Financial Services

Data Lineage for BCBS 239 Regulatory Compliance

Istock 1194668332

The purpose of BCBS 239 (Basel Committee on Banking Supervision’s standard number 239) is to ensure that systemically important banks’ risk data aggregation capabilities and internal risk reporting practices give thorough insight into the risks to which they are exposed.

BCBS has a total of 14 principles, summarized in the four sections below:

I. Overarching governance and infrastructure

A bank’s risk data aggregation capabilities and risk-reporting practices should be subject to strong governance arrangements. Data architecture and IT infrastructure should fully support its risk data aggregation capabilities and risk-reporting practices in normal times and during times of stress or crisis.

II.  Risk data aggregation capabilities

The bank should generate accurate, complete, timely, and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. The bank should be able to generate aggregate risk data, including requests during stress/crisis situations.

III. Risk-reporting practices

Risk management reports should be accurate and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should cover all material risk areas within the organization.

IV. Supervisory review, tools, and cooperation

Supervisors should periodically review and evaluate a bank’s compliance with BCBS Principles. A bank should take effective and timely remedial action to address deficiencies in its risk data aggregation capabilities and risk-reporting practices.

Supervisors across jurisdictions should cooperate to oversee and review the Principles and implement remedial action if needed.

With a requirement of BCBS 239, banks with a significant number of data sources are challenged with understanding, managing, and tracing their metadata.

Data lineage can help banks achieve BCBS 239 compliance.

Data lineage is the process of understanding, recording, and visualizing metadata as it flows from the originating data source to consumption. It also provides visibility into how data is transformed and aggregated.

Data Governance

Understanding the movement of metadata across the bank assists in the enforcement of data governance policies and the identification of auditing needs.

Data Clarity

Risk management reports should communicate information clearly and concisely. Data lineage assists in finding common business terms and identifying inconsistencies in terminology that could confuse readers.

Data Accuracy and Remedial Actions

Data lineage provides a roadmap of how data travels within an organization, enabling organizations to more easily identify where errors occur. Upon identifying an error, data lineage allows users to review the transformation logic and remedy the system, helping to avoid such errors in the future.

Data lineage can also help firms plan for future data/system changes, such as the replacement of a source system or a change in a data field (e.g., LIBOR rates being replaced by Alternative Reference Rates). It provides valuable insights into which downstream applications and data transformations would be impacted by changes and helps plan risk mitigation.

Final Thoughts

Data lineage should be part of every large bank’s data governance program. However, understanding the ins and outs of data lineage and how to leverage intelligent and automated data lineage solutions to achieve your organization’s goals (e.g., compliance, data democratization) can be difficult without the proper knowledge and experience. If you are interested in learning how to establish data lineage practices and implement data lineage tools, such as ASG and Collibra, in your organization, please don’t hesitate to reach out to us.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Lizbet Valencia

Lizbet Valencia is a business analyst in Perficient's financial services practice, with extensive experience delivering multi-million dollar technology solutions that enable companies to meet regulatory requirements and monitor risk. Her core competencies include data lineage, business analyses, and project implementation.

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Follow Us
TwitterLinkedinFacebookYoutubeInstagram