top of page

Risk data aggregation and risk reporting (BCBS 239/SRP 36)


"One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks."

- Opening paragraph: Principles for effective risk data aggregation and risk reporting, Bank for International Settlements 2013

The Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239) was published in January 2013 by the Basel Committee comprising 11 Principles (applicable to banks) and; 89 Paragraphs of requirements.

The objective of the directive is to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices, in turn, enhancing the risk management and decision making processes. It’s about ensuring that there is trust in the data used to support risk management metrics and that governance and infrastructure can support you in both normal and non-normal times (stress and crisis).

Why does it matter?

“Banks should closely monitor and make appropriate modifications to their BCBS 239 implementation programme”

- Progress in adopting the Principles for effective risk data aggregation and risk reporting (April 2020)

The Basel Committee will continue to monitor industry trends and revise guidance. In addition, local regulators and legislators will continue to interpret the principles in their own ways. By not staying ahead of the curve, you are exposed to the operational risks of non-compliance (censure, fines or loss of license).

Adherence needs to permeate through your operating model for you to continue to be compliant on an ongoing basis. Also, regulators are now expecting (in some cases, individual) localised demonstrations of accountability/responsibility.

How Surety™ can help

We have mapped the entire Directive to a set of control and evidence requirements which can be used "out of the box" to drive your compliance plan. This means a transparent way of evidencing the way in which you've interpreted the regulation as well as, an evidence-based method to demonstrate gaps and achieved compliance levels. All of this is achieved through a spine of controls which can be assigned to individuals and teams to show accountability to the supervisor.

The conversation with your supervisor now becomes a lot more pointed and fact-based with the net effect being ongoing assurance.

38 views0 comments


bottom of page