Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

MEETING THE REQUIREMENTS OF BCBS 239 – AGGREGATING AND REPORTING RISK DATA

Suranjan Som, Joint Practice Head, Business Intelligence at IMGROUP

The global financial crisis highlighted that most large banks lacked appropriate facilities to aggregate, assess and analyse risks in a timely and flexible fashion. A new set of regulations, from the Basel Committee on Banking Supervision, known as BCBS 239, aims to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices.
MEETING THE REQUIREMENTS OF BCBS 239 – AGGREGATING AND REPORTING RISK DATA 1While the seemingly never ending myriad of new regulations and frameworks must seem overwhelming, banks should realise that the aims of BCBS 239 are consistent with what they should already be doing to strengthen their risk management data and processes. The insights that effective data analysis can deliver for risk management purposes will enable banks to make better informed strategic and investment decisions and help communication across departments.

The regulation

The BCBS 239 framework can be broadly categorised into 4 main pillars. Pillar 1 covers “Governance and Infrastructure.” Governance entails putting in place the appropriate organisational and process structures to ensure that risk aggregation receives the kind of strategic importance that any other business critical process would for the bank.  This ranges from day to day management structures to senior management and C-level ownership of risk data. This Pillar also requires organisations to put in place the right kind of technology and process infrastructure,not only for risk aggregation requirements, but also to offer an extensible framework that will allow easy incorporation of newer forms of risk and sudden spikes in computation capabilities in stress or crisis scenarios.

Pillar 2 covers the core “Risk aggregation” capability of the bank. Among other things, the bank will need to ensure that it has in place the right resources to provide:

  • Accuracy and reliability via data quality processes
  • Adherence to an “enterprise data dictionary”
  • Well documented unambiguous processes – either automatic or manual
  • Completeness in terms of data usage and coverage
  • Consistent latency for aggregating risk within agreed SLAs
  • Flexibility and adaptability to provide new aggregations easily

Pillar 3 aims to strengthen the bank’s “Risk reporting” capabilities. The supervisors would need to be confident that the bank has in place a suitable risk reporting infrastructure that is:

  • Accurate with appropriate data quality processes
  • Comprehensive – covering all the agreed risk across agreed organisational entities i.e. asset classes, organisational structures, locations, counterparties, etc.
  • Clear, intuitive and useful for the end users to easily comprehend
  • Available and refreshed at agreed frequencies
  • Distributed to the users using appropriate content distribution processes

Pillar 4 ensures that the bank has the capability to “Review, Collaborate and Act” on the aggregated risk data as quickly and seamlessly as possible. In other words, the supervisors should have appropriate means to review the aggregated risk output, make any remedial changes as part of the workflow and interact collaboratively with peers.

The approach

Suranjan Som
Suranjan Som

Speaking to one of the key individuals looking after BCBS 239 on the business side for a large bank in the UK, his views were “Everything in this regulation should be common sense. But that worries me as common sense it not that common these days”.  While this was a “tongue-in-cheek” comment it does reflect the general approach taken towards risk management in most large banks. The approach is siloed, departmental and has gaping holes when it comes to integrating the information for regulatory purposes across the bank. Quantifying and generating granular risk numbers is well-solved problem now – however aggregating it up across all key entities is a herculean data management exercise that requires well-defined, clean data (and master/meta data) on everything that enriches those risk numbers from organisational hierarchies to product structures to risk attributes.

While most of the GSIBs (Global Systemically Important Banks) have been working to address some of the key requirements as a matter of normal course, not every organisation is at the same state of readiness to achieve full compliance in the next 24-36 months. Banks must still look at how they accelerate the process of identifying current readiness to meet the Principles of BCBS 239. They must also look to establish a practical roadmap to help meet the regulation and assist them in the implementation of a seamless risk data management operating model. In order for this to happen banks need to ensure that the right people are in the right roles, as well as having the right processes and governance in place to ensure a quality controlled data management operating model and the appropriate technology to support the scale, speed and agility of flexible risk data aggregation and delivery.

The opportunity

According to one of the former MDs at a large Swiss Investment Bank, “Banks should see this as a major opportunity to overhaul their existing system and processes rather than treat it as ‘box ticking’ exercise”. While it is very true that there is an overlap of what BCBS 239 prescribes over a number of initiatives supporting other regulatory frameworks (e.g. Basel III, MIFID II, COREP, CRD IV, etc.) , it will be missed opportunity for them, if they do not leverage this opportunity to fundamentally change the way risk is generated, stored, aggregated, distributed and monitored. The insights that effective data analysis can deliver for risk management purposes will enable banks to make better informed strategic and investment decisions, not only making them safer but also more profitable in the long run.