As the January 2016 deadline for compliance with BCBS 239 approaches, banks are making substantial data management changes in order to meet the regulation’s requirement for on-demand enterprise-wide risk data aggregation and reporting. The task is not easy and includes data management challenges posed by data silos, legacy systems and poor data governance practices, but emerging data architectures and governance regimes that identify and manage risk can support not only compliance, but also more adaptable and scalable business.
Tata Consultancy Services (TCS) identifies where current data aggregation frameworks are failing and recommends an approach to BCBS 239 that will enable an automated on-demand view of a bank’s risk profile in ‘A Point of View’ paper authored by information architecture specialists Maryann Houglet and Lilian Penna, and entitled BCBS 239: An Urgent Call to Overhaul Risk Data Management.
The paper notes shortcomings in banks’ governance, risk and compliance programmes, and ongoing problems presented by silod IT operations for business functions, and states: “BCBS 239 could be the game changer. The regulation explicitly and directly tackles banks’ data architecture and the governance regime needed to identify and manage risks.”
While globally, systematically important banks will be first to face BCBS 239 compliance in January 2016, the regulation does not stop here, with numerous national regulatory bodies also requiring domestic systemically important banks to comply. Many are taking a tactical approach to compliance, but TCS argues that banks need strategic solutions and sets out a step-by-step approach to improving risk data management through the establishment of a risk data strategy, an architectural framework and a roadmap to BCBS 239 compliance.
The consultancy acknowledges that banks differ in their risk tolerance, profile and data management maturity, and must therefore drive their own approaches to aligning information and data architecture with a risk management framework, but warns: “Moving forward without a plan that incorporates parallel businesses, data and governance programmes can distract from achieving a bank’s compliance goal, introduce risks and increase the time and cost required for compliance.” On a wider scale, it concludes: “The urgency of achieving risk data clarity and transparency through data management principles mandated by BCBS 239 cannot be overemphasised.”