centers of Excellence KPMG member firms’ presence at the forefront of regulations affecting client’s businesses helps to reinforce our relevance and expertise. We can provide both local and global regulatory support through local member firms and regional centers of regulatory excellence. ThoughtLeadership The Convergence Evolution – Global survey into the integration of governance, risk and compliance Optimizing data management strategies to minimize the potential cost for IT, legal and compliance functions Transforming the Regulatory Agenda: A strategic opportunity for the financial services industry The New Inconvenient Truth – Social Media: Too big for wealth managers to ignore? OtherFoodForThought February 2016 Our ‘next generation’ insights, methods and tools to enable business transformations July 2014 Discussion around megatrends and their impact on the Financial Service industry, focusing ongovernance, risk and compliance. July 2015 In this thought leadership paper, KPMG focuses on key areas where data management can be more optimally managed across the organization July 2015 The first in a series of reports from US FS Regulatory Risk Advisory, and our Americas FS Regulatory CoE, looking at the importance of implementing a change management framework that centralizes and synthesizes current and future regulatory demands. July 2015 As social media is becoming ubiquitous to the financial service industry, clients must take notice of the profound changes that social media will have on their business environment. KPMG:Toolkits,FrameworksandThoughtLeadership
kpmg.com/socialmedia kpmg.com/app Craig Davis Partner ASPAC Head of Financial Risk Management T: +65 6411 8533 E: craigdavis1@kpmg.com.sg Nick Barlow Director KPMG in Singapore T: +65 6411 8433 E: nbarlow1@kpmg.com.sg Nanda Thiruvengadam Associate Director KPMG in Singapore T: +65 6411 8212 E: nandathiruvengadam@kpmg.com.sg The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis- à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. Printed in Singapore. The KPMG name and logo are registered trademarks or trademarks of KPMG International Cooperative (“KPMG International”).

Recommended

Implementing bcbs 239 rdarr
Implementing bcbs 239 rdarrImplementing bcbs 239 rdarr
Implementing bcbs 239 rdarrmzahidgill
 
160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functionsDr. Marc D. Grüter
 
Overview of BCBS 239
Overview of BCBS 239Overview of BCBS 239
Overview of BCBS 239Lewis Adams
 
BCBS 239 risk data aggregation reporting_Feb15_PRINT
BCBS 239 risk data aggregation reporting_Feb15_PRINTBCBS 239 risk data aggregation reporting_Feb15_PRINT
BCBS 239 risk data aggregation reporting_Feb15_PRINTRichard Powell, Business Transformation
 
BCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data AdequacyBCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data Adequacynikatmalik
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Audit process presentation
Audit process presentationAudit process presentation
Audit process presentationMostafa Kamal
 
Risk culture flow chart
Risk culture flow chartRisk culture flow chart
Risk culture flow chartJohn P Dawson
 

Recommended

Implementing bcbs 239 rdarr
Implementing bcbs 239 rdarrImplementing bcbs 239 rdarr
Implementing bcbs 239 rdarrmzahidgill
 
160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functionsDr. Marc D. Grüter
 
Overview of BCBS 239
Overview of BCBS 239Overview of BCBS 239
Overview of BCBS 239Lewis Adams
 
BCBS 239 risk data aggregation reporting_Feb15_PRINT
BCBS 239 risk data aggregation reporting_Feb15_PRINTBCBS 239 risk data aggregation reporting_Feb15_PRINT
BCBS 239 risk data aggregation reporting_Feb15_PRINTRichard Powell, Business Transformation
 
BCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data AdequacyBCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data Adequacynikatmalik
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Audit process presentation
Audit process presentationAudit process presentation
Audit process presentationMostafa Kamal
 
Risk culture flow chart
Risk culture flow chartRisk culture flow chart
Risk culture flow chartJohn P Dawson
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
TOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptxTOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptxSabrinaLameiras1
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Frameworkssuser6ea258
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Iijhsiddiqi2003
 
A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...McKinsey & Company
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Bringing Business Agility to FP&A
Bringing Business Agility to FP&ABringing Business Agility to FP&A
Bringing Business Agility to FP&AWorkday, Inc.
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017Eduardo Poggi
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
DMBOK and Data Governance
DMBOK and Data GovernanceDMBOK and Data Governance
DMBOK and Data GovernancePeter Vennel PMP,SCEA,CBIP,CDMP
 
Developing & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance FrameworkDeveloping & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance FrameworkKannan Subbiah
 
ModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkGreg Soulsby
 
Contegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent LatexContegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent LatexContego International Inc
 

More Related Content

What's hot

Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
TOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptxTOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptxSabrinaLameiras1
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Frameworkssuser6ea258
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Iijhsiddiqi2003
 
