Compliance

04:00 PM
50%
50%

8 Things You Probably Donít Know About BCBS 239

The Basel Committee on Banking Supervision's rules for risk reporting are extensive and apply to more financial firms than just the global, systemically important banks.

Living in Manhattan means coping with the increasing complexity of traffic rules on what were, only a few years ago, relatively simple avenues. I happen to live on Second Avenue, which first endured the removal of parking in favor of bus-only lanes, then about six months ago the addition of bike lanes, new parking zones, and turn-only lanes. While the goals may be admirable, the visible result has been a noticeable increase in honking horns, traffic jams, and pedestrian vs. biker confrontations.

I haven’t looked at the section of NYC code that resulted in this mess. But I did review in some detail the document known as “BCBS 239” – the Basel Committee on Banking Supervision “Principles for effective risk data aggregation and risk reporting.”

BCBS 239 is a direct result of the work undertaken by the Basel Committee and the Financial Stability Board (FSB) to provide guidance to enhance banks’ ability to identify and manage bank-wide risks. In particular, FSB recommended that they, in collaboration with standards setters, develop a “set of supervisory expectations” that would guide risk data aggregation and reporting for systemically important financial institutions.

The goals are admirable, but as you might imagine the devil is in the details -- and because most folks assume that BCBS 239 pertains only to the short list of global, systemically important banks (G-SIBs) and only to credit and counterparty risk aggregation, they may be missing a few of the more pertinent details of the document:

  1. It doesn’t just apply to G-SIBs. “It is strongly suggested that national supervisors also apply these Principles to banks identified as D-SIBs.” (domestic, systemically important banks)
  2. It doesn’t just apply to market, credit, and counterparty risk. “These Principles also apply to all key internal risk management models, including… advanced measurement approaches for operational risk.”
  3. You can’t just wait until the deadline. “G-SIBs subject to the 2016 timeline are expected to start making progress towards effectively implementing the Principles from early 2013.”
  4. It isn’t just limited to internal processes… “All the Principles included in this paper are also applicable to processes that have been outsourced to third parties.”
  5. …or internal systems. The governance framework “should include agreed service-level standards for both outsourced and in-house risk data-related processes.”
  6. It considers data confidentiality, integrity and availability (not just aggregation and reporting) as part of the risk management framework.
  7. You can’t rely on your IT audit function to validate compliance. “Independent validation… should be conducted using staff with specific IT data and reporting expertise…"
  8. The Bank’s IT strategy should address any shortcomings against the Principles, and initiatives should be supported through “the allocation of appropriate levels of financial and human resources.”

The slow progress of many of the regulators in identifying D-SIBs has meant in practice that BCBS 239 is currently applicable to only the 30 identified G-SIBs.  But within the G-SIBs, there are likely many IT leaders who are unaware of the scope of BCBS 239 and who, when assessing the broad scope of the guidelines, may not concur with the self-reported progress of their institutions so far.

Source: BCBS “Progress in adopting the principles for effective risk data aggregation and reporting,” December 2013.

Jennifer L. Costley, Ph.D. is a scientifically-trained technologist with broad multidisciplinary experience in enterprise architecture, software development, line management and infrastructure operations, primarily (although not exclusively) in capital markets. She is also a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
allang119
50%
50%
allang119,
User Rank: Author
8/12/2014 | 5:29:24 PM
The accounting tie-in to risk reporting in BCBS 239
There is a ninth item in BCBS 239 that is as important if not more important than the eight items mentioned. BCBS has set a high water mark for the quality of risk data. It is to be as controlled as is the data entered into the books and records of the firm.  From BCBS 239:

"Controls surrounding risk data should be as robust as those applicable to accounting data."

 

"Risk data should be reconciled with bank's sources, including accounting data where appropriate, to ensure that the risk data is accurate." 

Supervisors expect banks to consider accuracy requirements analogous to accounting materiality.

 

BCBS 239 is truly a paradigm shift in risk management thinking.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/13/2014 | 3:24:13 PM
Re: The accounting tie-in to risk reporting in BCBS 239
Good point. It makes sense to have the risk data held to as high a standard as accounting data. After all, if the rist data isn't as sound as the accounting data, can you really trust it?
More Commentary
5 Tips On How To Prepare For A Data Breach
If you are a financial institution your cyber security defenses will be breached -- again and again. Here are five tips to respond quickly and minimize damage.
Wall Street CIOs Have a Vendor Management Problem
If Wall Street CIOs want to stay ahead of competition and ensure high-speed trading software doesn't start the next flash crash, they need better insight into vendor delivered software.
Technology Innovation Returns to Financial Services
Capital Markets Outlook 2015: Following a few years dominated by regulatory compliance and cost saving technology initiatives, financial organizations are finally investing in innovative technology and tools.
Voice Biometrics Improve Transaction Monitoring Fraud Detection
Why voice biometrics should be a part of your fraud prevention strategy in the call center.
Fintech Fast Forward 2015
What will shape the future of Fintech in 2015 and beyond?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.