Financial Risk System

1. Context

A global investment bank based in London, New York and Singapore trades (buys and sells) financial products with other banks (counterparties). When share prices on the stock markets move up or down, the bank either makes money or loses it. At the end of the working day, the bank needs to gain a view of how much risk they are exposed to (e.g. of losing money) by running some calculations on the data held about their trades. The bank has an existing Trade Data System (TDS) and Reference Data System (RDS) but need a new Risk System.

Financial Risk SystemCalculates the bank's exposure to riskfor product X.E-mail systemThe bank's Microsoft Exchangesystem.Business UserA regular business user.Central Monitoring ServiceThe bank's central monitoring andalerting dashboard.Configuration UserA regular business user whocan also configure theparameters used in the riskcalculations.Trade Data SystemThe system of record for trades oftype X.Active DirectoryThe bank's authentication andauthorisation system.Reference Data SystemManages reference data for allcounterparties the bank interactswith.Reference Data System v2.0Manages reference data for allcounterparties the bank interactswith.Uses for userauthentication andauthorisation-Remove link.Link options.Sends critical failure alertsto[SNMP]Remove link.Link options.Views reports using-Remove link.Link options.Sends a notification that areport is ready to[E-mail message]Remove link.Link options.Sends a notification that areport is ready to-Remove link.Link options.Configures parametersusing-Remove link.Link options.Gets counterparty datafrom-Remove link.Link options.Gets trade data from-Remove link.Link options.Gets counterparty datafrom-Remove link.Link options.
PersonSoftware SystemSoftware System, FutureStateSoftware System, RiskSystemAsynchronousAsynchronous, AlertSynchronousSynchronous, Future State

1.1 Trade Data System

The Trade Data System maintains a store of all trades made by the bank. It is already configured to generate a file-based XML export of trade data at the close of business (5pm) in New York. The export includes the following information for every trade made by the bank:

  • Trade ID

  • Date

  • Current trade value in US dollars

  • Counterparty ID

1.2 Reference Data System

The Reference Data System maintains all of the reference data needed by the bank. This includes information about counterparties; each of which represents an individual, a bank, etc. A file-based XML export is also available and includes basic information about each counterparty. A new organisation-wide reference data system is due for completion in the next 3 months, with the current system eventually being decommissioned.

2. Functional Overview

The high-level functional requirements for the new Risk System are as follows.

Functional overview
Functional overview

  1. Import trade data from the Trade Data System.
  2. Import counterparty data from the Reference Data System.
  3. Join the two sets of data together, enriching the trade data with information about the counterparty.
  4. For each counterparty, calculate the risk that the bank is exposed to.
  5. Generate a report that can be imported into Microsoft Excel containing the risk figures for all counterparties known by the bank.
  6. Distribute the report to the business users before the start of the next trading day (9am) in Singapore.
  7. Provide a way for a subset of the business users to configure and maintain the external parameters used by the risk calculations.

3. Quality Attributes

The quality attributes for the new Financial Risk System are as follows.

3.1 Performance

  • Risk reports must be generated before 9am the following business day in Singapore.

3.2 Scalability

  • The system must be able to cope with trade volumes for the next 5 years.
  • The Trade Data System export includes approximately 5000 trades now and it is anticipated that there will be an additional 10 trades per day.
  • The Reference Data System counterparty export includes approximately 20,000 counterparties and growth will be negligible.
  • There are 40-50 business users around the world that need access to the report.

3.3 Availability

  • Risk reports should be available to users 24x7, but a small amount of downtime (less than 30 minutes per day) can be tolerated.

3.4 Failover

  • Manual failover is sufficient for all system components, provided that the availability targets can be met.

3.5 Security

  • This system must follow bank policy that states system access is restricted to authenticated and authorised users only.
  • Reports must only be distributed to authorised users.
  • Only a subset of the authorised users are permitted to modify the parameters used in the risk calculations.
  • Although desirable, there are no single sign-on requirements (e.g. integration with Active Directory, LDAP, etc).
  • All access to the system and reports will be within the confines of the bank's global network.

3.6 Audit

  • The following events must be recorded in the system audit logs:
    • Report generation.
    • Modification of risk calculation parameters.
  • It must be possible to understand the input data that was used in calculating risk.

3.7 Fault Tolerance and Resilience

  • The system should take appropriate steps to recover from an error if possible, but all errors should be logged.
  • Errors preventing a counterparty risk calculation being completed should be logged and the process should continue.

3.8 Internationalization and Localization

  • All user interfaces will be presented in English only.
  • All reports will be presented in English only.
  • All trading values and risk figures will be presented in US dollars only.

3.9 Monitoring and Management

  • A Simple Network Management Protocol (SNMP) trap should be sent to the bank's Central Monitoring Service in the following circumstances:
    • When there is a fatal error with a system component.
    • When reports have not been generated before 9am Singapore time.

3.10 Data Retention and Archiving

  • Input files used in the risk calculation process must be retained for 1 year.

3.11 Interoperability

  • Interfaces with existing data systems should conform to and use existing data formats.