Table of Contents

What is BCBS 239 and Why Is It Important?

In response to the financial crisis of 2007-2008, the Basel Committee on Banking Supervision (BCBS), under the Bank for International Settlements (BIS), developed the Principles for Effective Risk Data Aggregation and Risk Reporting, known as BCBS 239. The global financial crisis exposed significant weaknesses in risk data management and transparency within financial institutions, highlighting the urgent need for comprehensive reform to address these systemic issues and help prevent future crises.

Published in 2013, BCBS 239 presents guidelines designed to enhance banks' ability to accurately and promptly identify, aggregate, and report risk data. The Bank for International Settlements has overseen and supported BCBS 239 implementation by providing a comprehensive supervisory framework for monitoring compliance. Recent assessments have highlighted that significant work remains, with most banks still working to fully adopt the Principles.1 The BCBS fully recognized this ongoing compliance challenge in a progress report published in November 2023, which revealed that many banks are still at different stages of alignment with the established principles.

Currently, only two out of 31 global systemically important banks (G-SIBs) fully comply with all principles.2 This statistic underscores the ongoing regulatory challenges, complexity, and evolving priorities in the financial sector across the EU and beyond. Importantly, BCBS 239 principles also extend to domestic systemically important banks (D-SIBs), underlining the critical importance of compliance and robust data governance for both global and domestic institutions throughout the regulatory landscape.

BCBS 239: Understanding Key Principles and Challenges for Banks 

The Basel Committee's progress report also underscores the increasing regulatory expectations for banks to align with BCBS 239 principles to ensure sound risk management and data governance. Digging deeper into the evolution of BCBS 239 and its adoption, according to PwC's 2024 progress report, delays in implementing the principles are further exacerbated by the diversity of banks' global operations, evolving business models and the need for more detailed and high-frequency data. The global pandemic and recent stress events have highlighted weaknesses in banks' IT landscapes and in the aggregation and reporting of data, making robust risk management frameworks essential to support compliance with BCBS 239 and to strengthen operational resilience in this challenging environment.

Bernard Marr, a global thought leader in business and technology, recently observed that many banks are facing significant headwinds: "Midway through the decade, established institutions face unprecedented pressure from challenger banks and fintech disruptors while racing to implement AI solutions and enhance customer experience." These market pressures further complicate banks' efforts to prioritize regulatory compliance alongside digital transformation initiatives.3

Understanding the core framework is essential for effective implementation. Adhering to established reporting principles is critical for accurate and reliable risk reporting, which supports effective decision-making and regulatory compliance. Let's examine the most important aspects of BCBS 239 and its 14 key principles below:

Core Aspects of BCBS 239

Governance and Infrastructure:

  • Establishing a robust governance framework and infrastructure to support data collection, integration, and management, including the formation of a data governance committee. This committee should define clear data ownership and assign data owners, ensuring accountability for data quality, consistency, and effective risk data management across the organization.

  • Ensuring accountability and ownership, with active involvement of senior management to provide oversight, review risk reports, and allocate sufficient resources (technology, people, and finances) at all organizational levels.

Risk Data Aggregation Capabilities: 

  • Enhancing data accuracy, completeness, and timeliness to ensure reliable risk data and timely data for effective risk management.

  • Aggregating risk-related data across departments and systems to provide a unified view of risks, aggregate risk data, and produce aggregated risk data that meet the bank's risk reporting requirements.

Risk Reporting Practices:

  • Ensuring risk reporting is accurate, timely, and accessible to decision-makers, with a focus on producing risk reports and risk management reports that include all risk-related measures and align with the organization's overall risk profile.
  • Promoting comprehensive and clear risk reporting to support informed decision-making by establishing robust internal risk reporting practices.

Supervisory Review, Tools, and Cooperation:

  • Encouraging supervisors to monitor compliance and enhance banks’ infrastructure and practices. 

Compliance Culture:

  • Develop a proactive, risk-focused culture that is adaptable to regulatory changes. 

Implementing these requirements means a significant investment in infrastructure, technology, and people to make risk data aggregation and reporting a strategic priority. 

Recent BCBS 239 Updates and ECB’s RDARR Guide: Critical Compliance Developments 2024-2027 

Additionally, the latest changes (outlined below), which include the European Central Bank's (ECB) Risk Data Aggregation and Risk Reporting (RDARR) Guide,5 published in May 2024, emphasize the critical importance of organizational collaboration, strategic data management, and the integration of technology to improve the success rates of BCBS 239 adoption. 

