This document discusses the BCBS 239 regulatory requirements for risk data aggregation and risk reporting. It outlines the key components of BCBS 239 including risk governance, infrastructure, data aggregation, and reporting. It also describes a risk data self-assessment diagnostic study that banks should conduct to evaluate their risk operating model, processes, data usage, and infrastructure in order to identify gaps and develop projects to address deficiencies to comply with BCBS 239. Finally, it presents a proposed unified risk data model and architecture to integrate risk data across different risk types and business units.

1. BCBS 239
Risk Data Adequacy
Nikat Malik
November 2013
All Rights Reserved

2. BCBS 239 – A Major Transformation Challenge
Risk Exposure Management
Risk Governance &
Infrastructure
Risk Data
Aggregation
Risk Reporting
Practices
Supervisory
Review
•
•
•
•
•
•
•
•
Clear comprehensive view of risk exposure
Improved data quality and risk insight reducing losses
Accurate asset liability classification reducing capital needs
Improved revenue through client insight and differentiating products
Less manual effort reducing operational risk
Lower costs through improved STP rates
Improved loss prevention reducing operational risk cost
Improved data management & reduced reconciliations improving compliance & operational
costs
• Improved risk adjustment capabilities increases business value
• Improved limits management and efficient capital allocation
BCBS 239 - Data Adequacy

3. Risk Data Self Assessment
Diagnostic Study:
•
•
•
•
•
•
•
Assess the risk operating model, governance capability & business embedded decision making
Assess risk processes and controls across all major risk types, and data/technology
infrastructure to support risk management
Assess data usage/policies/governance with respect to quality and completeness across the
data life cycle and address data inadequacies
Assess impact of regulatory requirement on bank’s data controls - data capture, data
aggregation, data reporting, data protection and data governance
Construct risk required data model and architecture
Establish data aggregation and analytic capabilities
Stress test data processes against adverse scenarios particularly business volumes and
potential crisis situations
Internal Model: to satisfy regulator as to Bank’s management capability to manage risk
exposure, expand business operations and additional business risks
Organise projects to address gaps
Risk
- Quantify risk appetite
- Embed top down stress
models in business
decisions
- Process control models
Data
- Common data across risk, finance,
treasury functional areas
- Consolidated segment data for
loss/reference/trade/ etc.
- Data quality operations
Technology
- Integrated toolset/systems
- Analytical capability
- Business continuity
- Robust infrastructure
BCBS 239 - Data Adequacy

4. Unified Risk Data Model
Data Processing and Quality
Master Data Management
Data Acquisition
Credit
Market
Liquidity
Capital
Business Intelligence
Analysis
Reports
Application Infrastructure
Rules
Models
Application Data Model
Common Data
& Dimensions
Stress
Common Layer for Each Application
All Major Risk Types
BCBS 239 - Data Adequacy