BCBS 239 compliance is a challenge and its January 1, 2016 deadline for global systemically important banks is fast approaching, but successful implementation of the regulation’s principles, particularly those covering risk data aggregation, can deliver significant business opportunities. These include cost and capital savings, data rationalisation, improved data quality and links between datasets that have not previously been made in IT infrastructure and could be beneficial to business.
With compliance so close, A-Team Group will address the problems and potential of BCBS 239 during a panel discussion at next week’s New York Data Management Summit. Giving us a brief insight into some of the issues that are likely to be covered during the discussion are panel members Maryann Houglet, consulting partner, information strategy and architecture, Tata Consulting Services Global Consultancy Practice; Jeffrey Shortis, cofounder and CEO, Data3Sixty; and Neill Vanlint, managing director, global sales and client operations, GoldenSource.
Houglet notes the extent of the regulation and notes the need for banks to understand its reach across not only data, data management and architecture, but also across people, business processes and technologies. She recommends making a roadmap to compliance that encompasses all the elements touched by the regulation and establishing a top-down data strategy geared to the business, its risk profile and priority issues. This top down approach meets a bottom-up plan to tackle components such as data lineage and profiling that must play into the data strategy.
She explains: “The initial need is to consider the current state of how risk data is managed across the bank and create a framework that splits up tasks that must be tackled to achieve a bank level view of risk. A risk data architecture needs to be designed as part of the strategic approach. It needs to enable data to be decoupled from applications that use different taxonomies and support risk in different ways. Standards for data and ontologies also need to be established and, from a people perspective, there needs to be cultural change.”
Data3Sixty provides a data governance solution that can support the automation of data governance policies and processes that underpin BCBS 239 compliance. Like Houglet, Shortis promotes a strategic approach to the regulation and suggests a framework for governance policies necessary to compliance. He comments: “Industrial strength processes, rather than point solutions and manual intervention, are needed for effective operations around governance policies covering issues such as data ownership, definitions, monitoring and exception management.”
Taking a macro view of the regulation, Vanlint says it is not just a compliance initiative, but regulatory guidance for best practice data management and an opportunity to understand and validate data that is relevant to the bank. He says: “BCBS 239 gives banks quite a lot of flexibility in how they comply, but they must be able to explain how they do this. For some banks this is an opportunity to centralise data and for all banks that implement the regulation successfully there should be business benefits such as cost savings, improved data quality, and a better understanding of the business and how data can be used to advantage.”