A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...McKinsey & Company
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Bringing Business Agility to FP&A
Bringing Business Agility to FP&ABringing Business Agility to FP&A
Bringing Business Agility to FP&AWorkday, Inc.
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017Eduardo Poggi
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Developing & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance FrameworkDeveloping & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance FrameworkKannan Subbiah
 

What's hot (20)

Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
 
TOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptxTOP_407070357-Data-Governance-Playbook.pptx
TOP_407070357-Data-Governance-Playbook.pptx
 
COSO ERM Framework
COSO ERM FrameworkCOSO ERM Framework
COSO ERM Framework
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Ii
 
A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...A step-by-step overview of a typical cybersecurity attack—and how companies c...
A step-by-step overview of a typical cybersecurity attack—and how companies c...
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
Bringing Business Agility to FP&A
Bringing Business Agility to FP&ABringing Business Agility to FP&A
Bringing Business Agility to FP&A
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017ISO 31000:2018 vs COSO ERM:2017
ISO 31000:2018 vs COSO ERM:2017
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
DMBOK and Data Governance
DMBOK and Data GovernanceDMBOK and Data Governance
DMBOK and Data Governance
 
Developing & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance FrameworkDeveloping & Deploying Effective Data Governance Framework
Developing & Deploying Effective Data Governance Framework
 

Viewers also liked

ModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkGreg Soulsby
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Rebecca1243
 
Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Craig Milroy
 
Second line of defense - advantages and set up
Second line of defense - advantages and set up Second line of defense - advantages and set up
Second line of defense - advantages and set up Jim McClanahan
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...rahmatmoelyana
 
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...Craig Milroy
 
BCBS 239 - Data Vault hilft
BCBS 239 - Data Vault hilftBCBS 239 - Data Vault hilft
BCBS 239 - Data Vault hilftTorsten Glunde
 

Viewers also liked (10)

ModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management framework
 
Contegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent LatexContegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent Latex
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
 
Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239
 
Second line of defense - advantages and set up
Second line of defense - advantages and set up Second line of defense - advantages and set up
Second line of defense - advantages and set up
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
 
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
 
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...
Chief Data Architect or Chief Data Officer: Connecting the Enterprise Data Ec...
 
BCBS 239 - Data Vault hilft
BCBS 239 - Data Vault hilftBCBS 239 - Data Vault hilft
BCBS 239 - Data Vault hilft
 
Bcbs 239 v4 30 oct
Bcbs 239 v4 30 octBcbs 239 v4 30 oct
Bcbs 239 v4 30 oct
 

Similar to KPMG - BCBS239_Bracing for Change

BCBS 239 Compliance: A Comprehensive Approach
BCBS 239 Compliance: A Comprehensive ApproachBCBS 239 Compliance: A Comprehensive Approach
BCBS 239 Compliance: A Comprehensive ApproachCognizant
 
BCBS239 the behemoth lumbers on
BCBS239 the behemoth lumbers onBCBS239 the behemoth lumbers on
BCBS239 the behemoth lumbers onRodney Dennis
 
A Review of BCBS 239: Helping banks stay compliant
A Review of BCBS 239: Helping banks stay compliantA Review of BCBS 239: Helping banks stay compliant
A Review of BCBS 239: Helping banks stay compliantHEXANIKA
 
Risk Data Aggregation Risk Reporting
Risk Data Aggregation Risk ReportingRisk Data Aggregation Risk Reporting
Risk Data Aggregation Risk ReportingShelly Biggs
 
dt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lodt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216loMark Micallef
 
Cognizant_Introduction to management consulting in Switzerland
Cognizant_Introduction to management consulting in SwitzerlandCognizant_Introduction to management consulting in Switzerland
Cognizant_Introduction to management consulting in Switzerlandaudrey miguel
 
Quantifi newsletter Insight spring 2017
Quantifi newsletter Insight spring 2017Quantifi newsletter Insight spring 2017
Quantifi newsletter Insight spring 2017Quantifi
 
SAP HANA for Capital Markets Risk Management
SAP HANA for Capital Markets Risk ManagementSAP HANA for Capital Markets Risk Management
SAP HANA for Capital Markets Risk ManagementMartin Tenk
 
A Guide for Credit Providers Moving to Participate in CCR by David Grafton
A Guide for Credit Providers Moving to Participate in CCR by David GraftonA Guide for Credit Providers Moving to Participate in CCR by David Grafton
A Guide for Credit Providers Moving to Participate in CCR by David GraftonDavid Grafton
 
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Jacob Kosoff
 
IFRS9 white paper - Credit Today and HML
IFRS9 white paper - Credit Today and HMLIFRS9 white paper - Credit Today and HML
IFRS9 white paper - Credit Today and HMLHML Ltd
 
