Five reasons you can't ignore BCBS 239

HS-BCBS239-image1-390x220.jpg

The Basel Committee on Banking Supervision’s guidance on effective risk data aggregation and risk reporting sets a high standard and presents banks with a timeline for implementation that is tight.

The aim of BCBS 239 is to improve banks’ ability to identify and manage bank-wide risks and develop supervisory expectations to guide risk data aggregation and reporting for systemically important financial institutions.

Not just G-SIBs

So far BCBS 239 is only really applicable to the more than two dozen global, systemically important banks (G-SIBs). But this is not the end of the story. Regulators may be slow to identify D-SIBs (domestic, systemically important banks), nevertheless, the guidance “strongly suggests” that national supervisors apply these principles to banks identified as D-SIBs within three years of being designated as such.

Deadline

While 2016 is the deadline, the process of ensuring compliance should already be underway. National banking supervisors began discussing implementation of the principles with senior management in early 2013. D-SIBs will not have long.

All risks

The principles should apply to “all key internal risk management models”, including advanced measurement approaches for operational risk. We are not just talking about market, credit and counterparty risk here.

External players

BCBS 239 is not simply about internal processes and systems. All the principles are “applicable to processes that have been outsourced to third parties”, while the governance framework “should include agreed service-level standards for both outsourced and in-house risk data-related processes”.

Accounting standards

Principle 3 of BCBS 239 sets a very high bar for the quality of data. “Controls surrounding risk data should be as robust as those applicable to accounting data,” it states, adding: "Risk data should be reconciled with bank's sources, including accounting data where appropriate, to ensure that the risk data is accurate." In other words, risk data needs to be controlled as tightly as every other piece of data entered on the books of the bank.

More on BCBS 239 can be found at Hatstand Insights