BCBS-239, RISK DATA AGGREGATION AND RISK REPORTING

Written By Element22

Client Background

The client is a Tier 1 Global Bank. The project involved working with one of the bank’s major subsidiaries to develop a BCBS-239 assessment methodology and deploy it to measure the level of compliance across the organization.

This project provided a comprehensive assessment of the subsidiaries’ level of compliance, but also served as a pilot for broader learning for the Head Office team.

The Challenge

Due to heightened regulatory scrutiny on the topic of BCBS-239 across the banking industry, the leadership team felt it prudent to reassess the current level of compliance and identify any gaps for remediation.The client needed a clear understanding of the level of BCBS-239 compliance today, and a practical methodology for assessment.

Our Approach

The client’s objective was to measure their compliance with BCBS-239 principles from data source through to aggregated reporting, so 3 group teams and the 16 largest country offices were assessed, representing the full data lifecycle from origination.

I. Framework Planning

Starting with the standard element22 BCBS-239 assessment framework, we amended the framework slightly to meet the unique needs of the organisation, and agreed on the scoring approach, how data would be gathered (our own Pellustro assessment software vs bespoke templates) and level of evidence collection.

II. Allocating the assessment

  • We allocated the 58 BCBS-239 statements to the teams who were best placed to respond - Data Office, Technology, Risk, Finance - either within group functions, in country offices or both

  • We assigned a lead to each functional team and then finalised the list of subject matter experts who would complete the assessment

III. Conducting the Assessment

  • After configuring the assessment scoring templates, a series of executive interviews gathered important context, followed by BCBS-239 & Pellustro training for all participants

  • The assessment scoring and evidence collection were managed through guided scoring workshops with Risk, Data. Finance and IT teams to help them complete the assessment

  • Drop in clinics resolved open questions and were followed by individual review sessions with each of the 19 participating teams, which allowed scoring to be reviewed and normalized

IV. Assessment Results

  • Scores were compiled for each team at both a statement and principle level

  • Supporting comments were analysed to establish patterns and anomalies between reporting teams, with individual team feedback compiled

  • A detailed report of the results at both country and group level was developed

  • Based on the findings in this report, draft group level recommendations were also developed, discussed with project sponsors and finalised

  • Summary results and recommendations were then presented to the project steering committee, as well as a separate presentation to wider management and project participants

Outcomes

A series of high level recommendations were developed from the assessment results and context gathered during project interviews, integrating broader ECB & Basel Committee recommendations to the industry. Recommendations covered a broad range of related topics including aspects of Risk stress-testing, data governance programme controls, integrated data architecture technology tools; and dedicated reporting. In line with the regulatory focus on tangible results, these recommendations defined a set of actions to deliver meaningful and ongoing RDARR control impact.

Conclusion

This short engagement enabled the client to run a comprehensive front to back self-assessment of BCBS-239 principles, gaining a detailed understanding of compliance and gaps.

The assessment results and the supporting evidence delivered to each team, provided each participating group with the ability to drill down further into their own scores and areas of weakness. 

The aggregated group scores highlighted common themes and anomalies and delivered a series of practical recommendations, jointly developed with input from the project team and senior stakeholders. All recommendations were accepted by the Senior Steering committee and have been integrated into the wider Risk transformation plan.

Lastly, the assessment framework and training materials were designed so that the client can repeat the exercise at a later point, enabling future progress to be measured against a common model.

Keen to hear how element22 can help you with BCBS-239 and Risk Data Aggregation? Get in touch today - sales@element-22.com

Element22
Next

FROM POLICY TO PROOF: OPERATIONALIZING REGULATION S-P COMPLIANCE