As if the growing alphabet soup of IT-related regulations and industry standards (SOX, HIPAA, PCI-DSS, GDPR, CCPA …) weren’t dizzying enough, here’s one specific to the global banking industry: BCBS 239.
BCBS stands for “Basel Committee on Banking Supervision,” an international organization that sets standards and guidelines for banking regulations. BCBS 239 is a document published by that committee entitled, Principles for Effective Risk Data Aggregation and Risk Reporting. (You can see why it’s referred to by number and not by the title.) The document, first published in 2013, outlines best practices for global and domestic banks to identify, manage, and report risks, including credit, market, liquidity, and operational risks.
What BCBS 239 Does
The document organizes the best practices into a set of 14 principles. Eleven of those principles are relevant to the banks themselves; the rest pertain to national and regional regulatory bodies.
It will not surprise you to learn all 11 of the bank-relevant principles are related to data in some form or fashion. Here’s a sampling:
– Principle 1 covers data governance, including “a firm’s policies on data confidentiality, integrity, and availability, as well as risk-management policies.”
– Principle 3 contains data accuracy and integrity rules. This principle requires that banks use automated means of data aggregation and not rely on manual processes.
– Principle 4 covers completeness, or the ability of a bank to be certain it is aggregating all risk data across the entire operation, and not inadvertently (or deliberately) omitting anything.
– Principles 7-11 include risk reporting, including the comprehensiveness, timeliness, usefulness, and accuracy of risk management reports.
Metadata Management is the Key to Successful Data Governance
Learn more in the webinar, "Metadata Management Automation for the Governance Minded"Watch the Webinar!
BCBS 239 and Automated Metadata Management Tools
You may recognize the common thread running through all of these principles: Metadata.
Metadata informs data governance by enabling enterprises (banks and/or other types of businesses) to understand the sources of their data, the transformations those sources undergo, and uses for their data. Individual business policies regarding who is responsible for data quality and how data is classified, stored, protected, and used can then be enforced by the institution’s supervisors.
– Enables reliable data aggregation by informing business glossaries and other standards that unify all sources of data to “speak the same language.”
– Guarantees completeness when it can be discovered and cataloged across the entire data landscape.
– Ensures complete and accurate reporting by enabling comprehensive data lineage and visualization tools.
Getting Compliant with Metadata Management Automation
The business world does not suffer from a lack of regulations and standards demanding compliance. The number and scope of regulations are growing all the time, especially in the areas of data privacy and security. A business intelligence platform with automated metadata tools gives users capabilities to achieve compliance where they otherwise couldn’t, especially when there’s a seemingly never-ending requirement for collecting and producing data reports across a complex metadata landscape.
Automated metadata discovery enables users to find and identify metadata across multiple, complex sources and repositories without the time-consuming manual processes. The ability to accomplish data discovery tasks automatically and repeatedly means data catalogs, business glossaries, and other critical data artifacts are current, even in a constantly shifting data landscape in which new sources are added, old ones retired, and existing ones changed in size, structure, and scope.
Automated data lineage tools help business intelligence and analytics teams quickly and accurately trace data from source to target, including all the stops in-between. These tools produce visual evidence for auditors and simplify the troubleshooting process when reporting errors are found.
Role of Data Lineage in BCBS 239 Compliance
Data lineage is the following of the path of any data point through your data environment. That includes tracing the data back to the point at which it entered your system, or forward to where its journey ended or exited your system. It also includes seeing what transformations the data underwent or where it had an impact on your other data assets. Let’s look a little deeper into how, when it comes to BCBS 239, data lineage is an invaluable resource.
BCBS 239 stipulates data completeness
When you have multiple systems in your data environment, it’s tricky to keep track of what you have where. Even worse, you may assume that important data is being tracked “in the other system,” when, in reality, it’s disappeared. Data lineage provides you with a complete visual map of your data systems and the data flow through them. You can see clearly what you have and where it is, without tedious searches or risky assumptions.
BCBS 239 mandates data accuracy
The data in your environment can be inaccurate for many reasons: multiple uncoordinated data systems, integration of external data with complex structures, or errors in the source data. When you use data lineage to pinpoint the exact source of any data point and examine what happened at each step of its journey though your systems, the reason for any inaccuracy becomes patently obvious – and from there it’s a short path to a fix.
BCBS 239 demands reporting timeliness
Tracking down the source of reporting errors (or verifying that, indeed, they are not errors) is a common cause of reporting delays and frantic all-night scrambles before audits. Data lineage gives you an express route to finding answers to any questions of “where did that number come from?” Track the path of the data point in question back through your systems using data lineage and you’ll have an answer in a fraction of the time it would take you to track it down manually.
In short, you’ll find multiple roles for data lineage in BCBS 239 compliance measures.
Manual approaches to compliance are no longer sufficient.
They are impractical, anyway. For BCBS 239, automated approaches are part of the requirements; manual processes have greater potential for problems with accuracy and completeness, as well as the inability to respond rapidly in crises.
Although BCBS 239 established new principles seven years ago, companies are still struggling with the right IT infrastructure for compliance, and an automated business intelligence and analytics platform like Octopai is essential for data regulatory compliance of all kinds.