What is BCBS 239? A Summary of Key Principles & Compliance
Adaptable, accurate and fast BCBS239 reporting. Trust in the accuracy of your data and prove outcomes to regulators and senior management with visualized data lineage.
Are you aware of how BCBS239, a key regulation for financial institutions, requires you to ensure the accuracy of the data that underpins your business? And to demonstrate intent to control where exactly your data comes from and how precisely it changes, before it is used in key business activities, such as board-level decision making, AI recommendations and more?
If you don’t know, you need to, as not complying with BCBS 239 regulations could result in fines in the millions for your company.
What is BCBS 239?
The Basel Committee on Banking Supervision standard number 239, ‘Principles for effective risk data aggregation and risk reporting’ sets the standards for effective risk data aggregation and reporting, and aims to fix risk management failings in systemically important banks. The BCBS 239 requirements were designed to improve the accuracy and speed of risk reporting. While initially focused on risk reporting, BCBS 239 principles demand data governance and adaptability which can deliver much wider benefits.
In May 2024, the European Central Bank published an updated set of guidelines on this. In its introduction to the, ‘Guide on effective risk data aggregation and risk reporting’, it states, “The ability of institutions to effectively manage and aggregate risk-related data is an essential precondition for sound decision-making and strong risk governance.” They also state that the, “ECB Banking Supervision is intensifying its supervisory approach.”
BCBS 239 and data lineage: What does the May 2024 update say about lineage?
We’ve written a BCBS239 whitepaper and blog on this, with more detail, but the crux of it is this. In their recent May 2024 guide, the European Central Bank is now clarifying very clearly that:
- You need to have data lineage as a minimum element of your data governance
- That data lineage needs to be both ‘complete’, thereby encompassing a view of all the data flows across all systems, from end to end of your business. Not just a subset. And secondly, it must be granular and detailed, or to the ‘attribute’ level in their terms. This means that you must be able to drill from that broad map view, right down to the column in a table level – not just to the table level.
If you think you have a catalog system that has lineage and therefore your data flows are sorted, be aware that this is unlikely to be sufficient to cover the detail required per the regulations.
What are the 14 key principles of BCBS 239
Who do BCBS 239 principles apply to?
The BCBS 239 Principles apply to all Global Systemically Important Banks (G-SIBs) and are also recommended to be applied to Domestic Systemically Important Banks (D-SIBs) by national supervisors. Banks are required to be compliant with the BCBS 239 principles and a key component which drives compliance is the documentation of data lineage.
BCBS 239 data lineage: Why is it a challenge for banks?
The approach to be taken for data lineage has been one of the key challenges that banks have faced in aligning to the BCBS 239 principles as it is one of the more time consuming and resource intensive activities demanded by the regulation. Whilst this is the case, there are strong benefits to implementing a robust and consistent framework, summarized as follows:
Data journey
Provides transparency of definitions of data and an understanding of the manipulation, transformation and aggregation of critical data as it travels through its journey into reporting. Supports a strong understanding of architecture in place.
Data quality (DQ)
Provides clarity on the required data quality framework to be put in place, ensuring that DQ controls and supporting rules are placed in the correct place in the process, in the context of the potential risks and issues that could arise throughout the data journey.
Data governance
Underpins a strong data ownership and governance framework driving consistency, definitional alignment, and control across the critical data in scope.
Key benefits
- Administer a common language across functions, while still allowing everyone to speak their own.
- Point-in-time system of record – to be able to show exactly what knowledge was available and when.
- Ability to simulate change within the models – demonstrate to all involved the impact of change based on the facts known at the time.
- Enterprise-scale modeling and visualization – the ability to model complete flows is critical to BCBS 239 compliance.
- Reduce risk of non-compliance – by identifying gaps – extent of knowledge is clear and demonstrable.
- Centralized repository, de-centralized collection – always use the subject matter experts to collect and validate the metadata and lineage.
Once you have data lineage that suits BCBS 239 data governance and compliance, you will have a foundation for other regulations – as there is some overlap between requirements. It will be easier then to add the requirements for other regulations around personal data, AI and more, keeping you proactive and up-to-date with regulations.