Finacle Asset Liability Management
Finacle Asset Liability ManagementFinacle Asset Liability Management
Finacle Asset Liability Managementnehapaul23
 
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...Jacob Kosoff
 
Impact of Recent Supervisory Guidance on Capital Planning
Impact of Recent Supervisory Guidance on Capital PlanningImpact of Recent Supervisory Guidance on Capital Planning
Impact of Recent Supervisory Guidance on Capital PlanningJacob Kosoff
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Karl Meekings
 
2008 pfi brave new world of ppps
2008 pfi brave new world of ppps2008 pfi brave new world of ppps
2008 pfi brave new world of pppsRickard Wärnelid
 
Capital markets: The impact of business process operations improvements
Capital markets: The impact of business process operations improvementsCapital markets: The impact of business process operations improvements
Capital markets: The impact of business process operations improvementsGenpact Ltd
 

Similar to KPMG - BCBS239_Bracing for Change (20)

BCBS 239 Compliance: A Comprehensive Approach
BCBS 239 Compliance: A Comprehensive ApproachBCBS 239 Compliance: A Comprehensive Approach
BCBS 239 Compliance: A Comprehensive Approach
 
BCBS239 the behemoth lumbers on
BCBS239 the behemoth lumbers onBCBS239 the behemoth lumbers on
BCBS239 the behemoth lumbers on
 
A Review of BCBS 239: Helping banks stay compliant
A Review of BCBS 239: Helping banks stay compliantA Review of BCBS 239: Helping banks stay compliant
A Review of BCBS 239: Helping banks stay compliant
 
Risk Data Aggregation Risk Reporting
Risk Data Aggregation Risk ReportingRisk Data Aggregation Risk Reporting
Risk Data Aggregation Risk Reporting
 
dt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lodt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lo
 
BCBS 239 The hidden game changer
BCBS 239 The hidden game changerBCBS 239 The hidden game changer
BCBS 239 The hidden game changer
 
Cognizant_Introduction to management consulting in Switzerland
Cognizant_Introduction to management consulting in SwitzerlandCognizant_Introduction to management consulting in Switzerland
Cognizant_Introduction to management consulting in Switzerland
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike Gowlett
 
Quantifi newsletter Insight spring 2017
Quantifi newsletter Insight spring 2017Quantifi newsletter Insight spring 2017
Quantifi newsletter Insight spring 2017
 
BCBS 239
BCBS 239BCBS 239
BCBS 239
 
SAP HANA for Capital Markets Risk Management
SAP HANA for Capital Markets Risk ManagementSAP HANA for Capital Markets Risk Management
SAP HANA for Capital Markets Risk Management
 
A Guide for Credit Providers Moving to Participate in CCR by David Grafton
A Guide for Credit Providers Moving to Participate in CCR by David GraftonA Guide for Credit Providers Moving to Participate in CCR by David Grafton
A Guide for Credit Providers Moving to Participate in CCR by David Grafton
 
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Tra...
 
IFRS9 white paper - Credit Today and HML
IFRS9 white paper - Credit Today and HMLIFRS9 white paper - Credit Today and HML
IFRS9 white paper - Credit Today and HML
 
Finacle Asset Liability Management
Finacle Asset Liability ManagementFinacle Asset Liability Management
Finacle Asset Liability Management
 
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...
The Impact of Recent Supervisory Guidance on Capital Planning by Kosoff and B...
 
Impact of Recent Supervisory Guidance on Capital Planning
Impact of Recent Supervisory Guidance on Capital PlanningImpact of Recent Supervisory Guidance on Capital Planning
Impact of Recent Supervisory Guidance on Capital Planning
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
 
2008 pfi brave new world of ppps
2008 pfi brave new world of ppps2008 pfi brave new world of ppps
2008 pfi brave new world of ppps
 
Capital markets: The impact of business process operations improvements
Capital markets: The impact of business process operations improvementsCapital markets: The impact of business process operations improvements
Capital markets: The impact of business process operations improvements
 