1. Broader Applicability:

  • The ECB has intensified its focus on deficiencies in risk data aggregation and reporting, making it a top priority for 2025-2027. 
  • Banks are urged to address long-standing deficiencies and establish effective RDARR frameworks. 

2. Management Accountability: 

  • The RDARR Guide holds management bodies accountable for implementing effective governance arrangements. 

  • It stresses the importance of management's role in ensuring compliance and operational efficiency. 

3. Technological Integration: 

  • The guide highlights the need for integrating technological solutions to enhance data quality and reporting capabilities, emphasizing the importance of robust data lineage and ensuring data accuracy for regulatory compliance.

  • Access to high-quality governed data is essential for leveraging AI and advanced analytics, and data catalogs play a key role in centralizing and automating data governance and compliance processes.

Collaboration between various departments and business and technical stakeholders is crucial to aligning efforts and effectively achieving BCBS 239 goals.

The Role of Data Management in BCB 239 Compliance

Trusted data and its management are at the core of all regulatory compliance in modern enterprises. The preceding BCBS progress reports highlighted that key stakeholders involved in the oversight and execution of BCBS 239 clearly demonstrate the importance of high-quality data foundations managed by appropriate technology solutions.  

Many banks have been operating on legacy IT systems that were not designed with modern data management capabilities in mind. These systems often result in data silos, where information is stored in disparate databases and formats, making it difficult to aggregate and report risk data across the organization effectively.

The ECB states in the Risk Data Aggregation and Risk Reporting (RDARR) Guide that ‘Banks which unlock the full potential of BCBS 239 capabilities, can enhance their operational efficiency and increase resilience. Access to high-quality governed data is also essential for harnessing innovative technologies such as Artificial Intelligence and advanced analytics to develop innovative products and services.”5

What's more, the Basel Committee Report from November 2023 observed that “Boards should take full responsibility for overseeing the development, implementation, and maintenance of robust data governance frameworks. Furthermore, banks should foster a culture of ownership and accountability for data quality across the organization, adopt the principles comprehensively in a broader context and ensure sound data quality as the basis for digitalization projects."6

Effective implementation of BCBS 239 relies heavily on data quality and consistency, achieved through accurate, reliable and complete datasets, standardized definitions, and formats. Integrating data by eliminating silos and transforming it into consistent, usable formats for comprehensive reporting to support informed decision-making across the business. Coupled to this, a robust data governance framework is crucial to drive effective operations and assigning clear roles and responsibilities.  

How IDMC Supports BCBS 239 Compliance 

It is clear that technology and its use play a pivotal role in the successful implementation of BCBS 239. Informatica’s Intelligent Data Management Cloud (IDMC) provides a comprehensive platform that addresses the challenges of regulatory compliance in several critical ways: 

1. Data Integration

  • Unified Data View: IDMC integrates data from various sources using its data Integration solution, ensuring that data is consolidated and standardized. Managing data assets through a centralized data catalog is essential, as it facilitates compliance and data governance by making it easier to discover, govern, and control organizational data. This unified approach helps maintain data consistency and accuracy, which is crucial for compliance reporting.

  • Data Transformation: IDMC’s metadata management capabilities allow organizations to track and manage data lineage, which is essential for audit trails that enable regulatory compliance transparency.

2. Data Quality Management  

  • Accuracy and Completeness: High data quality is crucial for accurate regulatory reporting and pipeline integrity. IDMC offers robust data quality management features to cleanse, validate, and enrich data, which is critical for compliance.

  • Identifying and managing relevant risk data is essential to ensure accurate and comprehensive regulatory reporting, as it enables organizations to link metadata and policies to risk data assets for improved compliance and governance.

  • Standardization: It standardizes data definitions and formats across the organization, reducing inconsistencies

3. Data Governance 

  • Governance Framework: IDMC supports robust data governance frameworks, ensuring accountability and oversight and defining the roles, rights and policies of critical data elements used to comply with BCBS 239. Data catalogs play a key role in centralizing, automating, and improving data governance, lineage, and compliance efforts across the organization.

  • Data Sharing: IDMC democratizes data by making it accessible with trust and confidence to both technical and non-technical users across the organization in a transparent and efficient way (through its Data Catalog and also, its self-serve solution Data Marketplace) while maintaining regulatory compliance policy adherence and improving data literacy and collaboration.

4. Risk Data Aggregation and Reporting 

  • Timely Reporting: IDMC enables timely aggregation and reporting of risk data, supporting informed decision-making.

  • Comprehensive Reporting: IDMC provides robust, comprehensive AI-powered (CLAIRE®) data management capabilities, helping organizations manage, protect and report on sensitive data. It is essential to produce risk reports that comprehensively cover all significant risks and their components, ensuring a complete overview of the organization's risk profile.

