BIS assessment of banks' compliance to BCBS 239 principles

BCBS 239 progress report: Significant work still needs to be done for full compliance | February 23, 2024

The Bank for International Settlements (BIS) recently published the 2023 BCBS 239 report, Progress in adopting the Principles for effective risk data aggregation and risk reporting (2023 report). The 2023 report provides an assessment of banks’ progress in complying with BCBS 239, nearly 10 years after the initial publication of the Principles and seven years after the expected date of compliance. Among the 31 banks assessed, only two are fully compliant—a slight improvement from 2019, when no banks were found to be fully compliant. While most banks have made progress, some banks are still struggling with adopting the Principles.

The 2023 report notes improvements in the overarching governance, risk data aggregation capabilities, and reporting practices of several banks. However, the overall pace of banks’ progress in implementing sustainable risk data aggregation and risk reporting capabilities has been slower than foreseen, due, in large part, to persistent challenges with fragmented IT landscapes, legacy systems, and manual processes that are not fit for purpose.

The BIS advises that banks continue to implement recommendations of previous BCBS 239 reports and provides for additional recommendations to attain or sustain full compliance. Among the new recommendations, the BIS calls on boards to take full responsibility for overseeing the development, implementation, and maintenance of robust data governance frameworks. Furthermore, banks should foster a culture of ownership and accountability for data quality across the organization, adopt the Principles comprehensively in a broader context, and ensure sound data quality as the basis for digitalization projects.

Learn more about the progress banks have made and investment opportunities for continued improvement.

BCBS 239 Progress Report: How much has the needle moved and why is it still not enough? | June 9, 2020

The Bank for International Settlements (BIS) recently published the 2019 BCBS 239 Report–Progress in adopting the Principles for effective risk data aggregation and risk reporting (2019 Report). The 2019 Report provides an assessment of banks' progress in complying with BCBS 239. Similar to prior years, the 2019 Report finds that no bank is fully compliant, even though in 2017 at least three banks were identified to be such. This is an indication of heightened regulatory expectations for effective data management. According to the 2019 Report, the largest contributing factor to non-compliance is the inability to achieve the target state data architecture and IT infrastructure necessary to meet the Principles.

The 2019 Report notes that significant efforts have been made by institutions to improve on the principles within the three focus areas:

1. Overarching Governance and Infrastructure;
2. Risk Data Aggregation Capabilities; and
3. Risk Reporting Practices

While there have been strides made in improving quality for the most critical and impactful data, continuous improvement is necessary so that the quality of data is fit for purpose across financial, risk, and management reporting. The 2019 Report also noted that firms have begun to apply these practices beyond risk data to regulatory reporting, financial reporting, and recovery and resolution plans.

Learn more about the progress banks have made and investment opportunities for continued improvement.

BIS assessment of BCBS 239 compliance | January 24, 2019

Data management capabilities are a growing focus area for regulators. During the financial crisis, gaps were identified in data provided to regulators and subsequent investigation revealed numerous weaknesses in data capabilities. These gaps existed in both financial and risk data that are used to manage risk, provide business insights, and comply with regulatory requirements. The increased focus on data capabilities makes data management across the enterprise a necessity.

In 2013, the Basel Committee on Banking Supervision (BCBS) issued Principles for effective risk data aggregation and risk reporting (BCBS 239). The set of principles in the paper provide a foundation for a framework to address and help resolve critical weaknesses that banks have in understanding and accurately describing their overall exposures and key risk factor. BCBS 239 lists out four major categories and fourteen principles (11 of which are applicable to banks, the remaining three are applicable to regulatory supervisors).

The core focus areas for banks include:

1. Overarching Governance and Infrastructure;
2. Risk Data Aggregation Capabilities; and
3. Risk Reporting Practices

Learn more about the progress banks have made.