33. Institutions should ensure that the stress testing programme is supported by an adequate data infrastructure.

34. To ensure that a proper data infrastructure has been put in place, institutions, including those that are not global systemically important institutions (G-SIIs), should endeavour to also refer, to the extent appropriate, to the principles for effective risk data aggregation and risk reporting of the Basel Committee on Banking Supervision.

35. Institutions should ensure that their data infrastructure has the capacity to capture the extensive data needs of their stress testing programme and that they have in place mechanisms to ensure their continuing ability to conduct stress testing as planned in accordance with the programme.

36. Institutions should ensure that the data infrastructure allows for both flexibility and appropriate levels of quality and control.

37. Institutions should ensure that their data infrastructure is proportionate to their size, complexity, and risk and business profile, and allows for the performance of stress tests covering all material risks that the institution is exposed to.

38. Institutions should devote sufficient human, financial and material resources to guarantee the effective development and maintenance of their data infrastructure, including information technology systems.