Risk accounting - part 2: The risk data aggregation and risk reporting (BCBS 239) foundation of enterprise risk management (ERM) and risk governance
Abstract
In the period following the global financial crisis, high-profile regulatory breaches and other instances of banks’ misconduct triggered widespread concern that the culture and standards of conduct in banks had declined to a point of unacceptability. The crisis also brought into sharp focus the inability of banks to completely and accurately report the risks they accept in order to create shareholder value. These events and circumstances culminated in a crisis of trust between banks and their stakeholders which include governments, regulators, investors and customers. In this same period, regulators focused on their primary ‘capitalat- risk’ regimes administered through the Basel capital accords, reinforcing additional levels of capital as a bank’s primary protection against unexpected losses. At the same time, Basel introduced ‘firm-at-risk’ mandates that required improvements in banks’ control over risk data and associated technology infrastructure. The most significant game-changing post-crisis regulatory mandate in this regard is the Basel Committee’s principles for effective risk data aggregation and risk reporting, also known as BCBS 239. This new mandate requires banks: to implement controls over risk data that are as robust as those applicable to accounting data; to create accurate and single authoritative sources of risk data; and to ensure the precision, timeliness, comprehensiveness and adaptability of risk reporting. BCBS 239 effectively sets the parameters for enterprise risk management (ERM) and provides the foundation on which risk governance and risk cultures can positively evolve. Whereas BCBS 239 expressly states that a common risk metric for all forms of risk is not required, the authors challenge this thinking and argue that it is only through the adoption of a common risk metric that the objectives of BCBS 239 can be reasonably achieved. Part 1 of this paper, published in Journal of Risk Management in Financial Institutions Volume Nine, Number Two (pp. 130–146), explains why bankers — risk managers and accountants in particular — must view the need for the convergence of finance and risk systems within a common control and reporting framework as an imperative. Part 2 describes the ‘Risk Accounting’ methodology and its introduction of both a common measurement framework for all forms of risk and a common risk metric, the risk unit (RU).
The full article is available to subscribers to the journal.
Author's Biography
Allan D. Grody is a founding board member of the Journal of Risk Management in Financial Institutions, founding professor (retired) of New York University’s graduate course in risk management systems, and founding partner (retired) of Coopers & Lybrand’s financial services consulting practice. He began his business career in General Electric’s finance business and later went on to hold increasingly responsible positions in investment management, the securities industry and international banking. He is President of Financial InterGroup Advisors and Financial InterGroup Holdings Ltd, and an advisory board member of ARC Best Practices Ltd.
Peter J. Hughes is a chartered accountant and managing director of the UK risk software and consulting firm, ARC Best Practices Limited. He was formerly a banker with JP Morgan Chase, where he held country and area management positions in Europe and South America encompassing audit, operations, finance and risk management.
Citation
Grody, Allan D. and Hughes, Peter J. (2016, June 1). Risk accounting - part 2: The risk data aggregation and risk reporting (BCBS 239) foundation of enterprise risk management (ERM) and risk governance. In the Journal of Risk Management in Financial Institutions, Volume 9, Issue 3. https://doi.org/10.69554/VZHP9888.
Publications LLP