Compliance

04:00 PM
50%
50%

8 Things You Probably Donít Know About BCBS 239

The Basel Committee on Banking Supervision's rules for risk reporting are extensive and apply to more financial firms than just the global, systemically important banks.

Living in Manhattan means coping with the increasing complexity of traffic rules on what were, only a few years ago, relatively simple avenues. I happen to live on Second Avenue, which first endured the removal of parking in favor of bus-only lanes, then about six months ago the addition of bike lanes, new parking zones, and turn-only lanes. While the goals may be admirable, the visible result has been a noticeable increase in honking horns, traffic jams, and pedestrian vs. biker confrontations.

I haven’t looked at the section of NYC code that resulted in this mess. But I did review in some detail the document known as “BCBS 239” – the Basel Committee on Banking Supervision “Principles for effective risk data aggregation and risk reporting.”

BCBS 239 is a direct result of the work undertaken by the Basel Committee and the Financial Stability Board (FSB) to provide guidance to enhance banks’ ability to identify and manage bank-wide risks. In particular, FSB recommended that they, in collaboration with standards setters, develop a “set of supervisory expectations” that would guide risk data aggregation and reporting for systemically important financial institutions.

The goals are admirable, but as you might imagine the devil is in the details -- and because most folks assume that BCBS 239 pertains only to the short list of global, systemically important banks (G-SIBs) and only to credit and counterparty risk aggregation, they may be missing a few of the more pertinent details of the document:

  1. It doesn’t just apply to G-SIBs. “It is strongly suggested that national supervisors also apply these Principles to banks identified as D-SIBs.” (domestic, systemically important banks)
  2. It doesn’t just apply to market, credit, and counterparty risk. “These Principles also apply to all key internal risk management models, including… advanced measurement approaches for operational risk.”
  3. You can’t just wait until the deadline. “G-SIBs subject to the 2016 timeline are expected to start making progress towards effectively implementing the Principles from early 2013.”
  4. It isn’t just limited to internal processes… “All the Principles included in this paper are also applicable to processes that have been outsourced to third parties.”
  5. …or internal systems. The governance framework “should include agreed service-level standards for both outsourced and in-house risk data-related processes.”
  6. It considers data confidentiality, integrity and availability (not just aggregation and reporting) as part of the risk management framework.
  7. You can’t rely on your IT audit function to validate compliance. “Independent validation… should be conducted using staff with specific IT data and reporting expertise…"
  8. The Bank’s IT strategy should address any shortcomings against the Principles, and initiatives should be supported through “the allocation of appropriate levels of financial and human resources.”

The slow progress of many of the regulators in identifying D-SIBs has meant in practice that BCBS 239 is currently applicable to only the 30 identified G-SIBs.  But within the G-SIBs, there are likely many IT leaders who are unaware of the scope of BCBS 239 and who, when assessing the broad scope of the guidelines, may not concur with the self-reported progress of their institutions so far.

Source: BCBS “Progress in adopting the principles for effective risk data aggregation and reporting,” December 2013.

Jennifer L. Costley, Ph.D. is a scientifically-trained technologist with broad multidisciplinary experience in enterprise architecture, software development, line management and infrastructure operations, primarily (although not exclusively) in capital markets. She is also a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
allang119
50%
50%
allang119,
User Rank: Author
8/12/2014 | 5:29:24 PM
The accounting tie-in to risk reporting in BCBS 239
There is a ninth item in BCBS 239 that is as important if not more important than the eight items mentioned. BCBS has set a high water mark for the quality of risk data. It is to be as controlled as is the data entered into the books and records of the firm.  From BCBS 239:

"Controls surrounding risk data should be as robust as those applicable to accounting data."

 

"Risk data should be reconciled with bank's sources, including accounting data where appropriate, to ensure that the risk data is accurate." 

Supervisors expect banks to consider accuracy requirements analogous to accounting materiality.

 

BCBS 239 is truly a paradigm shift in risk management thinking.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/13/2014 | 3:24:13 PM
Re: The accounting tie-in to risk reporting in BCBS 239
Good point. It makes sense to have the risk data held to as high a standard as accounting data. After all, if the rist data isn't as sound as the accounting data, can you really trust it?
More Commentary
Shared Reporting Services on the Horizon, Genpact Predicts
The financial services industry is starting to adopt shared services, resulting in reasonable impacts to the bottom line. Genpact expects a push for reporting efficiency will come next.
Don't Let the Cloud Rain on Your Operations Strategy Parade
Avoid migrating large applications all at once to minimize risk during a cloud project.
Could Intel Lose Data Center Market Share to ARM Chips?
ARM chips could be an alternative for certain purposes in the datacenter, but many questions have to be answered before they pose a threat to Intel's market dominance.
Cost to Trade: Hey, Banks, Itís Time to Face the Music
Why is calculating the cost to trade so difficult for banks? The answer is as complex as the calculations themselves.
M&A Activity Will Continue to Grow in 2015
Data shows that the M&A market continues to improve, and forecasts indicate deal making will be healthy in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.