Emerging & Specific Regulation

BCBS 239239 Extension

What is BCSB 239 Compliance? and What is the latest BCBS 239 Extension?

BCBS 239: Principles for Effective Risk Data Aggregation and Risk Reporting, 2013 Principles issued by the BCBS providing guidance to banks on how to enhance the processes by which they collect, manage, and report risk data in an effort to improve risk management capabilities.

The extension by ECB of BCBS 239 principles represent a substantial advancement in fortifying financial institutions’ risk data aggregation and reporting practices in the financial sector, tackling the deficiencies observed in previous implementations of BCBS 239 to make the financial industry more resilient by improving overall data quality, governance, and infrastructure to support effective risk management principles.

BCBS 239 Compliance & Latest Revisions

European Central Bank (ECB)’s thematic review on effective risk data aggregation and risk reporting based on the Basel Committee on Banking Supervision (BCBS) 239 principles provides a detailed examination of the state of risk data management at significant financial institutions. Established as a 2016 supervisory priority, the review invites an in-depth evaluation across 25 significant institutions to assess governance and other structures as it pertains to data aggregation and reporting in risk management.

The results of the ECB’s review offer a bleak implementation status of the BCBS 239 principles at the institutions examined including some global systemically important banks, noting no institution being able to demonstrate full execution of BCBS 239 principles by its conclusion. The failures are usually due to the lack of clear responsibilities and accountabilities for data quality and a misunderstanding between business control functions and IT departments on roles and responsibilities.

A reiteration is made for sound data aggregation capabilities and robust risk reporting mechanisms in the context of the global financial crisis – a period in which the management of risk-related data had an extremely detrimental effect on financial institutions’ risk profile and business model viability. The need to strengthen governance frameworks, data management processes, and IT infrastructure to support better functioning data aggregation and reporting capabilities is the ECB’s verdict.

Areas of significant concern from the review include: inadequate clarity on responsibilities around data quality, insufficient scoping of key reports, a disconnect between Legal Entity and Global governance, non complete BCBS principles implementation and absence of checks at the executive level. Remediation necessitates a firm commitment to reassess governance, IT strategy and business operations to meet both supervisory expectations and global benchmarks.

Name(Required)
(Required)

BCBS 239 Compliance: Pitfalls & Lessons Learned

The urgency for implementing the BCBS 239 extension is driven by the increasing complexity of the financial system and the lessons learned from past financial crises, including the 2007 crisis and the more recent challenges posed by the COVID-19 pandemic. These events have underscored the critical importance of having reliable risk data for decision-making and risk management, particularly in stress situations. The ECB’s consultation, which concluded on October 6, 2023, reflects a proactive approach to addressing these challenges and preventing future systemic risks. BCBS 239 Compliance is back in question!

Tackling as a matter of priority the seven key areas of concern highlighted by the ECB is key:

  1. Responsibilities of management bodies,
  2. Sufficient scope of application,
  3. Effective data governance framework,
  4. Integrated data architecture,
  5. Group-wide data quality management and standards,
  6. Timelines of internal risk reporting,
  7. Effective implementation programmes.

Getting a head start in boosting Risk Data Aggregation and Risk Reporting (RDARR) capabilities, particularly in light of an expected ramp up in supervisory oversight. ECB Banking Supervision division focuses predominantly on the strengthening of governance frameworks and the credibility of risk data, marking it as a supervisory focal point. The division is gearing up its full artillery of supervisory tools and powers to levy stringent enforcement actions on firms neglecting its directives, materializing in sanctions within this financial year. Furthermore, RDARR is projected to have an increasing level of importance within the Supervisory Review and Evaluation Process (SREP), wherein substandard data quality may lead to tougher Pillar 2 Requirements (P2R).

 

WHo is impacted by BCBS 239?

The BCBS 239 extension affects a wide array of financial institutions, especially those with significant international operations and those deemed systemically important.

Asset Managers
Banks
Fintechs

How Can We Help?

The ECB’s initiative underscores a broader regulatory push towards enhancing the financial industry’s risk management capabilities through better data practices. The ECB’s guide not only sets out to address current inadequacies but also aims to future-proof institutions against emerging risks. Implementing these guidelines can lead to significant operational and financial benefits, including improved risk management, strategic decision-making, and cost efficiencies through automation and streamlined processes.

1

Performing a preparedness evaluation

  • Expanded Gap Analysis: Deloitte can dive deeper into your existing systems, identifying not just gaps against the principles but also potential bottlenecks, hidden vulnerabilities within your data infrastructure, or legacy systems that might hinder compliance.
  • Benchmarking: Compare your existing risk data practices against industry best practices and anonymized peer data, providing a broader view of where you stand beyond just regulatory requirements.
  • Implementation Cost Projections: Integrate cost estimates for remediation actions into the roadmap, including technology upgrades, process changes, and potential staffing needs, aiding budgeting and resource allocation.

2

Data Architecture and Governance

  • Prioritizing Risk-Centric Data: T3 would strongly emphasize the “risk” aspect of risk data, ensuring governance focuses on what metrics and data types are most critical for risk management decision-making.
  • Data Ownership & Accountability: Clear focus on defining roles and responsibilities across business units and IT teams, suitable for organizations where data ownership can get blurred.
  • Integration with Existing Risk Frameworks: Design governance structures that tie into how your institution already assesses, measures, and mitigates risk, rather than creating a parallel structure just for BCBS 239.

3

Technology Implementation and Integration

  • “Right-Sized” Technology Solutions: Help you evaluate more targeted tools and best-of-breed solutions rather than large enterprise platforms, offering greater flexibility for smaller firms or those with niche technology needs.
  • Agile Implementation: Focus on iterative implementation models for system changes, minimizing disruption and allowing for course correction.
  • Data Validation as Priority: Prioritize robust reconciliation and data quality validation features within any recommended technology solutions.

Want to hire 

Regulation Expert? 

Book a call with our experts

Hire US