Basel Committee on Banking Supervision standard 239
The Basel Committee on Banking Supervision standard number 239 (BCBS 239) sets out the “principles for effective risk data aggregation and risk reporting”. The overall objective of the standard is to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, in turn, enhancing the risk management and decision making processes at banks. “The right information needs to be presented to the right people at the right time”. The principles include best practices in data governance, which is treated as a prime driver for high quality data to inform risk management decisions.
Challenges and benefits of BCBS 239 principles adoption
For large organizations, most of the effort for BCBS 239 is in identifying and documenting data lineage, followed by implementing data controls where required and classifying data using a data catalog. These processes need to be federated out across system owners and subject matter experts to achieve the scale required.
BCBS 239 requires on-going data governance and is not a one-off exercise. Metadata, lineage and quality metrics assessments should be automated where possible and used to update metadata via an API. Users need highly productive user interfaces and tools to make changes, and a simple workflow process for approvals.
BCBS 239 may benefit the whole organization by uplifting the importance of data quality, data governance and full visibility of data flows. It can facilitate better, faster decisions and reduce the probability and severity of losses. And by speeding up decision-making it can make the organization better able to handle change .
Visualization of change
Data source catalog
Solidatus allows for the creation of a repository of reportable sources that can then be leveraged globally across an organization to ensure consistency locally, regionally and globally. Should regulation change locally then the delta of change can be mapped generating significant efficiencies in compliance with new standards.
Solidatus for BCBS 239
Documenting a highly complex, large financial institution can be difficult. Regulatory reporting data may originate from an inappropriate source, it may have undergone an unauthorized modification or simply be incorrect. This data needs to be understood to the relevant and correct granularity for it to be of value and in order to comply with legal obligations.
Solidatus gives financial institutions the ability to gain valuable insight into their data landscape through visualized data lineage, showcasing how data flows through their organization, tracking from source to target and maintaining a temporal, historical record of change. Through its collaborative crowdsourcing model, Solidatus allows for quick and effective enterprise-wide sharing of knowledge identifying where data is held, its categorization and who has access to it. This visualization enables an organization to easily share their BCBS 239 data lineage in an interactive and dynamic format, allowing for greater transparency and control.
Solidatus reference models provide organization-wide data catalogs to be created and related to data across data flows. External taxonomies and business-specific classifications can be used to identify the business’ meaning of data, and to locate it in multiple flows.
Solidatus’ metadata management allows the user to apply an unlimited number of properties to describe, categorize and control their data within a model as required by the business. Together with reference models, this satisfies the need for a “bank [to] establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data”.
BCBS 239 and metadata management
The Basel Committee on Banking Supervision standard number 239 (2013) sets out the “principles for effective risk data aggregation and risk reporting”. The overall objective of the standard is to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, to enhance risk management and decision-making.
The principles aim to present correct risk data to decision-makers to make timely, informed decisions, and to help regulators accurately assess a bank’s risks.
BCBS 239 was initially focused on global, systemically important banks. The principles require fully understanding data flows and ensuring the quality of data is validated for completeness, accuracy and timeliness throughout the flow. These data governance processes rely on accurate and up to date metadata, often from legacy systems, systems inherited from mergers and a wide range of platforms and data stores.
Principle 2, article 33 of BCBS 239 states:
“A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.”
This directly implies that banks need to ensure that all data used in risk aggregation must be clearly and unambiguously defined and understood enterprise-wide to enforce consistency and control, thereby improving regulatory compliance. Metadata that is managed properly enables strong risk data aggregation capabilities, while a clearly defined and usable infrastructure allows banks to know that the data they are looking at is accurate and precise.
A metadata management platform with data lineage and data cataloging capabilities is required to deliver this level of understanding.
BCBS 239, data cataloging and data lineage
Data cataloging facilitates classifying the business meaning of data so organizations know what inputs are going into risk reports. Reporting accuracy depends on processing all the required data for a report. Data lineage is critical to an organization’s ability to fulfill the intent of BCBS 239. The Bank of International Settlements (BIS) alludes to this as part of proper data risk aggregation and risk reporting:
“… High quality risk management reports rely on the existence of strong risk data aggregation capabilities, and sound infrastructure and governance ensures the information flow from one to the other.”
“… Risk management reports should be accurate and precise to ensure a bank’s board and senior management can rely with confidence on the aggregated information to make critical decisions about risk.”
Interested in learning more about how we can help?
Solidatus unlocks the true business value behind data. A lineage-first approach enables organizations to connect and visualize data relationships across the enterprise, simplifying how they identify, access and understand them. With a reimagined, sustainable data foundation in place, organizations can mine actionable intelligence and solve complex problems to deliver transformational business results.
Solidatus is a member of the EDM Council.