BCBS 239 Operationalizing Compliance: Ongoing Journey to Accurate, Complete and Timely Data

Why half of targeted banks missed the deadline.

The global financial crisis revealed the need for banks to vastly improve their risk and compliance data governance and infrastructure capabilities. Many believe these shortcomings contributed to the length and severity of the financial crisis. To remedy these concerns, National Supervisors around the globe adopted Basel Committee on Banking Supervision Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239).

The BCBS 239 effective compliance date for global systemically important banks (G-SIBS) was January 2016. The expectation is that National Supervisors also require compliance from domestic systemically important banks (D-SIBs) and other large banks.

Perhaps you, or someone you know, work at one of the 50 percent of banks that reported material non-compliance with the Governance and Infrastructure principles in the BCBS 239 Progress Report⁽¹⁾. Operationalizing compliance with these principles is a pre-requisite for complying with the remaining nine bank-specific principles.

There are many reasons banks have struggled. Consider that BCBS 239 is estimated to cost the banking industry in excess of $8B US over the period 2014-2019⁽²⁾. This is a transformational process that will evolve for years to come. Therefore, it is important banks are realistic as they assess their own compliance and prioritize initiatives. In assessing the progress you’ve made, consider areas where we’ve seen banks struggle, such as:

• Breaking down information barriers created by business unit silos and geographies
• Overcoming disparate and redundant technology platforms
• Complying with new and evolving regulatory standards and laws
• Standardizing best practices to control and secure data aggregation and reporting
• Controlling and securing sensitive files shared both internally and externally

Operationalizing compliance is the responsibility of every bank employee and the third parties with whom they interact. The people, process and technology required to control and secure data permeate every corner of your organization, warranting substantial executive and board engagement.

A hallmark of robust governance is when it enables bank employees to efficiently and effectively ensure data is accurate, complete and timely. This sensitive information must be secured and readily accessible by internal and external parties, making it imperative to secure the data at rest, in use and in motion. Key characteristics of a world-class data governance and infrastructure program include:

• Strong tone at the top demonstrated by board oversight, resources and reporting
• Effective and efficient operational controls ensuring accurate, complete and timely data
• IT infrastructure that breaks down business silos and geographic boundaries
• Secure sensitive files using encryption or other means at rest, in use and in motion
• Best-practice standards across business units, geographies and technologies

Operationalizing compliance with BCBS 239 is necessary to protect a bank’s reputation, brand and bottom line. Compliance-minded boards recognize this fact and proactively support enterprise adoption of safe and sound data governance with adequate IT infrastructure.

Keep these criteria in mind throughout the evolution of your data governance and infrastructure program. Interested in learning more about how Intralinks can help? Download Intralinks BCBS 239: Accelerating Compliance white paper at intralinks.com/resources/whitepapers/bcbs-239-accelerating-compliance

<sup>(1) Progress in Adopting the Principles for Effective Risk Data Aggregation and Risk Reporting, Basel Committee on Banking Supervision, January 2015

(2) BCBS 239, The $8 Billion Dollar Game Changer for Financial Services,
SunGard White Paper, Sven Ludwig, November 2014</sup>