Article 25 External data

Competent authorities shall assess an institution's compliance with the standards relating to external data features, as referred to in point (ii) of Article 20(d), by verifying at least the following:

  1. (a)

    that, where the institution participates in consortia initiatives for the collection of operational risk events and losses, the institution is able to provide data of the same quality, in terms of scope, integrity and comprehensiveness, as internal data meeting the standards referred to in Articles 21, 22, 23, and 24 and that it does so consistently with the type of data requested by the consortia reporting standards;

  2. (b)

    that the institution has a data filtering process in place which allows the selection of relevant external data, based on specific established criteria and that the external data being used is relevant and consistent with the risk profile of the institution;

  3. (c)

    that, in order to avoid bias in parameter estimates, the filtering process results in a consistent selection of data regardless of the loss amount, and that, where the institution permits exceptions to this selection process, it has a policy providing criteria for exceptions and documentation supporting the rationale for those exceptions;

  4. (d)

    that, where the institution adopts a data scaling process involving the adjustment of loss amounts reported in external data, or of the related distributions, to fit the institution's business activities, nature and risk profile, the scaling process is systematic and statistically supported and that it provides outputs that are consistent with the institution's risk profile;

  5. (e)

    that the institution's scaling process is consistent over time and its validity and effectiveness are regularly reviewed.