KPMG - BCBS239_Bracing for Change

  • 1. BCBS 239 BCBS 239: Bracing for Change and Capturing the Opportunity
  • 2. 2 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
  • 3.
  • 4. 4 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. CoreReform:UnderstandingBCBS239 “The requirements of BCBS 239 present an opportunity for financial institutions to look beyond basic compliance and unlock strategic value across the organization” Craig Davis, Partner, KPMG in Singapore One core regulatory initiative that aims to give greater transparency to the risk picture, yet has kept a low profile in Asia Pacific (APAC), is the Basel Committee on Banking Supervision (BCBS) document, “BCBS 239 – Principles for effective risk data aggregation and risk reporting (RDARR).” Representing the first time regulators have mandated technology-driven regulation, BCBS 239 is a result of the work spearheaded by the Basel Committee and the Financial Stability Board (FSB) to provide guidance to enhance banks’ ability to identify and manage bank-wide risks. Crucially, the principles seek to elevate data aggregation capabilities to a level where supervisors, firms and other users (for instance, resolution authorities) of the data, are confident that the reports accurately capture risks in the time of a crisis. As a result, existing gaps in RDARR can hopefully be closed. First issued by the BCBS in January 2013, the principles structured rulebook has very real and wide-ranging impacts for banks operating globally and in APAC. BCBS 239 pertains not only to the short-list of Global Systemically Important Banks (G-SIBs) but, as outlined in the report, “It is strongly suggested that national supervisors also apply these Principles to banks identified as Domestic Systemically Important Banks (D-SIBs),” as in the case of MAS in Singapore.
  • 5. 5 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. BCBS239–WhatTriggeredIt? In 2008, the G20 committed to fundamental reform of the global financial system, with the intention to stymie a repeat of the global financial crisis (GFC). As risk management became the main tool to combat vagaries causing financial volatility and systemic turmoil, multilateral bodies and international regulators cooperated through extensive dialogue to enhance the robustness of risk management processes. As the GFC highlighted, the banks’ incapacity to understand quickly and accurately their overall exposures and other key risk metrics influencing central decisions of the bank, represented a fundamental weakness and gap within the financial system. Without such competences, executive management cannot obtain an accurate and in-depth picture of the risks the bank faces. Without targeting such risk opaqueness, banks and subsequently the global financial system are exposed to acute uncertainty. Other Root Causes Prompting Basel Committee on Banking Supervision (BCBS) 239 Include: Immature Data Processes — GFC showed insufficient investment in data and Infrastructure — Data processes could not influence critical decision- making, especially so in systemic crisis situations Risk and Data Aggregation — No single source of truth — Manual processes Management Blindspot — Boards/Senior management not questioning veracity — Incoherent risk appetite policy — Data lifecycle escaping scrutiny Silo Mentality of Responsibility — Non-vertical ownership — Enforced through policy/politics, and unwilling to change — Business/IT perspective generate sub-optimal outcomes Bad Models or Bad Data — Poor models are usually an indication of poor data — Inadequate model performance – RWA divergences — Mistrust of risk models at the highest levels of management The 80% – 20% Problem — Not perceived as a problem but the cost of doing business — A lack of motivation internally to change despite models underperforming — Standard practice and technology no longer suitable Data Not Valued — What is the value locked in risk data itself? — Capital optimization?
  • 6. 6 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. ProposedTimeline:Demanding The banks, particularly Systemically Important Banks (SIBs), face an aggressive timeline (Figure 1) to comply with Basel Committee on Banking Supervision (BCBS) 239. For instance, G-SIBs have until early 2016 to implement the principles in full. At the discretion of local regulators, D-SIBs may also be required to adhere to these principles within three years after they are designated as D-SIBs. The timeline challenge is further compounded by “simultaneous adoption” or the need to apply the principles on a consistent basis across a group. The deadline for IT implementation falls within deadlines for other regulations, making significant demands on existing bank resources. ImplicationsofComplianceFailure There are numerous consequences if banks fail to comply with the principles and if data and infrastructure platforms are not revamped to align with the impending BCBS 239 regulation. —Regulatory Penalties and Increased Capital Charges: Supervisory tools ranging from information-gathering powers to the enforcement of penalties and capital add-ons if regulated G-SIBs or D-SIBs fail to comply with the Principles. —Regulatory and Reputational Risk: Aside from possible specific supervisory measures against banks that don’t get it right, deficiencies reported in early assessments of BCBS 239 often figure in “break-up-the- banks” arguments. —Loss of Competitive Advantage: Enhanced risk and finance data and technology platforms should become – and for many financial institutions are becoming – a core part of business’ strategic decision making. Acting on the principles embedded in BCBS 239 will help banks upgrade RDARR, bringing improved insight and risk management processes to companies. Figure 1: Timeline Implementation 01/2013 2014 04/2015 01/2016 2017 Start of preliminary studies CompliantStart of preliminary studies 04/2018 Compliant G-SIB – Global D-SIB – Singapore Source: KPMG in Singapore
