Basel III (Pillar I) capital requirements include guidance on how to measure credit, market, and operational risks. Most globally systemically important banks are allowed to use their credit risk inputs, including:

These inputs go into a Basel Committee calibrated formula to measure credit risk. Banks now also have to calculate capital charges for their derivatives counterparties, including both banks or central counterparties. Because there are different ways to calculate the credit risk inputs, having a defined source of accurate, consistent, and complete data is extremely important for the reliability of measuring credit risk.

For market and operational risk, big banks are allowed to use their own models, which have to comply with numerous design, validation, compliance, and auditing requirements. The biggest data challenge for market risk measurements is having a good reliable source of data for illiquid assets, such as infrequently traded bonds or tailored derivatives. Additionally, market risk models, have to be stressed in order to test whether a bank could survive in a period of significant market shocks in interest rate, equity, foreign exchange, or commodity markets.

The biggest risk data aggregation challenges lie in measuring operational risk, a risk to a bank’s earnings or capital due to a breach in the day to day running of the business due to:

Operational risk is the most neglected of the financial risk and was not part of The Basel Accord until 2006. Many banks struggle to define, identify, measure, control, and monitor operational risk uniformly. Data challenges abound especially with banks that do not have an established process to collect data that reflects their internal losses. When banks use data of losses that took place at another institution, they risk using data that may not be relevant, since each institution has a different risk culture and internal controls.

Most significant bank losses in the last twenty-five years such as at Barings, Societe Generale, and JP Morgan are all due to operational risk. Establishing a process to obtain accurate and complete operational risk data to measure this important risk in a timely manner should be a top priority for banks. Without an accurate measure of operational risk, banks will not have a complete picture of their aggregated risks across the whole bank, especially during a period of credit or market stress.

New rules under Basel III, such as the Liquidity Standard and the Leverage Ratio, require that banks know where the data originates and whether it is of high quality. These ratios are of great interest to all bank regulators, but especially to those such as the FDIC or the European Banking Authority who have bank resolution responsibilities. These authorities want to make sure that banks have high quality liquid assets and that they are less leveraged to the reduce their probability of failure.

Under Basel III’s Pillar II, the Internal Capital Adequacy Assessment Process is a key area that requires an enormous amount of high quality data are for capital adequacy and stress test requirements. In the US, the Federal Reserve is empowered under Dodd-Frank’s Title I to mandate the Comprehensive Capital Adequacy Review and what is now popularly known as the Dodd-Frank Act Stress Test (DFAST). Stress tests require a significant amount of data such as:

Most banks need to go to multiple sources for these data points, calling into question whether banks know the lineage, quality, completeness, and accuracy of the data. These data are necessary in order for banks to calculate important stress metrics such as expected losses, loss severities, liquidity, net income, and regulatory capital.

Basel III’s Pillar III (risk disclosures) also requires significant levels of high quality data. This key part of Basel III is incredibly important because if banks disclose high quality information, the market is in a better position to signal what it thinks about a bank’s risk exposures and risk management. The Basel Committee released revised, and significantly improved disclosure requirements in January 2015. Banks now have templates that require them to provide their average risk weights across multiple assets. This will enable market participants to receive banks’ information in a uniform manner so that they can compare and contrast different banks’ risk exposures. High quality data is essential for this pillar, because this would enable the market to discipline banks by selling bank bonds or stocks if investors are dissatisfied with what the banks are signaling about their risk exposures.

Under Title I of Dodd-Frank, banks are required to write living wills that describe to bank regulators how a failed bank would be resolved in the all of the jurisdictions where it has legal entities (see Practice Note, Living Will Requirements for Financial Institutions). For this exercise, bank regulators should require banks to have strong risk data aggregation capabilities that map the different risk exposures to each of the bank’s legal entities. Bank management have traditionally approached risk management along business lines; yet for the purpose of resolving a failed bank , the location of domestic and foreign legal entities dictates which bank bankruptcy laws apply.

Title VI of Dodd-Frank (the Volcker Rule) also imposes significant data requirements on financial institutions (see Summary of the Dodd-Frank Act: The Volcker Rule). In order for banks to trade numerous securities and derivatives without violating the Volcker Rule, they must prove to regulators that they are market makers. To demonstrate they stand ready to buy or sell a wide range of securities and derivatives, banks have to meet seven quantitative metrics.

Many of the metrics are not entirely new, but they have to be calculated by desk at a very granular level, which is new to the banking industry.