  • Stress Testing Analysis: Master Data Management (MDM) solutions support advanced stress testing and scenario analysis by providing a consistent and comprehensive dataset. The dataset can be used to assess the impact of various stress scenarios and identify credit, market, operational and liquidity risk exposures with clients and counterparties — capabilities essential for BCBS 239 compliance.

The Modern AI-Powered Platform Solution for Regulatory Compliance 

IDMC provides a comprehensive AI-powered connected data management platform for compliance across industries and regulations, including the financial sector and BCBS 239. The IDMC platform helps minimize data risk exposure and maximize transparency throughout the data lifecycle. It automates and streamlines policy compliance processes through its cloud-native application, offering flexibility and scalability to adapt to new and evolving regulatory mandates. Aligning risk management reports with the bank's operations ensures comprehensive coverage of all material risks related to the bank's activities and risk profile.

It also facilitates safer data use through monitoring and automating data discovery and classification, ingestion, integration, mastering, and quality controls, helping to govern your data to remain clean, accurate, transparent, consistent, protected and fit for efficient business use to meet regulatory policies that helps organizations maintain customer trust and strengthen their business reputation.

The Future of BCB 239 Compliance

So, what is the outlook for BCBS 239 and its successful adoption in the financial sector? 

1. Enhanced Regulatory Scrutiny 

  • Increased Focus: Regulatory authorities, such as the ECB, are intensifying their focus on deficiencies in risk data aggregation and reporting. The ECB's RDARR Guide emphasizes the need for effective risk data aggregation and reporting frameworks, making it a top priority for 2025-2027 and increasing the penalties for non-compliance, requesting the Banks to “step up their efforts” under the penalty of “triggering escalation measures” if they fail to meet supervisory expectation.7
  • Ongoing Reviews: Targeted reviews, on-site inspections, and annual questionnaires will be key activities to ensure compliance. 

2. Accountability and Governance 

  • Management Accountability: The RDARR Guide holds management bodies accountable for implementing effective governance arrangements and prescribes that “‘at least one member of the management body should own the RDARR framework.”’. 

3. Robust Data Management 

  • Data Quality: Access to high-quality, governed data is essential for harnessing innovative technologies. The Guide defines four key dimensions of data quality controls in implementation programs: (1) Accuracy, (2) Integrity, (3) Completeness, and (4) Timeliness, and requires the establishment of a concrete register for data quality issues and limitations.
  • Data Lineage: The Guide requires complete and up-to-date data lineage at the data attribute level - starting from data capture to final reporting.9

4. Technological Innovation

Artificial Intelligence (AI) and machine learning have introduced new challenges and opportunities for risk management. Financial institutions are increasingly integrating AI-driven models for risk assessment, fraud detection, and decision-making. The size, complexity and distributed nature of data, combined with increasing requirements for speed of action, mean the manual data governance and management practices of the past can never keep up with the agile business and compliance needs of today. Therefore, the underlying technology foundation supporting the execution of the data management strategy requires AI-powered automation to scale. 

The Modern AI-Powered Platform Solution for Regulatory Compliance 

Complying with BCBS 239 offers organizations wider-ranging benefits, including enhanced risk management through stronger data governance, which facilitates precise risk assessment and mitigation. Accurate and comprehensive risk management reports are essential, as they provide stakeholders with a clear, standardized, and actionable overview of the organization's risk profile, supporting effective risk assessment and mitigation. By streamlining risk data aggregation, institutions achieve greater operational efficiency, reducing manual efforts while improving reporting speed and business resilience. This high-quality data governance not only provides a competitive advantage by enabling faster, data-driven decision-making but also strengthens market positioning.

Additionally, investing in technology to advance data governance and reporting fosters innovation that could support the development of new products and services that strengthen customer relationships and brand loyalty.

Further Reading 

ECB Directive boosts data quality in banks | springerprofessional.de 

Managing Digital Operational Resilience Act (DORA) Compliance  

Shaping the Future of AI: Understanding and Preparing for the EU AI Act  

Chart the Course for Responsible AI Governance  

Advance Your Enterprise with Data Cataloging for Next-Gen Data Governance  

Unlock the Benefits of AI-Powered Data Lineage to Boost Your Business Success  

ESG Compliance: How to Meet ESG Reporting Standards with Data Management  

How Organizations Can Achieve ESG Data Mastery  

Cloud Platform

Get Started

Resources

Learn Data Integration

Legal Privacy Policy Modern Slavery

© Informatica Inc.