In 2013 the Basel Committee on Banking Supervision (BCBS) published a framework regarding the practice of reporting risk.
The BCBS 239 was entitled “Principles for effective risk data aggregation and risk reporting” and within this it was noted that, “One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks.”
It continued, “Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices. This had severe consequences for the banks themselves and to the stability of the financial system as a whole.”
BCBS 239 has set the standard for banks globally, and financial institutions now understand that compliance with the framework will result in increased business benefits and value.
In this blog we review four sections of BCBS 239 (which cover the 14 different Principles) and how AI.DATALIFT, our intelligent data management software, facilitates compliance with this key piece of banking legislation.
- Section 1: Overarching Governance and Infrastructure
A bank should have in place a strong governance framework, risk data architecture and IT infrastructure.
AI.DATALIFT is a robust, cloud-based application, hosted in Microsoft Azure infrastructure, which is backed by a 99.9% uptime guarantee. The AI.DATALIFT application has its own SLA which is guaranteed by Automated Intelligence, and backed with comprehensive customer support. AI.DATALIFT can be configured to meet the bank’s governance requirements for unstructured data.
- Section 2: Risk data aggregation capabilities
Banks should develop and maintain strong risk data aggregation capabilities to ensure that risk management reports reflect the risks in a reliable way.
AI.DATALIFT’s default dashboards display real-time management information, and custom reports can be run on-demand, or scheduled to run at specific times e.g. 8pm every Friday. Reports can span all data sources, or just selected sources or other criteria, and require no manual operations. Data risk can be reported along many criteria including location, file type, file size, file dates, classification/file plan code, file content (e.g. personal data, PCI risk) etc. Depending how the data is organised at source, it is usually the case that reports can be generated per department, function or other similar groupings. Reports can be delivered in real-time, on-demand, or to a regular schedule that best fits the bank’s operations.
- Section 3: Risk reporting practices
To manage risk effectively, the right information needs to be presented to the right people at the right time. Risk reports based on risk data should be accurate, clear and complete.
The accuracy of the system-generated reports can be manually validated by checking the output against the physical data sources. If the default set of reports are insufficient, Automated Intelligence’s Professional Services team works with banks to provide additional custom reports. Access to data inside the application is controlled by Role-Based Access Control to data sources. Reports that are generated can be published to a location that is only available to authorised recipients e.g. specific libraries in SharePoint Online.
- Section 4: Supervisory review, tools and cooperation
Supervisors will have an important role to play in monitoring and providing incentives for a bank’s implementation of, and ongoing compliance with, the Principles.
AI.DATALIFT is designed as a comprehensive tool to facilitate this in relation to unstructured data stored and managed by the bank.
Adherence to BCBS 239 should not be a “tick-box-exercise” but rather a part of a bank’s ongoing data governance. For more information on how AI.DATALIFT can be used to provide management information to monitor data risk, get in contact today on firstname.lastname@example.org