To think of BCBS 239 as just another regulation is to misunderstand its end game. Solving the challenges it lays down requires a strategic approach. Risk data aggregation needs executive sponsorship for a start – after all executives will now be responsible
for approving the risk data aggregation and risk reporting framework.
A strategic approach will require a holistic mapping out of the risk data universe and this will be no small challenge. Given the pressing deadline in January 2016 for BCBS 239, the focus needs to be on accessing data, not moving data.
There remains a lot of uncertainty around how best to tackle BCBS 239. Other regulations somehow seem more pressing and cost is an ever-present issue. A key mind shift that needs to happen is at the executive level. Given that the Boards of banks now have
ultimate responsibility for risk data aggregation and risk reporting, they will require a greater understanding of the risk data challenges within their institutions. To achieve that will require an overhaul of data governance and, if applied correctly, should
result in significant cost savings in operations and IT.
Mapping out the risk data universe means challenging the data and your people. Where is your data? What data do you have? What data don’t you have? Can you access the data? Do you know its provenance? What are you going to include and what are you not going
to include? What is the data dictionary for the firm? Who owns what? Once all this is determined the rules and logic must be created, then cleansed, aggregated and golden copies created.
Risk data aggregation isn’t about moving data either; a warehouse isn’t the answer. Risk data aggregation is about access: to the source and for the end user. It all needs to be mapped out and traceable. Data quality is paramount. During the crisis lack
of data quality and data itself was a fundamental issue. Being able to access the right data at the right time and get it to the right people means banks can make more money and lose less money.
BCBS 239 is part of risk data aggregation, it’s a great start and all agree it needs to be done. Risk data is in the spotlight and needs attention.