“There were hundreds of different spreadsheet templates floating around,” said Christopher Hansert, Product Manager at Bosch Software Innovations, and the second of two presenters at a GARP webinar on the impact of new capital rules on risk ratings, held June 24, 2014. He presented a case study of an unnamed US commercial bank.
Due to an acquisition during the period of regulatory change, he said that the bank had a “heterogeneous set of platforms, models, and inconsistent ratings. They wanted one robust and centralized” risk rating system.
Inconsistencies in the risk rating process increased the likelihood of error, Hansert pointed out, and led to cherry-picking among users. “There was not centralized database to give a full view, bank-wide.”
A lack of controls led to data integrity issues, with problems authenticating the decisions made. As well, Hansert said there was poor quality historical data.
The implementation team began by making a clear separation between creating risk ratings and using risk ratings. Hansert wanted to set up a flexible system so that the IT department would not be needed to change score cards in future. Thus, it became important for the bank to properly maintain its model repository to see who changed what aspect (and when and where).
Additionally, it was important for the data to be stored in a good place. The new system must support the flexibility that is required by regulators and exploit new technologies for dynamic ways to store data. Ideally, such data storage is well interfaced to different parts of the bank, such as collateral-based systems and reporting groups.
Hansert contrasted two different views of the risk rating system: the design or authoring team versus the execution view. “These have very different requirements and altogether different user bases.” For example, only 5 to 10 persons are owners of the “authoring view” whereas hundreds of persons need access to the “execution view” to obtain output from the models (for use in deal analysis, reporting, etc.).
After the system was implemented, four main benefits were evident. The system had flexibility (as designed) and certain features, such as versioning and tracking approvals, that gave it auditability. The new risk rating system had high usability, thanks to its web-based front end. As well, it had the benefit of direct integration, making it “easier for users to capture data for any upstream or downstream situation,” Hansert said.
The results of the case study were impressive. Once the platform for making all future changes was set up, and Bosch Software Innovations had handed control over to the bank, a new risk rating system supporting 27 probability of default (PD) and loss given default (LGD) scorecards was rolled out in 3 to 4 weeks. (The old way required a minimum of two months.)
Due to built-in features (such as an automated audit trail, user authentication and data capture), said Hansert, “the bank is closer to achieving compliance with regulations such as Basel II.”
All in all, the case study described a successful move from “hundreds of spreadsheets” to one well-designed system. ª
Click here to read about the first presentation, an overview of changes to risk ratings. ª
Click here to view the webinar presentation Impact of Capital Rules on Risk Rating Systems. Hansert’s portion (a case study) begins at slide 13.