About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Data Management Summit: The Challenges and Opportunities of BCBS 239

Subscribe to our newsletter

The Basel Committee on Banking Supervision regulation BCBS 239 presents a significant data management challenge for banks, but it also offers opportunities for those that reach compliance.

Moderating a panel discussion on risk data aggregation under BCBS 239 at A-Team Group’s Data Management Summit in London, Dennis Slattery, CEO of EDMWorks, set the scene noting the regulation’s data management mandate; its four pillars of governance and infrastructure, risk aggregation, risk reporting, and supervisory review; and its implementation date of January 1, 2016.

With the regulation deadline just 15 months away, Slattery asked panel members to share their experiences of how BCBS 239 is being adopted in the market. Brian Sentance, CEO of Xenomorph, said: “During the past five years of new regulations, financial institutions have complained that regulations are not clear, so many are playing the game of regulatory chicken. Results from a survey of 50 risk managers we carried out earlier this year showed only three suggesting they would be ready for BCBS 239 when it is implemented.”

Sally Hinds, enterprise data practice lead at Crossbridge, countered: “Regulations are pretty clear and regulators are unsympathetic when asked for more guidance. After 2008, firms scrabbled about and should have their houses in order by now. In the case of BCBS 239, regulators want to see plans showing how firms will get to where they need to be. We don’t know if complete compliance will be necessary on January 1, 2016.”

From a bank perspective, Mikael Sorboen, head of risk systems at BNP Paribas, said: “We must comply, but will the regulator have time to come and see me? Being perfectly ready for compliance is not achievable. The need is to demonstrate that you are taking the regulation seriously and working towards compliance. If you don’t look at BCBS 239 as an opportunity based on improved discipline, it will be a loss.”

Considering process changes that need to be made for compliance, Hinds and Sentence noted the need to prove data and consider the detail required for regulatory reporting. Sorboen said BNP Paribas is moving towards compliance by formalising what it is already doing, ensuring data ownership and putting rules for compliance into its projects.

The audit requirements of the regulation brought spreadsheets into focus, with Sentance arguing that despite talk about the demise of spreadsheets for the past 20 years, regulators don’t want their use to end and that if treated as proper software assets they do have value. He added: “We have an idea about putting spreadsheet calculations into a database so that they can be audited.”

Hinds noted that there are tools that look like Excel that can trace data changes, and Sorboen explained: “Data can be put into a spreadsheet and not changed, but if some form of calculation is made in the spreadsheet any change must be flagged up and documented.”

Slattery moved on to question how data dictionaries prescribed in BCBS 239 are being developed and how they will be used. Sorboen said BCBS 239 compliance is a group initiative at BNP Paribas and that a data dictionary will be defined at group level and handed down. He added: “The data dictionary needs to make sense and be consistent, and be extended across our data domain in capital markets. We are trying to make the data dictionary relevant and useful, so that it will be used and sustained.”

Looking at the potential benefits of BCBS 239, Sentance described the regulation as a ‘big nudge’ to improve data management. Sorboen said the regulation, while requiring a lot of work, is an opportunity for banks to clean up their data, and Hinds concluded: “BCBS 239 is a great business opportunity. Business has always wanted insight into its clients and clean data will provide that as well as reduced exposure.”

You can listen to a full recording of the session here.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Unlocking value: Harnessing modern data platforms for data integration, advanced investment analytics, visualisation and reporting

4 September 2025 10:00am ET | 3:00pm London | 4:00pm CET Duration: 50 Minutes Modern data platforms are bringing efficiencies, scalability and powerful new capabilities to institutions and their data pipelines. They are enabling the use of new automation and analytical technologies that are also helping firms to derive more value from their data and...

BLOG

10 Major Financial Regulations Reshaping Capital Markets in 2025 (and How to Stay Ahead of Them)

From sweeping reforms in operational resilience and AI governance to the first-time application of AML obligations to buy-side firms, the scope and depth of regulatory change shows no sign of slowing down in 2025. In this post, we present a selection of the most strategically significant regulations coming into effect or having significant impact on...

EVENT

RegTech Summit London

Now in its 9th year, the RegTech Summit in London will bring together the RegTech ecosystem to explore how the European capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...