Data Governance meets Basel standards

In this article we will show why is Data governance a vital component for Basel standards (BCBS) compliance in the banking industry.

In order to make a clear connection between Data governance and the regulation, first we will clarify what is covered by Basel Committee on Banking Supervision’s standard number 239 (BCBS 239) and what does it mean to implement Data governance. Further on, we will see what does “Having BCBS 239 principles in place” mean and how does Data governance implementation support compliance with the regulation. Finally, we will share our experience and lessons learned based on projects we implemented.

 

Basel Committee on Banking Supervision’s standard number 239 – BCBS 239

The purpose of BCBS 239 is to make sure that banks report on all the risks they are exposed to. Specifically, banks are expected to communicate their risk data aggregation capabilities as well as their internal risks transparently and consistently.

BCBS has a total of 14 principles, that cover four closely related topics:

  • Overarching governance and infrastructure
  • Risk data aggregation capabilities
  • Risk-reporting practices
  • Supervisory review, tools, and cooperation

Out of these 14 principles, the key principles are Principle 2 and Principle 3, so let’s look at them a bit more closely and point out the keywords that highlight the connection of Data governance and BCBS 239 compliance.

Principle 2 is all about data architecture and IT architecture. This principle states that a bank should design, build and maintain data architecture and IT infrastructure that fully supports its risk data aggregation capabilities. Furthermore, the architecture should be designed in a way that it supports risk reporting practices both in regular situations as well as in cases of crisis, while still meeting all the other Principles.

The standard also determines that, in order to achieve the requirements of this principle, banks should establish data taxonomies, collect metadata and create unified naming conventions for data. Banks should also define business and IT roles and responsibilities when it comes to data, its usage and quality.

Principle 3 addresses accuracy and integrity. A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimize the probability of errors.

In addition to Principles’ provisions, They expect banks to measure and monitor the accuracy of data and to develop appropriate escalation channels and action plans to be in place to rectify poor data quality. Even more so, supervisors will question data quality management, which is often wrongly mixed up with Data governance. Data governance includes data quality management, but it covers much more, such as policies and standards for handling data, guiding principles, business rules, data usage rules, data access rules and so on.

 

Data Governance

PWC review on southeast Asia’s banks (2021) shows that not a single bank is fully compliant with the BCBS 239.

According to the same source, most of the challenges preventing the full compliance were identified within the area of data and IT architecture, specifically, related to data issues that Data governance in place could address and solve.

Data governance connects the business (people) with the pieces of information (data) through the technology used by the organization. Each business process in the organization is viewed through these aspects – who is doing what, how and with which data.

Figure shows B-I-T sequence from Data Governance Institute, which emphasizes that data governance lies in the cross-section of these three aspects.

Implementing Data governance means assigning responsibility for all data within one organization to clearly identified data owners and tracking what happens with the data in its lifecycle. This means that one should keep in mind that these three elements: the piece of information (data), business (people) who take care of this data and technology used to store and manage data, are – so to say – inseparable. Data governance implementation is not about adding new tool into your technology landscape. Instead, it is about creating a framework that provides understanding of data ownership, data lifecycle, meaning of the data and acceptable data usage

All of that will result in having a business glossary and data catalog, documented policies describing data consumption via processes, business and technical lineage, as well as in having data monitoring via data quality rules, all of which is exactly what is required by BCBS 239.

 

What does “Having BCBS 239 principles in place” mean?

Through BCBS 239 principles Basel Committee has explicitly introduced qualitative expectations for risk reporting organization, processes and tools. Implicitly, it has quantitative expectations for reporting. These requirements display an increased focus on data quality, as well as emphasis on risk aggregation, timeliness, accuracy and granularity when producing a report.

 

Figure shows relation between Data governance pillars and BCBS 239 requirements.

If we take “producing a Risk report” as an example, Article 37 states that each position in Risk report has to be clearly and unambiguously defined. From Data governance perspective,

  • having a business glossary categorized by risk report positions and
  • having a policy for creating each position in the Risk report

will cover exactly what is required by Article 37.

Knowing who (more as a role than in terms of exact person) is responsible for risk data used in calculation of each position in Risk report is exactly what Data ownership and Data stewardship of Data governance framework are covering (and Article 34 is asking). By ownership and stewardship, we mean both technical and business sidewise, and we also mean escalation procedures and action plans in case of poor data quality.

So, if we go back to BCBS 239 requirements, as described above through Principles, it turns out that having implemented Data governance directly and significantly contributes to BCBS 239 compliance.

 

Authors: Jelena Jančiev Basrak, Senior Consultant and Antonija Tadić, Consultancy Head – CQ at Poslovna inteligencija

 

 

 

 

Contact us
Marketing:
Consent:
I have a general inquiry and accept being contacted by Poslovna inteligencija
All fields marked with asterisk (*) are required

Latest blog posts

Microsoft Excel is one of the most commonly used tools for strategic planning and users are very familiar with it, about 60% of businesses were still using Excel in recent years. Because of this, one might expect that people using it have a favorable view of Excel planning. While Excel is familiar to users, it has many downsides for planning. It requires a lot of manual processes and correction, is prone to errors, has poor or lacks at all version control, and tends to be very slow, maybe even break, when using a lot of data. In this article, we are going to address a few of them and how to minimize them by adding IBM Planning Analytics to Excel.
Budgeting and forecasting have become an important and inevitable part of leadership tools. Budgets for the next year and forecasts of the current year should be made available to all personnel from strategic to operational levels, it should integrate the whole organization and lead management in making their decisions. However, when the company’s budgeting period starting date is approaching, such a great idea for most of the employees responsible for coordinating and creating a budget (usually controllers) turns into a nightmare.
At some point in time, you've probably come across the term Data Science and like the majority of people, it sounded interesting, but also complicated. So many terms, statistics, but no examples of how to use it for your business. Today, we are going to show you how to use text analytics to understand your customers and business better.
Every day a mass quantity of data is being produced, and without proper analytics solution, we can surely say we would be drowning in data. This is why data analysts are in demand across the market in all industries.
In order for you to know how something works, you are bound to understand which components the solution consists of. In this blog we will guide you through all four components of PI Analytics Solution.
Scroll to Top

Stay up to date with news

Stay up to date with news

Sign up for our newsletter and always be up to date with news and technologies from the world of Poslovna inteligencija.
I would like to receive updates on news and technologies from the world of Poslovna inteligencija