  • 7. 7 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. BCBS239Compliance:TriggeringValue Although the principles-based framework does have downsides, the ability for banks to interpret and construct bespoke approaches to strengthen their RDARR can be viewed as a great opportunity. Banks have the flexibility to interpret BCBS 239 with strategic scope and creativity, and set the tone for their own regulatory agenda. Data becomes a tool to compete and a virtuous cycle occurs – risk data continuously informs strategy. Strategy and informed decision making is driven by confidence in the Information. Banks can now think about monetizing the information advantage in their possession. Time to market shortens and data becomes cheaper, faster, better and safer. Ensuring you have a complete understanding of all data across the organization provides a platform to better understand your potential risks at any point in time. Greater value is derived from stress-testing ‒ data becomes an asset ‒ powerful and dependable, automated, less arduous and free of error ‒ providing senior management and the board with confidence in strategy and decision making. Having the power to analyze all touch-points between the bank and your client provides insight on potential future behavior, allowing more targeted cross-sell opportunities whilst early warning indicators can help to prevent risk before it occurs. Increased transparency minimizes risk Blind Spots. It also provides banks with a detailed understanding of all the touch- points across their business units, enabling management to understand business process inefficiencies, technology consumption, and ultimately the true cost-measurement of running the business. Better models can potentially result in lower capital, provide greater confidence in quantitative analysis and drive more efficient usage of external data and optimized internal collection. Banks become agile in their use of capital whilst identifying opportunities to unlock hidden value across the organization, for example within their collateral inventories. Utilizing pay-as-you-use storage and processing power, such as the cloud, for data storage and on- demand analytics lowers capital expenditure and technology investment. It also allows for decoupling of interdependencies, drives technology rationalization resulting in a leaner and simplified architecture. The vertical ownership of Risk Data from all stakeholders and business originators through reporting, modelling and capital estimation will drive teamwork, foster integration and ensure that all outcomes are jointly owned. Effective program management – across Basel IV, margin reform for uncleared OTC derivatives, IRRBB, SA-CCR and BCBS 239 – can drive maximum economic value by identifying commonalities between regulatory work streams. Setting the tone – Taking regulation beyond box-ticking to a Strategic Enabler Data strategy and driving continuous value Empowering Senior Management Know your client inside out An opportunity to deploy cost-effective technology and simplify the technology footprint Transparency and Granularity across the organization Organizational Culture Transformation More Risk Sensitive Models More effective Regulatory Compliance
  • 8. 8 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. 14. Home/host cooperation 13. Remedial actions and supervisory measures 12. Review 1. Governance 2. Data architecture and IT infrastructure 5. Timeliness 3. Accuracy and integrity 4. Completeness 6. Adaptability 9. Clarity and usefulness 8. Broad-ranging 7. Accuracy 10. Frequency 11. Distribution Effective Risk Data Aggregation and Risk Reporting KPMG:OurApproach–PrincipleClassification KPMG’s approach classifies and groups the 14 principles into 4 core areas: IT Architecture, Data Management Framework, Risk Data Aggregation and Reporting, and Organizational and IT Management. KPMG member firms then follow a modular project model – leveraging our own frameworks and toolkits, in conjunction with bespoke developments and commercial off-the-shelf technology solutions – to enable you to realize your BCBS 239 program objectives. A. Topic area “IT Architecture” A1 Risk data models unified or automatically reconcilable across banking group with unified naming conventions A2 Unified level of detail of data across the group to enable fully flexible reporting A3 Risk and accounting data to be reconciled A4 High degree of automation for risk data aggregation, manual steps as an exception only A5 Strive for single source of risk data per risk type B. Topic area "Data Management Framework" B1 Effective data quality management including automated measurement methods and escalation procedures B2 Broad-ranging data governance for risk data including data owners from business and IT B3 Documentation of reporting and reconciliation processes B4 Automatic and manual quality checks in the reporting process C. Topic area "Risk Reporting" C1 Adaptable and ad-hoc reporting capability with drill-down into various risk dimensions, stress testing C2 Broad-ranging, timely, dependable and adaptable risk reporting capability across all units and all material risks D. Topic area "Organizational and IT Management" D1 Risk reporting and aggregation to be mapped into IT strategy / implementation roadmap D2 Independent validation of standard compliance D3 Business continuity capability for risk reporting
