BCBS 239 – ITS TIME TO GET BACK TO BANKING BASICS
Three steps to get the ball rolling
Carsten Lux, ASG Solutions
2016 may seem to be a long way off, but financial organisations need to start preparing for the changes, or risk being put under the microscope. To underestimate or ignore the principles laid out in the BCBS 239 paper is a risk not worth taking, if banks are to avoid another crippling, worldwide financial disaster and high penalties.
In light of the Basel Committee on Banking Supervision’s BCBS 239 principles, introduced to transform the way risk data management and reporting is carried out internationally, banks are expected to have already made significant progress towards becoming compliant ahead of the January 2016 deadline.
While the list of principles for companies to adhere to is relatively extensive, covering everything from IT infrastructure, governance and timeliness, becoming compliant need not be daunting or difficult if planning begins now. Firms need to see this as an opportunity to renovate, innovate and future proof their business, putting the most effective people and processes in place. Below are three tips on how to firms can do this, whilst at the same time meet compliance and gain a competitive advantage ahead of the deadline, all while enabling business growth and productivity.
Additionally the BCBS 239 principles will not only touch the already named G-SIBS. The local banking authorities should and will name additional D-SIBS, who will have only three years to fully comply to the principles after they have been named. So, to start early might be a competitive advantage in the future.
1. Assess the Situation
Firstly, firms need to assess the degree to which they currently comply. A holistic and aggregated view of enterprise data risks is not straightforward to achieve and is the exact reason BCBS 239 has come into effect, so the chances are that parts of the business comply while others don’t. Banks need to grasp the regulations with both hands and seize the opportunity to truly assess the entire organisation and its external environment.
Supervisors will ask for documentation and proof over many years to come, so unsurprisingly process is needed. A thorough, independent assessment across departments is required before any changes are made, providing a complete understanding of where the weaknesses are in the organisation.
This should also take into count not only the risks encountered today, but also those expected to impact the business in the future. This is essential if we are to avoid another financial crisis, with risk being assessed in real-time.
2. Data Delivery
According to the BCBS report ‘Progress in adopting the principles for effective risk data aggregation and risk reporting’, financial organisations feel they are currently least compliant with having a strong IT infrastructure and data architecture, in particular, having integrated data taxonomies and adequate controls throughout the lifecycle of data. This can be daunting but it is absolutely essential.
What the recent financial crisis has taught us is that real-time and aggregated data is fundamental to avoiding risk. Technology should be maximised to process large amounts of data in real-time, providing both up-to-date holistic and granular reports regardless of business function, jurisdiction or legal entity. Make the most out of technology to deliver speed, agility, scalability and flexibility to get complete and in-depth reports on the risks companies face, even in times of stress or crisis and without human error.
3. The right people doing the right jobs
Organisations also need to have the right people in place. While technology and IT infrastructure is fundamental to processing the data, people are crucial in turning data into intelligence and managing information. In order to adhere to the principles of governance, accuracy and adaptability, people will need to be able to understand the ins and outs of metadata and data lineage. It is important firms don’t see this as a hoop jumping exercise, but rather a process that will transform the way its teams deal with risk, enabling it to make much better informed decisions.
BCBS 239 does encourage organisations to change their daily habits when it comes to risk data management and reporting, but should not be seen as a roadblock or obstacle. It is an opportunity to modernise IT and gain a holistic and granular view of the risks facing financial organisations, which is crucial to ensuring another crippling financial crisis is avoided. Only those who have already implemented the necessary processes or planning ahead of the impending 2016 deadline will reap the benefits of complete compliance, consistent organisational growth and reliable risk management systems.