The Basel Committee on Banking Supervision regulation BCBS 239 presents a significant data management challenge for banks, but it also offers opportunities for those that reach compliance.
Moderating a panel discussion on risk data aggregation under BCBS 239 at A-Team Group’s Data Management Summit in London, Dennis Slattery, CEO of EDMWorks, set the scene noting the regulation’s data management mandate; its four pillars of governance and infrastructure, risk aggregation, risk reporting, and supervisory review; and its implementation date of January 1, 2016.
With the regulation deadline just 15 months away, Slattery asked panel members to share their experiences of how BCBS 239 is being adopted in the market. Brian Sentance, CEO of Xenomorph, said: “During the past five years of new regulations, financial institutions have complained that regulations are not clear, so many are playing the game of regulatory chicken. Results from a survey of 50 risk managers we carried out earlier this year showed only three suggesting they would be ready for BCBS 239 when it is implemented.”
Sally Hinds, enterprise data practice lead at Crossbridge, countered: “Regulations are pretty clear and regulators are unsympathetic when asked for more guidance. After 2008, firms scrabbled about and should have their houses in order by now. In the case of BCBS 239, regulators want to see plans showing how firms will get to where they need to be. We don’t know if complete compliance will be necessary on January 1, 2016.”
From a bank perspective, Mikael Sorboen, head of risk systems at BNP Paribas, said: “We must comply, but will the regulator have time to come and see me? Being perfectly ready for compliance is not achievable. The need is to demonstrate that you are taking the regulation seriously and working towards compliance. If you don’t look at BCBS 239 as an opportunity based on improved discipline, it will be a loss.”
Considering process changes that need to be made for compliance, Hinds and Sentence noted the need to prove data and consider the detail required for regulatory reporting. Sorboen said BNP Paribas is moving towards compliance by formalising what it is already doing, ensuring data ownership and putting rules for compliance into its projects.
The audit requirements of the regulation brought spreadsheets into focus, with Sentance arguing that despite talk about the demise of spreadsheets for the past 20 years, regulators don’t want their use to end and that if treated as proper software assets they do have value. He added: “We have an idea about putting spreadsheet calculations into a database so that they can be audited.”
Hinds noted that there are tools that look like Excel that can trace data changes, and Sorboen explained: “Data can be put into a spreadsheet and not changed, but if some form of calculation is made in the spreadsheet any change must be flagged up and documented.”
Slattery moved on to question how data dictionaries prescribed in BCBS 239 are being developed and how they will be used. Sorboen said BCBS 239 compliance is a group initiative at BNP Paribas and that a data dictionary will be defined at group level and handed down. He added: “The data dictionary needs to make sense and be consistent, and be extended across our data domain in capital markets. We are trying to make the data dictionary relevant and useful, so that it will be used and sustained.”
Looking at the potential benefits of BCBS 239, Sentance described the regulation as a ‘big nudge’ to improve data management. Sorboen said the regulation, while requiring a lot of work, is an opportunity for banks to clean up their data, and Hinds concluded: “BCBS 239 is a great business opportunity. Business has always wanted insight into its clients and clean data will provide that as well as reduced exposure.”
You can listen to a full recording of the session here.