  • 9. 9 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Consistent data taxonomies — Group-wide uniform risk data model or automatically convertible data models — Uniform metadata model — Uniform naming convention — Group-wide cataloguing of utilized data taxonomies and metadata — Design of a uniform risk data glossary and effective data management and if relevant, implementation of a data and metadata management tool Group-wide consistent level of data granularity for flexible adaptability in reporting — Risk data in reporting is often not flexible and capable of being analyzed group-wide in all "relevant" dimensions — Implementation of a central data layer for risk data and review of the effectiveness of existing data warehouse (DWH) solution — Development of applicable “data marts" including professional analysis tools — Improvements of data granularity and timely availability through utilization of high-capacity/In Memory technology Agreement of risk and accounting data — Existing reporting silos make group-wide convertibility and reconciliation between risk and accounting data laborious — Implementation of consistent definitions and methods for the entire bank management — Implementation of a central data layer for anticipated bank data and accordingly review of the effectiveness of existing DWH solution Group-wide high level of automation in risk data aggregation — Broad-ranging automation in risk data aggregation to satisfy demanding time requirements ("rapidly", "intraday" coupled with definitive accuracy) — Aggregation and subsequent processing of multiple types of risk data — Weakness analysis of the existing functions, processes, IT applications and data flows — Derivation and implementation of technical optimization potential in risk data aggregation Single source for risk data for each type of risk — Creation of a ‘Single Point of Truth’ for at least each type of risk is advisable — Design of group-wide DWH (or a respective access layer for risk data) with at least the risk data for each type of risk • Uniform supply of risk function with data • Consistent source of risk data for analysis and reporting — IT-strategy, development and implementation plan A A1 A3 A4 A5 A2 KPMG:ITArchitecture Challenge Approach
  • 10. 10 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Data Quality Controls through the journey of data — Lack of quantitative metrics and KPIs to determine data quality — Automatic measurement of completeness and data quality along the entire process chain — Rectification / escalation of errors using a defined and documented workflow — Group-wide uniform and broad- ranging DQM approach with organizational competence, in contrast to local measures — Meaningful actual analysis of the status of data quality — Establishment of specific data quality (DQ) metrics and KPIs — Underlying data quality metrics with automated tools for the identification and escalation of DQ errors in delivery routes — Identification, prioritization and implementation of urgent measures for improving data quality — Design of a DQM function with establishment of responsibilities and competencies — Adaptive utilization of "KPMG Data Quality Framework“ Challenge Approach Data Governance framework without gaps — Precise data governance with roles and responsibilities frequently not present / defined — Defining roles such as "data owner" for risk data inventories and source data in technical and IT departments — Definition of the governance model for data management with clear roles, responsibilities and communication to the significant parties on the basis of the KPMG blueprint — Strong integration of the management board and senior management via a broad-ranging risk and compliance reporting function Documentation of reporting and reconciliation processes — Multitude of undocumented interventions in the current reporting processes — High manual contribution and overlapping responsibilities and delays in the reporting processes — Analysis of reporting and reconciliation processes in the relevant departments including manual components — Consistent presentation, definition and documentation in the reporting processes — Integration of the reconciliation processes in the broad-ranging DQ Framework Assumption of manual adjustments and lack of quality controls and in the reporting process — No uniform definition, many manual adjustments and limited quality controls in the reporting process — Insufficient data quality for risk reporting and therefore no explicit identification and clarification of discrepancies — A lack of clearly defined and structured data quality tests — Definition and analysis of data quality controls along the process chain to help ensure reporting completeness and consistency — Implementation of plausibility checks of key indicators — Conception and implementation of necessary technical adjustments for the establishment of controls in the reporting processes B1 B2 B3 B4 BKPMG:DataManagementFramework
  • 11. 11 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Simulations and early warning mechanisms in reporting — Possibility for control and monitoring of emerging trends through projections and stress tests — Forward-looking presentations on assessment of risks and support of the disclosures not only on current and historical data — Integration of scenarios for the most important markets and risk parameters and the effects on the bank — Development of early warning indicators and definition of a system of graded thresholds for which measures take effect when the thresholds are reached — Integration of business planning and management processes together with risk levels to obtain assessments and projections — Definition and implementation of scenario analysis, taking into account the institution's risk profile and business model Challenge Approach Possibilities for timely and flexible reporting and analysis — Increasing the frequency in times of crisis in order to identify response in a timely manner — Flexible possibilities for analysis, considered as value added for effective and efficient decision- making — Rotational review of publications´ adequacy in normal and crisis times — Set of measures to accelerate the preparation of reports and define standard processes of the central reporting function and, where appropriate, decentralized deliveries — Build an efficient IT-supported process to recommend measures — Development of suitable data marts including efficient analysis tools Risk Reporting being broad-ranging in its content and qualitatively suitable — Broad-ranging Risk Reporting in content, covering all significant risk drivers and areas within the organization — Orientation of the depth and scope of the risk reporting on the size and complexity of bank operations as well as the risk profile of the organization — Presentation of recommendations for measures and well-balanced relationships between quantitative and qualitative information — Benchmarking of existing reporting contents, processes and IT landscape — Through benchmarking, comparison of regulatory requirements and relevance of steering / suitability — Conception of a reporting framework with group- wide uniformly defined information and transparent presentation for the intended audience — Assuring the flexible handling on an individual basis by harmonizing structures, contents and forms of display — Efficient processes and quality of the databases enable more time for commenting / derivation of measures and contribute to the decision process C C1 C2 C3 KPMG:RiskDataAggregationandReporting
