3 Key Considerations for BCBS 239 Compliance Embedment

Bankers who have been around long enough may have recently found themselves brushing off their old BCBS 239 slide decks and scanning their emails for compliance plans from the previous decade. The renewed regulatory focus on data accuracy and BCBS 239 compliance across the UK and the EU banking industries has placed data management and governance firmly back in the spotlight.

In its latest publication, the European Central Bank has concluded that the progress made by significant institutions to date has been generally insufficient. (1) The constant rate of change across banks’ data landscapes has left many data management and governance frameworks out-of-date and drifting further away from reaching compliance.

To avoid this phenomenon, particularly among domestic systemically important banks who are tackling compliance in earnest for the first time, Monocle has identified three crucial considerations to ensure banks drive practical embedment of BCBS 239. This will protect the long-term value of their latest round of compliance efforts.

1. Tackle the Thorny Issue of Data Ownership Head-On

BCBS 239 requires roles and responsibilities to be defined and established as they relate to the ownership and quality of data and information for both the business and data domain functions. Over the last ten years Monocle has found that for our banking clients, this is repeatedly highlighted as one of the most challenging tasks to complete.

Complexity arises from common data practices in financial services – ownership of shared datasets utilised by multiple stakeholders or datasets loaded across multiple systems and data warehouses – as well as persistent issues among teams, including limited capacity and technical capabilities to resolve data issues. Additionally, many legacy data processes have insufficient documentation and understanding, and often teams are reluctant to take ownership of managing this challenge.

Enterprise data management teams will need to be heavily involved in understanding the nature of various datasets, including their various users, flow of data, processing and transformations, location, sensitivity and any other essential characteristics before assigning data owners and stewards. This will require proactive engagement with various stakeholders to discuss potential governance structures that fit the idiosyncrasies of each scenario, as well as addressing any restrictions.

Additionally, to maintain established data governance in the long-term, banks should aim to develop automated ownership assignment processes to cover common changes such as employee attrition and team restructuring. This should be supported by clearly defined job descriptions and allocated key performance indicators, allowing for transparency while also setting the expectations of what is required by each owner.

2. Drive Compliance from the Top

Lack of senior accountability and ownership have been identified as one of the root causes of the insufficient progress made towards BCBS 239 compliance. (1) While Monocle has noted improved prioritisation among our banking clients, compliance will require continual attention while also juggling other complex regulatory initiatives, such as the finalisation of the Basel framework, which has significant data and reporting implications.

As highlighted in Monocle’s latest BCBS 239 insights paper, “banks should aim to include BCBS 239 as a standing agenda item across applicable committee meetings including senior management and executive committee meetings to drive continued engagement from the top down.” (2) This ensures communication around compliance remains front and centre as management responsibilities are consistently reinforced.

Additionally, banks expect their implementation and remediation programmes to run for an average of three years. (3) Project fatigue will be a risk; structuring a compliance programme to achieve consistent, quantifiable progress keeps momentum going.

3. Track Progress Through Business Intelligence (BI)

While not a requirement for compliance, many banks have implemented a data management tool to deliver a structured approach to managing data quality, metadata, lineage and ownership. Monocle has found that this step holds significant benefits in embedding compliance across risk domains.

These tools enable automation of various data management and governance processes while also capturing essential related data that can be displayed through health dashboards. These dashboards help track BCBS 239 progress across the bank’s key risk indicators and highlight issues, such as data quality incidents or lapses in data ownership. This is particularly pertinent for European banks whose management bodies are explicitly responsible for monitoring defined data quality key performance indicators and resolving deviations.

Critically, these dashboards provide views for senior management to track and present compliance progress to regulators. They also provide an effective opportunity to embed practices of consistent data review across the bank’s various teams by driving adoption of these dashboards into the day-to-day operations of the various teams.

How Monocle Can Assist

Principles must be converted into practice. With over ten years of implementation experience, BCBS 239 has been a significant aspect of Monocle’s consulting expertise since the principles were published in 2013. At Monocle, we understand how essential effective risk data aggregation and risk reporting are – they provide tangible benefits to our clients’ various risk functions and are vital to management in the process of making informed and timely strategic and operational decisions.

Our prior engagements encompass the full spectrum of the BCBS 239 journey, from establishing robust programme oversight and governance frameworks to implementing comprehensive controls and effective data management strategies. We have also supported risk aggregation processes, enhanced risk reporting capabilities, and developed IT and data architectures, ensuring alignment with BCBS 239 requirements at every step. Furthermore, Monocle performs a variety of functions, including project management, business and technical analysis, and facilitation with regulators.

1. EBA, Guide on Effective Risk Data Aggregation and Risk Reporting (2024)
2. Monocle, European Insights: Achieving BCBS 239 Compliance (2024)
3. Centre for Regulatory Strategy EMEA & Deloitte Banking Union Centre, BCBS 239 Benchmark Survey (2024)