Skip to content

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.

Enterprise risk management

Implementing BCBS 239: The starting line for great progress

Marion Leslie  Managing director, Thomson Reuters Enterprise proposition

Marion Leslie  Managing director, Thomson Reuters Enterprise proposition

It’s not uncommon for an industry crisis to lead to sweeping reforms. The auto industry is a perfect example. Banks too have been forced to change practices that pushed some to the brink of collapse during the financial crisis. Regulators are mandating change in the way firms manage risk and compliance and are driving timelines. However, putting new processes in place will take time and money. Banking is no stranger to crisis, and this is not the first time the industry has been forced to change. After the banking failures of the Great Depression, the tighter rules imposed delivered a stronger and more resilient industry that went on to fuel America’s postwar boom.

This time too, there will be positives to counter the unintended consequences of regulation. Change imposed from outside can enable an industry to transform, giving impetus to invest in the future. Whilst the regulations impact the world’s systemically important banks first, ultimately national regulations will follow to address shortcomings seen in domestically important institutions.

Ready or not …

The marketplace is recently waking up to the fact that implementing the required changes as outlined by Basel’s principles for effective risk data aggregation and risk reporting ahead of the January 2016 deadline may be harder than it first thought. Polled in January 2015, 14 systemically important banks said they believed they would not be ready in time, up from 10 in 2013.

Meeting the requirements is not optional. Complying with Basel’s principles – first published in January 2013 – calls for a strategic, enterprise-wide approach to the way banks handle their data governance, lineage and architecture.

The challenges posed by BCBS 239 vary by individual bank and the systems they already have in place. Those with an aggregated risk capability in place may already be ahead of the curve. Those running risk management along business lines using multiple siloed databases may find themselves at a disadvantage, with much work to do from an architectural, infrastructural and even cultural and organisational perspective.

Regardless of current status, there are many potential benefits to be gained as the result of a successful implementation. And realising those potential benefits will depend to a large degree on attitude.


Those that consider BCBS 239 as an onerous intrusion into an already complicated business may fail to foster a deeper change in the way they do business. Compliance requires adherence to the letter of the law, but it is the spirit of the law that creates the opportunities.

By aggregating this data – as per BCBS 239 – banks will begin to use the data to drive better decisions on risk management, capital allocation and ultimately new business.

The benefits of being able to slice and dice risk data across the enterprise are largely untapped in many organisations due to the complexity of systems and databases. Banks have the chance to take a longer- term strategic approach – by leveraging a strong data architecture fed by high-quality data from trusted sources. This approach will leave them well-placed to optimise their capital usage and operating efficiencies, improve their stability and identify opportunities for enhancing their business going forward.

Using the mandate as an opportunity is key to building a modern infrastructure that can service future needs. For those who stand to benefit the most, January 2016 is the starting line and not the finish.

How did we get here?

As the financial crisis unfolded, how many banks could tell at the push of a button what their aggregate risk exposure was to Lehman Brothers or Bear Stearns? Operating with hundreds of platforms, using siloed data sets for different business lines, and with no common identifiers or asset definitions it took many firms weeks to determine the full, corporate level of risk exposure. Fast-forward to today and teams are still unravelling the consequences of these banking failures. This is precisely what the Basel Committee on Banking Supervision is seeking to address.

BCBS 239 is designed to remedy the risk data aggregation and risk reporting failings exposed during the crisis. Due to take effect in January 2016, it introduces a set of 14 best-practice principles spread across four closely related topics:

  • Overarching governance and infrastructure
  • Risk data aggregation capabilities
  • Risk reporting practices
  • Supervisory review, tools and cooperation

The goal is to enhance a bank’s risk management and decision processes, data quality, flexibility and agility when it comes to risk aggregation at a corporate level. To do this, banks need to capture and aggregate risk data across business lines and legal entities, and not only demonstrate the ability to perform effective and regular risk management, but also to conduct ad hoc risk assessments (e.g., of critical credit, market and liquidity positions and exposures during times of stress and crisis). For some organisations, achieving compliance will entail a fundamental review of their data structures, processes and systems.