  • 12. 12 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Clear mapping of risk data aggregation in IT strategy and development planning — Consideration of risk data for annual IT development planning; plans for addressing defects in compliance with standards; availability of adequate resources for implementation — Consideration and management of risk data already in IT strategy and strategic decisions — Testing the sustainability of the IT architecture and the IT strategy of risk management systems — Analysis of necessary measures, development of alternative solution scenarios, decision for a roadmap, creation of/allocation to projects — Implementation of IT portfolio management for tracking purposes Challenge Approach Independent validation of compliance of standards — The review of compliance with standards must meet demanding benchmarks — This validation shall be performed independently (and independently from the external auditor) and is intended to examine the compliance with the principles specified in the standard by the bank — Establishment of the organizational unit (e.g. internal audit) or invitations to tender for regular review — Design of a systematic bank specific audit scheme on the basis of the principles 1 – 11 — Documentation of the processes and planned activities of the bank for each audit aspect Incorporation in business continuity management — Frequently, when setting up the Business Continuity Management (BCM) policy or the business impact analysis, the available risk data and risk reporting are not sufficiently tested for risk aspects, or risk grading is inadequate — Review of BCM policy with adequate consideration of risk data provisioning • Has the entire spectrum of risk data provisioning been investigated in the business impact analysis? • Is the assessment of criticality, extent of damages and risk-bearing capacity still appropriate? • Do appropriate continuity strategies and plans for risk data provisioning exist in the event of damage? — If relevant, adjustment of the business impact analysis and the BCM policy of the bank D D1 D2 D3 KPMG:OrganizationalandITManagement
  • 13. 13 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. Phase 1 Phase 2 Analysis and Design Long-Term Actions Phase 3 Phase 4 Short- and Medium-Term Actions Monitoring Program Initialization Risk Data Aggregation and Reporting Organizational and Governance Source markets Example2: Collaboration Source markets Example3:Integration Source markets Functionalteams Shared/scarceresource SharedServices/ Outsource Divisional Impactonkeystrategic aims TourOps Airline Retail Online Example1:Sharedservice Integrated,flexible,EuropeanAirline divisionsharingPlanning,Scheduling andMaintenancefunctions Alignedchannelstrategybysource market;commonOTAplatform,content managedlocally Integratedomni-channelapproachwith singleP&Laccountabilityandall- encompassingstrategybysource market;singleOTAplatform;local Retail Ops strategy social media gains leveragescalebenefitsatkey strategicOnline:Sourcemarketseachaccountablefor differentiated properties definedinventory rules strategy Productdifferentiation:Sourcemarketseach Productdifferentiation:Alignedapproach, Productdifferentiation:Group purchasingaccountableforexecutionofdifferentiation utilisingaGrouppurchasingfunctionto functioncoveringallpropertiesintax efficient location Technology:singleintegratedsystem managedincreasingonlinedistributionandaccessing Technology:Integratedsystemswithlocally inoneplacebasedoninputfromsource market Overheads:greatercentralisationof non-Overheads:Standardisationof ‘mid-office’(non- Online:CommonGroup-wideplatformwithlocal customer-facingactivities(e.g. Aviation&customer-facing)activitiestorealiseefficiency contentgenerationandexecutionofchannel Planning) Customer&Brands:Group-wide reviewElementsmayremainlocally-managed suchasCustomerInsight,RetailandAirline Operations,Customer Service Minimum: Management, financialreporting/control,HR policy/Comms,PR/Marketing, Strategy Own &delivercommonbackoffice/non-coreprocessesagainstagreedservicelevelsfortheFunctionalteams(e.g. TransactionalFinance,HR, ITmaintenance ) Greater partnershipbetweenGroup Airlinedivisionsincludingaircraft borrowingandpotentiallyMaintenance outsourcing GroupPurchasingteamandother selected Shared /scarceresourceacrosssourcemarkets(e.g.BusinessIntelligence,Operations Research) Integratedpan-EuropeanTour Operator,combiningProduct,Purchasing, Yield, functionswheretherearegreatestsynergies Aviation,Planningand Inventory Sourcemarketseachownanddeliver allactivities(excludingsharedservice activities)andincludingstrategyand policy Gap-Analysis and Regulatory Alignment IT Architecture Data Management Framework Quick scan/ Tool- supported gap analysis Review and alignment of ongoing projects/ initiatives ProjectInitialization 2-3 months (Special)AuditRegulatorSupervision Roadmap Realization Operating Model Re-alignment Regulatory Management Stress Testing A: IT Infrastructure On- going B. Data Management Framework 12 months C. Risk Data Aggregation and Reporting 6-12 months D. Organizational and IT Management 6-9 months 1 2 3 4 5 6 1 3 4 2 5 6 Data Strategy Realization Scalable Data Architecture KPMG:AModularProjectApproach
