SECTION 4 Data quality and IT infrastructure

Article 18 Data quality

  1. (1)

    Competent authorities shall assess the degree to which the quality of the data used by an institution's in the AMA framework is maintained, and that the building and maintenance procedures are regularly analysed by that institution, by verifying that the institution has at least the following sets of data at its disposal:

    1. (a)

      data to build and track its operational risk history, made up of internal and external data, scenario analysis, and BEICF;

    2. (b)

      complementary data, including model parameters, model outputs and reports.

  2. (2)

    For the purposes of paragraph 1, competent authorities shall confirm that the institution has defined appropriate data quality dimensions to provide effective support to its operational risk management process and measurement system, and that it complies on a regular basis with the set dimensions.

  3. (3)

    For the purposes of paragraph 1, competent authorities shall confirm that the institution's data quality dimensions meet at least the following conditions:

    1. (a)

      they are of sufficient breadth, depth, and scope for the task at hand;

    2. (b)

      they meet current and potential user needs;

    3. (c)

      they are updated promptly;

    4. (d)

      they are appropriate for, and consistent with, the extent of their usage;

    5. (e)

      they accurately represent the real-life phenomenon that they aim to represent;

    6. (f)

      they do not violate any business rule in a database that has to be statically and dynamically maintained.

  4. (4)

    For the purposes of paragraph 1, competent authorities shall confirm that the institution has appropriate documentation for the design and maintenance of the databases used in the institution's AMA framework, and that the documentation contains at least the following:

    1. (a)

      a global map of databases involved in the operational risk measurement system with their descriptions;

    2. (b)

      a data policy and a statement of responsibility;

    3. (c)

      descriptions of work-flows and procedures related to data collection and data storage;

    4. (d)

      a statement of weaknesses with all the weaknesses identified in the databases of the validation and review processes and a statement on how the institution plans to correct or reduce the weaknesses identified.

  5. (5)

    Competent authorities shall confirm that the policies on the SDLC for AMA are approved by the institution's management body and senior management.

  6. (6)

    Where the institution uses external data sources, the institution shall ensure that the provisions in this Article are satisfied.