Understanding BCBS 239 and US banks Adoption Strategies

The financial crisis of 2007-2008 exposed poor risk management as a critical weakness in many banks. In 2013, in response, the Basel Committee on Banking Supervision (BCBS) introduced BCBS 239, a set of principles designed to strengthen banks’ risk data aggregation and risk reporting practices. 

What is BCBS 239?

BCBS 239 stands for the Basel Committee on Banking Supervision’s standard number 239. Its full title is “Principles for effective risk data aggregation and risk reporting”.

It is a set of guidelines established to strengthen how banks manage risk. It is not a rigid rulebook, but rather a framework outlining 14 key principles. These principles focus on four areas that need attention within the risk framework:

• Risk Data Aggregation Capability: Banks need to ensure their data is accurate, complete, timely, and adaptable to changing circumstances. This allows for a more comprehensive understanding of their overall risk profile.
• Risk Reporting Practices: Timely, clear, and informative risk reports are crucial for informed decision-making by bank management. BCBS 239 emphasizes the importance of regular reporting at all levels of the organization.
• Governance and Infrastructure: It lays stress on defining clear ownership and accountability for data quality, management, and reporting across all levels of the bank fostering a Risk Management Culture and establishing clear policies and procedures for data collection, storage, access, and usage. 
• Supervisory Review: Supervisory reviews for BCBS 239 are how regulators assess how well banks are adhering to the principles outlined in the standard. These reviews are crucial for ensuring banks are effectively managing risk and maintaining financial stability.

BCBS 239 and its principles 

Why is BCBS 239 Important?

BCBS 239 promotes robust data aggregation, lays the foundation for data discipline, enabling informed decision-making that fuels a bank’s growth and scale. It offers several benefits like:

• Improved Risk Management: Better data and reporting practices lead to a clearer picture of potential risks, allowing banks to proactively manage them.
• Enhanced Decision-Making: With a strong grasp of their risk profile, banks can make more informed decisions about lending, investments, and other strategic activities.
• Increased Stability: By strengthening risk management, BCBS 239 helps to promote a more stable financial system, reducing the likelihood of future crises.

Who Needs to Comply with BCBS 239?

BCBS 239 primarily applies to Global Systemically Important Banks (G-SIBs). These are large, interconnected banks whose failure could have a significant impact on the global financial system. Additionally, many national regulators have adopted similar principles for Domestically Systemically Important Banks (D-SIBs).

Why do Banks find it challenging?

With a goal to strengthen risk management and prevent another 2008 crisis, the banks undeniably are striving to adopt it while achieving full compliance has proven challenging.

Globally, even after ten years of the initial publication of BCBS 239 principles banks are at different stages in terms of aligning with the Principles. In November 2023, the BCBS published its most recent progress report and sixth update since the Principles were issued. The progress report outlines that not a single Principle has reached full compliance across all G-SIBs assessed. Furthermore, only two of the 31 G-SIBs assessed are fully compliant with all Principles. Additional work is required at all banks to attain and/or sustain full compliance.

Bank compliance ratings by Principle in 2017, 2019 and 2022 Discover how US banks are adopting advanced strategies for risk data aggregation and reporting to meet compliance standards.
Bank compliance ratings by Principle in 2017, 2019 and 2022

US banks, particularly large institutions, grapple with several obstacles:

• Legacy Systems: Fragmented IT landscapes and outdated data systems make it difficult to collect and aggregate risk data efficiently.
• Data Silos: Information resides in separate departments, hindering a holistic view of risk.
• Data Quality: Ensuring data accuracy and consistency across the organization is a constant battle.
• Cultural Resistance: Shifting mindsets from siloed reporting to enterprise-wide risk management takes time and effort.

What are the Strategies for Success?

Despite the challenges, US banks are making headway with BCBS 239 adoption. Here are some key strategies:

• Executive Sponsorship: Strong leadership buy-in from the CEO and board is crucial for allocating resources and driving cultural change.
• Data Governance Framework: Establish clear ownership and accountability for data quality and management across the bank.
• Data Modernization: Invest in modern technologies like data lakes and cloud solutions to improve data integration and accessibility.
• Standardization and Automation: Implement standardized data definitions and automate data collection processes to streamline reporting.
• Focus on People: Provide training and support to equip employees with the skills and understanding needed for BCBS 239 compliance.

Learning from Leaders

Several banks in the US (e.g., Bank of America, Bank of New York Mellon, Citigroup, Goldman Sachs, JP Morgan Chase, Morgan Stanley, State Street, Wells Fargo) are leading the way in BCBS 239 adoption and have been assessed by BCBS for the implementation. These institutions often share commonalities in their approach:

• Centralized Data Office: A dedicated department oversees data governance, standards, and management.
• End-to-End Data Ownership: Assigning clear ownership of data quality throughout its lifecycle fosters accountability.
• Leveraging Technology: Utilizing data analytics tools to identify and address data quality issues proactively.

The Road Ahead

While full compliance remains a moving target, US banks are making significant strides in implementing BCBS 239. By prioritizing data governance, investing in technology, and fostering a culture of risk awareness, US banks can not only meet regulatory requirements but also create a more robust and resilient financial system.