According to the Basel Committee, banks “should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts.” This signals the importance of holistic, enterprise-wide data management to deliver the accuracy and integrity of aggregated risk data, to produce the required risk reporting during times of stress or crisis.

Robust governance and oversight of banks’ risk data, systems, policies and procedures is a central plank of the regulation. Currently, risk data stakeholders often sit across disparate parts of the organisation, including risk management, finance, IT and data operations. In response, many institutions have appointed a Chief Data Officer to own overall data governance across the firm. So what are the opportunities?

A fresh perspective

The benefits of being able to slice and dice risk data across the firm are relatively untapped due to the complexity of banking systems and databases. In addition, aggregating data for risk reporting will open up opportunities to proactively use this data to drive better business decisions to better manage risk, allocate capital or identify fresh business opportunities.

The key is to use the mandate as an opportunity to build a business infrastructure to serve the future. Having access to the full spectrum of data representing business activity across the corporation will allow organisations to gain insights never available to them before.

By seeing BCBS 239 as the starting line, banks will not only be better prepared to handle future market events, but will be able to do business differently. Some of the benefits are: better decision making, improved performance, enhanced customer service, capital efficiency, the ability to streamline multiple compliance projects and increased company value.

You get what you put in

Many banks today have a wealth of information in places that are hard to access with different labels and mismatching categorisations. Firms know what questions they want to ask about business trends and performance, but getting to the answers is tough. By implementing the standards and common taxonomies required by Basel, supported by a robust and integrated data architecture, banks will finally be able to access and analyse consistent data that has eluded them for so long, even combining it with external sources such as social media sentiment analysis.

Data needs to be consistently managed, right across the firm. Fragmented approaches to data management will not get you across the finish line. Adoption of an enterprise approach to aggregating and managing risk (instead of siloed legacy databases that don’t talk to each other) supported by a robust and integrated data architecture using consistent data across the institution is more likely to succeed.

“Banks should develop and maintain strong risk data aggregation capabilities to ensure that risk management reports reflect the risks in a reliable way.” To this end, the Basel Committee included the following among its principles: Accuracy and Integrity, Completeness, Timeliness and Adaptability.

How your data provider can help

In this globalised and regulatory-driven age, the emphasis must be on sourcing trustworthy data inputs from independent partners that can provide the requisite scope, reliability and capacity for auditing that will ease banks’ compliance obligations and optimise their operating efficiencies.

Robust pricing and reference data are a major part of the equation. Any oversights or miscalculations can become magnified once the data is aggregated at a corporate level, creating potentially dangerous distortions in reported risk exposures. Similarly, using standard data identifiers and classifications wherever possible, such as Legal Entity Identifiers (LEIs) and common instrument codes, will better help banks accurately aggregate information from their different business lines.

Marion Leslie on data management and BCBS 239

Therefore, banks should seek an established and experienced enterprise content provider able to offer:

  • High-quality, timely and comprehensive front-to-back content coverage to meet business activity, risk, regulatory, compliance and audit needs
  • Consistent content across feeds, applications and desktops
  • Experience in real-time and non-streaming content provision
  • Commercials geared towards enterprise usage
  • Deep understanding of the regulations and a proven ability to provide content ready for regulatory reporting
  • Responsive service and support models

Ultimately, BCBS 239 may seem like another onerous requirement for overstretched banks. The obligations are challenging, and meeting the January 2016 implementation date has proved a struggle. Yet in the race to comply, banks should remain focused on the opportunities.

Meeting the minimum regulatory requirements should be seen merely as a starting point. Banks that take a longer-term, strategic approach – by leveraging a strong data architecture fed by high-quality data from trusted sources – will be well-placed to optimise their capital usage and operating efficiencies, improve their stability, uncover opportunities for enhancing their business and customer service, and drive future growth and profitability. Truly goals worth the effort.

Learn more

BCBS 239 is the starting line, not the finish. Read more about the benefits of the Basel Committee’s goals in our whitepaper.

Exchange Magazine in the Know 360 app
Read more from Exchange Magazine in the Know 360 app
  • Facebook
  • Twitter
  • Linkedin
  • Google+
  • Email

More answers