BCBS239 Software

BCBS239 Software - An Integrated View

BCBS239 explicitly challenges the silo driven structure of banks today with clear requirements to bring a holistic enterprise understanding of risk data, risk data aggregation & reporting. Holistic refers to both the understanding, which must span many disciplines, and to the community, where business, IT and Risk functions need to collaborate to bring consistency and control across the data life cycle. The Axon BCBS239 Software is a new breed of software that allows you to build up and govern an integrated view of the firm and its core assets.

 

Inventorise Risk Assets

Have sight of the assets that are core to your risk reporting: data, systems, processes, policies, rules, people, roles, legal entities etc.

Measure & Understand Impact

Measure and understand materiality of weaknesses and gaps at the lowest level and the aggregate. 

Understand Interplay

Understand how those assets hang together and interact especially those manual and EUC based interactions.

Govern & Control

Govern & Control the assets to understand impact of change and ensure continuous improvement.



14 Principles, 87 Requirements, a Single Knowledge Base

The BCBS239 regulator does not demand a perfect data landscape nor that the reporting process is fully automated and exception free, it demands banks to drastically increase the level of understanding and control end-to-end. This requires the many data, IT and business functions and disciplines to work together far more effectively. Being lined up needs to be the norm not the exception if we want to structurally improve as part of a continuous process. The Diaku Axon BCBS239 Software allows you to progressively build up an integrated understanding not only of your core risk data items, their lineage and quality but equally of data usage in terms of reports, processes, legal entities, products, jurisdictions etc.

The Risk Perspective

The BCBS239 text presents some key challenges from a risk perspective. The main ones are outlined below

Management needs to be aware of & understand limitations

A bank’s board and senior management should be fully aware of any limitations that prevent full risk data aggregation – coverage, technical and legal
Make state of risk data aggregation visible & accessible to management so they can steer on gaps and deficiencies

Transparency across the full lifecycle of data aggregation

Processes, controls, roles, data definitions, validations, reports, usage, requirements, errors etc. must be fully documented and subject to high standards of validation.
Inventorise building blocks of risk aggregation and understand how they interact, use and depend on one another

Manage manual processes & desktop apps

Where a bank relies on manual processes and desktop apps it should have effective mitigants and controls in place that are consistently applied
Bring visibility, context & governance to manual processes & desktop applications. Include desktop apps in dictionaries and lineage maps

Span organisational boundaries

Group structure should not hinder aggregation capabilities within the organisation. Regional, legal entity or business line boundaries must be overcome.
Join up data understanding, governance and change efforts across functions,  disciplines and legal entities

Aggregated risk on demand

Banks need to implement a flexible infrastructure and operational environment to quickly produce adaptable ad-hoc reports in line with stressed scenarios
Become agile and flexible by understanding the interplay of your core data and business resources.

Impact of change initiatives

Must be able to assess impact to risk data aggregation & reporting capability for any new initiatives e.g. new products , process change, IT change.
Have a readily available understanding of the environment to facilitate quick impact assessments

The Data Perspective

The BCBS239 text presents some key challenges from a data perspective. The main ones are outlined below

Risk data aggregation is not limited to Risk data

All forms of data consumed by the risk function fall within the scope of the principles. This includes entities & hierarchies, book & trade data, prices, instruments etc.
A capability to describe any data item, its lineage, business usage and stakeholder community

An organisation wide, cross-functional view of data

An organisation wide, cross-functional approach is required to bring visibility & a unified understanding to data, its definitions, ownership, lineage, usage, controls, quality etc.
Understanding data usage, flow, dependency, materiality and governance across functions & disciplines

Enterprise wide data management capability

Organisation wide data taxonomies must be agreed & consistently used by the business. Governance, quality, lineage & data management processes must also be delivered.
Drive an integrated approach to your enterprise data management efforts across definitions, governance, data quality, lineage, IT etc.

Data in desktop applications (EUCs)

Using Excel is not prohibited, but the regulator demands oversight and control. Banks must understand the materiality of those desktop applications.
Ensure one has sight of the EUCs and understands the materiality of those in terms of data, lineage, governance etc.

A driver for cultural change

Requires business side executives to take the lead starting with ownership of data and its issues as well as willingness to drive change in their own organisations.
Drive a new way of working around data. Understanding one’s core data resources and their business context is only a click away.

The business context of data

Data must be connected to the processes and policies that manipulate and control it. The business relevance and materiality of data needs to be captured and governed
Not all data is equal. Understand what are your core data items and their business relevance and materiality