BCBS 239

BCBS 239 aims to fix risk management failings in systemically important banks. Its principles are designed to improve the accuracy and speed of risk reporting. While initially focused on risk reporting, the principles demand data governance and adaptability which can deliver much wider benefits.

Basel Committee on Banking Supervision standard 239

The Basel Committee on Banking Supervision standard number 239 (BCBS 239) sets out the “principles for effective risk data aggregation and risk reporting”. The overall objective of the standard is to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, in turn, enhancing the risk management and decision making processes at banks. “The right information needs to be presented to the right people at the right time”. The principles include best practices in data governance, which is treated as a prime driver for high quality data to inform risk management decisions. 

Challenges and benefits of BCBS 239 principles adoption

For large organizations, most of the effort for BCBS 239 is in identifying and documenting data lineage, followed by implementing data controls where required and classifying data using a data catalog. These processes need to be federated out across system owners and subject matter experts to achieve the scale required.

BCBS 239 requires on-going data governance and is not a one-off exercise. Metadata, lineage and quality metrics assessments should be automated where possible and used to update metadata via an API. Users need highly productive user interfaces and tools to make changes, and a simple workflow process for approvals.

BCBS 239 may benefit the whole organization by uplifting the importance of data quality, data governance and full visibility of data flows. It can facilitate better, faster decisions and reduce the probability and severity of losses. And by speeding up decision-making it can make the organization better able to handle change .

Visualization of change

Solidatus’ powerful visualization allows the delta of change to be transparent from both a regulatory and organizational data and process perspective.  The comprehensive audit functionality enables the capture of the reasons why changes were made and by whom, ensuring MAS 610 and 1003 compliance.

Impact analysis

Solidatus enables impact analysis to be performed ahead of change to understand the effect on data consumers and regulators. Additionally, should regulations change then the delta of change can be mapped, providing the ability to tailor amendments to regulatory change rather than recreating the entire report.

Data source catalog

Solidatus allows for the creation of a repository of reportable sources that can then be leveraged globally across an organization to ensure consistency locally, regionally and globally. Should regulation change locally then the delta of change can be mapped generating significant efficiencies in compliance with new standards.


Solidatus enables firms to address the challenges of creating a common taxonomy. The repository can be shared with other jurisdictions experiencing regulatory change. It can then be used to simplify the creation of the new report in that jurisdiction, enabling new regulations to be ingested piecemeal, which once completed will remain current and simplify any future changes still further.

Solidatus for BCBS 239

Documenting a highly complex, large financial institution can be difficult. Regulatory reporting data may originate from an inappropriate source, it may have undergone an unauthorized modification or simply be incorrect. This data needs to be understood to the relevant and correct granularity for it to be of value and in order to comply with legal obligations.

Solidatus gives financial institutions the ability to gain valuable insight into their data landscape through visualized data lineage, showcasing how data flows through their organization, tracking from source to target and maintaining a temporal, historical record of change. Through its collaborative crowdsourcing model, Solidatus allows for quick and effective enterprise-wide sharing of knowledge identifying where data is held, its categorization and who has access to it. This visualization enables an organization to easily share their BCBS 239 data lineage in an interactive and dynamic format, allowing for greater transparency and control.

Solidatus reference models provide organization-wide data catalogs to be created and related to data across data flows. External taxonomies and business-specific classifications can be used to identify the business’ meaning of data, and to locate it in multiple flows.

Solidatus’ metadata management allows the user to apply an unlimited number of properties to describe, categorize and control their data within a model as required by the business. Together with reference models, this satisfies the need for a “bank [to] establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data”.

Data Privacy

BCBS 239 and metadata management

The Basel Committee on Banking Supervision standard number 239 (2013) sets out the “principles for effective risk data aggregation and risk reporting”. The overall objective of the standard is to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, to enhance risk management and decision-making.

The principles aim to present correct risk data to decision-makers to make timely, informed decisions, and to help regulators accurately assess a bank’s risks.

BCBS 239 was initially focused on global, systemically important banks. The principles require fully understanding data flows and ensuring the quality of data is validated for completeness, accuracy and timeliness throughout the flow. These data governance processes rely on accurate and up to date metadata, often from legacy systems, systems inherited from mergers and a wide range of platforms and data stores.

Principle 2, article 33 of BCBS 239 states:

“A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.”

This directly implies that banks need to ensure that all data used in risk aggregation must be clearly and unambiguously defined and understood enterprise-wide to enforce consistency and control, thereby improving regulatory compliance. Metadata that is managed properly enables strong risk data aggregation capabilities, while a clearly defined and usable infrastructure allows banks to know that the data they are looking at is accurate and precise.

A metadata management platform with data lineage and data cataloging capabilities is required to deliver this level of understanding.

BCBS 239, data cataloging and data lineage

Data cataloging facilitates classifying the business meaning of data so organizations know what inputs are going into risk reports. Reporting accuracy depends on processing all the required data for a report. Data lineage is critical to an organization’s ability to fulfill the intent of BCBS 239. The Bank of International Settlements (BIS) alludes to this as part of proper data risk aggregation and risk reporting:

Clause 21

… High quality risk management reports rely on the existence of strong risk data aggregation capabilities, and sound infrastructure and governance ensures the information flow from one to the other.”

Clause 52

“… Risk management reports should be accurate and precise to ensure a bank’s board and senior management can rely with confidence on the aggregated information to make critical decisions about risk.”

These points highlight the importance of data cataloging and data lineage when it comes to a bank’s ability to track data. Data is created, manipulated and used, usually ending a report of some sort – traceability plays a vital role in assisting with data-related decision-making. Visualized data lineage acts as the supporting documentation of risk reporting. It is a reference point where a bank will be able to prove the outcome of the report to both the regulator and senior management.

Interested in learning more about how we can help?


Solidatus unlocks the true business value behind data. A lineage-first approach enables organizations to connect and visualize data relationships across the enterprise, simplifying how they identify, access and understand them. With a reimagined, sustainable data foundation in place, organizations can mine actionable intelligence and solve complex problems to deliver transformational business results.

Solidatus is a member of the EDM Council.

© 2022. Threadneedle Software Holdings Limited trading as Solidatus.  Privacy Policy | Modern Slavery Statement