Basel 3.1 and BCBS 239: The Data Governance Obligations Every Bank Must Prepare For

Basel 3.1 and BCBS 239 continue to sit at the top of the supervisory agenda for major financial institutions in 2025 and 2026. The UK Prudential Regulation Authority has confirmed a phased implementation timeline for Basel 3.1 starting January 2026, while BCBS 239 — the principles for effective risk data aggregation and risk reporting — remains an area of active supervisory scrutiny globally.

Basel 3.1: What Changes in January 2026

The PRA's near-final rules for Basel 3.1 introduce significant reforms to how banks calculate risk-weighted assets. Changes to credit risk standardised and internal ratings-based approaches, the output floor set at 72.5% of the standardised approach, and revisions to market risk and operational risk capital requirements all take effect from 1 January 2026. Firms need to have parallel-run infrastructure in place well ahead of that date.

BCBS 239: Still a Supervisory Priority

Over a decade since its publication, BCBS 239 compliance remains incomplete at many globally systemically important banks. The Basel Committee's most recent review found persistent weaknesses in data architecture, data lineage, and the ability to produce timely aggregated risk data during stress periods. Supervisors including the PRA, ECB, and MAS continue to issue findings and recommendations, and institutions that cannot demonstrate progress face increasing scrutiny.

The Data Governance Imperative

BCBS 239 is fundamentally a data governance challenge. Principles 2 through 6 cover data architecture and IT infrastructure, accuracy and integrity, completeness, timeliness, and adaptability of risk data. Firms that treat BCBS 239 as a reporting exercise rather than a data governance programme consistently underperform against supervisory expectations. The right approach is to embed BCBS 239 principles into the data lifecycle — from origination through to aggregation and reporting.

How Surety Supports BCBS 239 and Basel 3.1 Programmes

Surety brings deep expertise in BCBS 239 programme delivery. Our platform maps the 14 BCBS 239 principles to your institution's obligations, tracks remediation actions, and provides C-suite and board-level reporting on programme status. For Basel 3.1 readiness, we support institutions in managing the cross-functional obligations that span finance, risk, technology and data. Contact us for a demonstration tailored to your BCBS 239 or Basel 3.1 programme.