  • 14. 14 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. KPMG:ServiceOffering–fromA-Z The KPMG Difference Through working with KPMG member firms and leveraging our experience and breadth, banks can have a guide through their BCBS 239 journey. The lifecycle framework enables KPMG to draw together multi-disciplinary teams, leading practices, methodologies, insights and project delivery tools in order to help member firm clients achieve transformation. KPMG: Advisors of Choice KPMG member firms use a lifecycle framework to help banks comply with the Principles of BCBS 239. Through a multi-step approach, KPMG can identify, design, implement and support banks with their RDARR services. The approach is designed to engage stakeholders to customize RDARR requirements to their business needs and continuously adapt to changes in the business environment. Portfolio, program and project management Establishing an integrated delivery program and governance model to manage the ongoing transformation through effective Portfolio, Program and Project Management. Leadership and change Helping the business to achieve tangible and concrete business results by getting people ready, willing and able to deliver sustainable change at all levels of the organization Value delivery Defining and tracking how tangible value is built and sustained through transformation, with an ongoing focus on the delivery of outcomes and benefits realization Bracing for Change This paper aims to emphasize that BCBS 239 will have very real implications for banks; indeed the regulation ushers in not just a technology but a business change. Although adapting to the Principles will likely require substantial investment and time, successfully aligning to them will strengthen the footing of banks over the long-term. Incorporating positive change and technological upgrades will not only tick the regulator box, it will help banks and senior management make timely, sustainable and better-informed decisions. Strategy Defining the strategy, including the overarching ambition/goal and business operating model — Strategic and Financial Ambition — Business Model Strategy — Operating Model Strategy High-level design Defining how the operating model needs to be reconfigured to deliver the vision, strategy and value. Determining a course of action to implement the new ways of working — Enterprise-wide future technology and operations architecture — Target operating model for execution — Roadmap definition Detailed design Capturing the detailed requirements and defining the solution design that will deliver the target operating model — Requirements Management — Solution Design Build Developing, prototyping and testing the changes according to the Solution Design — Develop — Test Implement Deploying the changes and new ways of working into the business — Deployment — Release Management Improve Extracting the value from the transformation, maintaining the value created, and assisting the post- transformation organization to continue to improve performance incrementally — Transition to Steady State — Continuous Improvement
  • 15. 15 © 2016 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated. OurCapabilitiesandTools Transformation KPMG member firms are able to support you through your journey using frameworks, tried and tested toolkits and bespoke technology solutions. We assist clients in the implementation of our advice and support implementations; we walk the talk! Source This proprietary toolkit combines a deep knowledge base across KPMG’s global network as it brings together complex program management, reference models, best practices and client collaboration tools. Governance, Risk and Compliance (GRC) Model This framework provides an integrated approach for developing and establishing a successful and sustainable GRC framework. Regulatory Centers of Excellence KPMG member firms’ presence at the forefront of regulations affecting client’s businesses helps to reinforce our relevance and expertise. We can provide both local and global regulatory support through local member firms and regional centers of regulatory excellence. ThoughtLeadership The Convergence Evolution – Global survey into the integration of governance, risk and compliance Optimizing data management strategies to minimize the potential cost for IT, legal and compliance functions Transforming the Regulatory Agenda: A strategic opportunity for the financial services industry The New Inconvenient Truth – Social Media: Too big for wealth managers to ignore? OtherFoodForThought February 2016 Our ‘next generation’ insights, methods and tools to enable business transformations July 2014 Discussion around megatrends and their impact on the Financial Service industry, focusing ongovernance, risk and compliance. July 2015 In this thought leadership paper, KPMG focuses on key areas where data management can be more optimally managed across the organization July 2015 The first in a series of reports from US FS Regulatory Risk Advisory, and our Americas FS Regulatory CoE, looking at the importance of implementing a change management framework that centralizes and synthesizes current and future regulatory demands. July 2015 As social media is becoming ubiquitous to the financial service industry, clients must take notice of the profound changes that social media will have on their business environment. KPMG:Toolkits,FrameworksandThoughtLeadership
  • 16. kpmg.com/socialmedia kpmg.com/app Craig Davis Partner ASPAC Head of Financial Risk Management T: +65 6411 8533 E: craigdavis1@kpmg.com.sg Nick Barlow Director KPMG in Singapore T: +65 6411 8433 E: nbarlow1@kpmg.com.sg Nanda Thiruvengadam Associate Director KPMG in Singapore T: +65 6411 8212 E: nandathiruvengadam@kpmg.com.sg The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis- à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. Printed in Singapore. The KPMG name and logo are registered trademarks or trademarks of KPMG International Cooperative (“KPMG International”).