The purpose of BCBS 239 (Basel Committee on Banking Supervision’s standard number 239) is to ensure that systemically important banks’ risk data aggregation capabilities and internal risk reporting practices give thorough insight into the risks to which they are exposed.
BCBS has a total of 14 principles, summarized in the four sections below:
I. Overarching governance and infrastructure
A bank’s risk data aggregation capabilities and risk-reporting practices should be subject to strong governance arrangements. Data architecture and IT infrastructure should fully support its risk data aggregation capabilities and risk-reporting practices in normal times and during times of stress or crisis.
II. Risk data aggregation capabilities
The bank should generate accurate, complete, timely, and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. The bank should be able to generate aggregate risk data, including requests during stress/crisis situations.
III. Risk-reporting practices
Risk management reports should be accurate and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should cover all material risk areas within the organization.
IV. Supervisory review, tools, and cooperation
Become an Experience Maker in Financial Services and Insurance
This lookbook spotlights how Perficient and Adobe, together, helped some of the world’s best brands create and capture the memories of their clients, employees, and other key target audiences.
Supervisors should periodically review and evaluate a bank’s compliance with BCBS Principles. A bank should take effective and timely remedial action to address deficiencies in its risk data aggregation capabilities and risk-reporting practices.
Supervisors across jurisdictions should cooperate to oversee and review the Principles and implement remedial action if needed.
With a requirement of BCBS 239, banks with a significant number of data sources are challenged with understanding, managing, and tracing their metadata.
Data lineage can help banks achieve BCBS 239 compliance.
Data lineage is the process of understanding, recording, and visualizing metadata as it flows from the originating data source to consumption. It also provides visibility into how data is transformed and aggregated.
Understanding the movement of metadata across the bank assists in the enforcement of data governance policies and the identification of auditing needs.
Risk management reports should communicate information clearly and concisely. Data lineage assists in finding common business terms and identifying inconsistencies in terminology that could confuse readers.
Data Accuracy and Remedial Actions
Data lineage provides a roadmap of how data travels within an organization, enabling organizations to more easily identify where errors occur. Upon identifying an error, data lineage allows users to review the transformation logic and remedy the system, helping to avoid such errors in the future.
Data lineage can also help firms plan for future data/system changes, such as the replacement of a source system or a change in a data field (e.g., LIBOR rates being replaced by Alternative Reference Rates). It provides valuable insights into which downstream applications and data transformations would be impacted by changes and helps plan risk mitigation.
Data lineage should be part of every large bank’s data governance program. However, understanding the ins and outs of data lineage and how to leverage intelligent and automated data lineage solutions to achieve your organization’s goals (e.g., compliance, data democratization) can be difficult without the proper knowledge and experience. If you are interested in learning how to establish data lineage practices and implement data lineage tools, such as ASG and Collibra, in your organization, please don’t hesitate to reach out to us.