The quality attributes for the new Financial Risk System are as follows.
- Risk reports must be generated before 9am the following business day in Singapore.
- The system must be able to cope with trade volumes for the next 5 years.
- The Trade Data System export includes approximately 5000 trades now and it is anticipated that there will be an additional 10 trades per day.
- The Reference Data System counterparty export includes approximately 20,000 counterparties and growth will be negligible.
- There are 40-50 business users around the world that need access to the report.
- Risk reports should be available to users 24x7, but a small amount of downtime (less than 30 minutes per day) can be tolerated.
- Manual failover is sufficient for all system components, provided that the availability targets can be met.
- This system must follow bank policy that states system access is restricted to authenticated and authorised users only.
- Reports must only be distributed to authorised users.
- Only a subset of the authorised users are permitted to modify the parameters used in the risk calculations.
- Although desirable, there are no single sign-on requirements (e.g. integration with Active Directory, LDAP, etc).
- All access to the system and reports will be within the confines of the bank's global network.
- The following events must be recorded in the system audit logs:
- Report generation.
- Modification of risk calculation parameters.
- It must be possible to understand the input data that was used in calculating risk.
Fault Tolerance and Resilience
- The system should take appropriate steps to recover from an error if possible, but all errors should be logged.
- Errors preventing a counterparty risk calculation being completed should be logged and the process should continue.
Internationalization and Localization
- All user interfaces will be presented in English only.
- All reports will be presented in English only.
- All trading values and risk figures will be presented in US dollars only.
Monitoring and Management
- A Simple Network Management Protocol (SNMP) trap should be sent to the bank's Central Monitoring Service in the following circumstances:
- When there is a fatal error with a system component.
- When reports have not been generated before 9am Singapore time.
Data Retention and Archiving
- Input files used in the risk calculation process must be retained for 1 year.
- Interfaces with existing data systems should conform to and use existing data formats.