In the last decade, nine new regulations have been added for financial services, yet the old ones remain firmly in place. Banks continue to struggle with compliance, as evidenced by the fact that only 6.5% of banks are fully compliant with BCBS 239, according to the latest BCBS report published in November 2023. So, how can banks tick all the boxes and achieve compliance with these longstanding regulations to move forward efficiently and effectively?
The report reveals not only issues the banks have with meeting regulatory requirements but also significant problems in how they manage their data. The biggest identified gaps are data governance and data quality, which could seriously affect the banking industry.
What’s holding banks back?
Bank for International Settlements (BIS) concluded that while many banks have initiated programs and roadmaps to meet BCBS 239 requirements, these efforts often lack the necessary funding and attention from senior leadership. Without full commitment from boards and senior management, these initiatives fall short of establishing robust data management procedures, which leads banks to reduce compliance across all principles by 2.6%.
Several factors contributed to the delays:
- Global diversity and complexity: The federated operating model structure of modern banking operations makes standardization challenging. Differing regulations, systems and practices across regions hinder the development and implementation of robust data management procedures
- Evolving business models: Rapid changes in the banking sector and increased competitiveness demand more detailed and frequent data. The existing architectures are not ready to handle increased demands without significant updates without data management systems
- Data governance and quality challenges: Without strong data governance frameworks and a focus on data quality, banks struggle to aggregate and report risk data effectively. Inconsistent or incomplete data can lead to inaccurate risk assessments and hinder decision-making
The report also shows that organizations are heavily investing in artificial intelligence with the hope that it will help to overcome persistent data management challenges (such as the ability to automate documentation, reduce manual interventions and automate data discovery), but these technologies have not yet made a real impact on banks’ risk data aggregation and reporting. The reason – without high-quality data, which is essential for any digital transformation, banks can’t fully harness the power of AI.
The burning issue: Governance gaps
The BIS report reveals that compliance among the 31 assessed Global Systemically Important Banks (G-SIBs) has made little progress over the past three years (2019–2022). The average compliance score across all principles has hardly changed, increasing only by 0.02 points. In contrast, there was a noticeable improvement from 2017 to 2019 with 0.24 points increase.
Figure 1: BCBS 239 compliance grades over the years
The report in 2019 demonstrated that banks are improving across all principles. However, between 2019 and 2022, compliance regressed in 6 principles. Alarmingly, Principle 1: Data governance dropped more than any other, despite being the second-fastest-improving principle in the previous period.
This is not surprising, however, because many companies cut back on investments and leadership. Data governance is like a fire — if you stop adding fuel, it dies out, leaving you in the cold.
To change this trajectory, the BIS reminds the banks about importance of the data governance:
“A comprehensive data governance framework with clearly defined roles and responsibilities to manage data and address data quality and other data-related issues is essential for successfully implementing BCBS 239.”
The ongoing journey towards compliance
The BIS assessment highlights that banks are at different levels of compliance with the BCBS 239 principles. Of course, there were internal factors, such as insufficient board oversight and low prioritization, which have influenced these results. However, there were external factors as well, like the pandemic, that exposed weaknesses in fragmented IT landscapes, where some banks struggled to provide timely, accurate information for decision-making and had to rely on time-consuming manual reporting.
Interestingly, while some banks perceive themselves as fully compliant, they still face significant data quality and governance challenges that require long-term remediation. This reminds us that compliance isn’t the ultimate goal, it’s rather here to drive efficiency and deliver higher-quality services with reduced risks for both customers and the industry. In short, we have to be ready for a long journey ahead of us.
The recommendations from BIS
In its latest report, the BIS reminds banks to continue implementing recommendations from previous reports. Together with this, the BIS has offered new guidance to address recent challenges:
1. “Bank boards should prioritize and intensify their oversight of data governance”
Ensure the board and senior management take active ownership of BCBS 239 compliance, making it a top priority. The board of directors formulate their expectations for senior management to meet these requirements.
The board of directors should assume a proactive role in overseeing the adoption of the Principles, including the development, implementation and maintenance of a robust data governance framework that includes effective risk data aggregation and reporting throughout the bank.
Banks should outline a clear separation of senior management’s roles and responsibilities, as well as the roles of the board of directors and its subcommittees for risk data aggregation and reporting across the three lines of defense.
2. “Foster a culture of ownership and accountability for data quality across the organization”
Banks should establish distinct ownership and accountability for data quality by designating data owners, as well as independent units for validating risk data and risk reporting and foster a data culture across the organization.
Banks should formulate and present a standard set of key performance indicators (KPIs) to the board of directors that allows them to assess data quality for all material group-level risks.
3. “Apply the Principles comprehensively to risk data in a broader context”
Define a clear, comprehensive scope for BCBS 239 for effective risk identification, monitoring and reporting.
The scope should document and specify all reports, models and indicators (at a minimum, all main risk reports for all material risks). It should also cover all business processes (front to back) and the full data lifecycle from data origination, capture and aggregation to reporting (data lineage). Finally, all material legal entities, business lines, risk, financial, and supervisory reporting activities should be documented.
4. “Ensure sound data quality as the foundation for digitalization projects”
Leverage new technologies to address data management challenges, such as automating documentation and maintaining data lineage.
Before digitalization, ensure high-quality source data and consistent data standards (common data taxonomies etc.).
Design scalable, adaptable data lakes to support the evolving needs of both internal and external stakeholders.
Conclusion: The fire that must keep burning
As the recent BIS assessment shows, many banks still have some challenges in achieving full compliance with BCBS 239, largely due to gaps in data governance, data quality and overall management practices. Addressing these challenges is essential for maintaining regulatory alignment, ensuring operational efficiency and leveraging the full potential of digital transformation.
At Collibra, we understand the vital role that robust data governance and quality play in achieving BCBS 239 compliance and in driving organizational success. Our comprehensive platform offers capabilities designed to support banks through each stage of compliance:
- Data Governance: Establish solid governance processes with clear roles and responsibilities to ensure accountability and control over the data lifecycle
- Data Quality: Ensure the data accuracy and reliability, supporting precise risk aggregation and reporting. High data quality is the basis for regulatory compliance and decision-making
- Data Lineage: Achieve end-to-end data visibility and traceability that is essential for understanding data flows and sources
BCBS 239 compliance is a journey, requiring sustained commitment and continuous improvement. By leveraging Collibra’s platform, banks can tackle data management challenges, meet regulatory expectations and unlock new opportunities for growth and success.
***
1. Basel Committee on Banking Supervision, “Progress in adopting the Principles for effective risk data aggregation and risk reporting”, November 2023 (https://www.bis.org/bcbs/publ/d559.pdf)
