The Company – Our client is an international banking group with Domestic Markets, International Financial Services, and Corporate & Institutional Banking business units. It is one of the world’s 10 largest banks by total assets. It offers its clients a full range of services from investment and retail banking to asset management services.
The Objective – The Data used for risk and regulatory reporting needs to be of high quality and aligned with the Basel principles for effective risk data aggregation and risk reporting and support evolving regulatory requirements. Evidence on data controls, quality, and operations used for the attestation of regulatory reporting needs to be gathered.
The Data Trace Program has three objectives:
- Ensuring data accuracy for transactions selected, based on documentary evidence.
- Confirming proper capture and transformation of information to satisfy reporting requirements.
- Testing the effectiveness of the internal control framework
In order to respond to the objective, the Data Trace Program is composed of three pillars:
- The Risk Assessment pillar of the program identifies areas of risk. It is the starting point of the approach and is performed on reg reports and MDRMs.
- The Transaction Testing pillar is data-driven and consists of sampling and testing transactions to ensure the accuracy of data used to prepare reg reports by tracing back transactions to source documents.
- The Report Compliance pillar is instruction-driven and aims at confirming that regulatory reports meet reporting requirements and that data feeds adequately MDRMs in regulatory reports.
The Risk Assessment consists of performing a report risk assessment on the population of filed reports and MDRM risk assessment on identified high-risk reports. The Risk Assessment pillar is the driver for both the Transaction Testing and the Report Compliance pillars.
Transaction Testing is performed on a combination of core attributes identified during Risk Assessment and all identified CDEs related to high-risk reports. The Testing Transaction pillar consists of:
- Source population: Data obtained is grouped into a combination of attributes to facilitate analysis.
- Sampling: Sample size is calculated using a statistical approach, and individual transactions are selected randomly and using professional judgment.
- Testing is realized on the CDEs impacting the reports in scope.
- Transaction Testing aims at validating the accuracy of data used for reporting purposes.
- Obtain source documents.
- Selected data is compared to source documents and to data in source systems.
- Document and assess testing results. Errors found are handed over to the issue remediation team.
- Follow up on the issue resolution process.
- Document testing results
- Reporting: Consolidate testing results and provide conclusions to Management
Report Compliance derives from Risk Assessment and leverages tests performed by Transaction Testing team.
The main risks and challenges were:
- Regulatory reports are sourced from different systems. Transactions cannot be selected from a single data flow because the mapping between systems does not exist. Therefore, a multiple data flows option was recommended despite a higher cost.
- Incorrect mapping between systems. However, Data Trace indirectly validated the accuracy of the mapping when comparing transactions in the database to the reports.
- Incorrect interpretation of instructions. The Data Trace team compared transactions to instructions and made sure they met regulatory requirements.
- Many stakeholders are involved and must be responsive.
- Aggressive timeline to comply with regulator’s requirements.
Arrayo has been successful at defining and testing the various key data elements and transactions used by regulatory reporting to ensure the information captured by the system is accurate compared to source/legal documentation.
Arrayo’s team of Regulatory Reporting SMEs and Data Analysts has been a major contributor to the successful completion of the Risk Assessment and Transaction Testing phases for the following high-risk reports: FR Y-9C, FR Y-11/FR Y-11S, FR Y-9LP, FFIEC 002, FFIEC 002s, FR 2900, FFIEC 009/009a, FR Y-14A, FR Y-14Q and FR 2052s (5G). The tests can be leveraged by the Report Compliance Testing team.