As if the growing alphabet soup of IT-related regulations and industry standards (SOX, HIPAA, PCI-DSS, GDPR, CCPA …) weren’t dizzying enough, here’s one specific to the global banking industry: BCBS 239.
BCBS stands for “Basel Committee on Banking Supervision,” an international organization that sets standards and guidelines for banking regulations. BCBS 239 is a document published by that committee entitled, Principles for Effective Risk Data Aggregation and Risk Reporting. (You can see why it’s referred to by number and not by the title.) The document, first published in 2013, outlines best practices for global and domestic banks to identify, manage, and report risks, including credit, market, liquidity, and operational risks.
What BCBS 239 Does
The document organizes the best practices into a set of 14 principles. Eleven of those principles are relevant to the banks themselves; the rest pertain to national and regional regulatory bodies.
It will not surprise you to learn all 11 of the bank-relevant principles are related to data in some form or fashion. Here’s a sampling:
– Principle 1 covers data governance, including “a firm’s policies on data confidentiality, integrity, and availability, as well as risk-management policies.”
– Principle 3 contains data accuracy and integrity rules. This principle requires that banks use automated means of data aggregation and not rely on manual processes.
– Principle 4 covers completeness, or the ability of a bank to be certain it is aggregating all risk data across the entire operation, and not inadvertently (or deliberately) omitting anything.
– Principles 7-11 include risk reporting, including the comprehensiveness, timeliness, usefulness, and accuracy of risk management reports.
Metadata Management is the Key to Successful Data Governance
Learn more in the webinar, "Metadata Management Automation for the Governance Minded"Watch the Webinar!
BCBS 239 and Automated Metadata Management Tools
You may recognize the common thread running through all of these principles: Metadata.
Metadata informs data governance by enabling enterprises (banks and/or other types of businesses) to understand the sources of their data, the transformations those sources undergo, and uses for their data. Individual business policies regarding who is responsible for data quality and how data is classified, stored, protected, and used can then be enforced by the institution’s supervisors.
– Enables reliable data aggregation by informing business glossaries and other standards that unify all sources of data to “speak the same language.”
– Guarantees completeness when it can be discovered and cataloged across the entire data landscape.
– Ensures complete and accurate reporting by enabling comprehensive data lineage and visualization tools.
Getting Compliant with Metadata Management Automation
The business world does not suffer from a lack of regulations and standards demanding compliance. The number and scope of regulations are growing all the time, especially in the areas of data privacy and security. A business intelligence platform with automated metadata tools gives users capabilities to achieve compliance where they otherwise couldn’t, especially when there’s a seemingly never-ending requirement for collecting and producing data reports across a complex metadata landscape.
Automated metadata discovery enables users to find and identify metadata across multiple, complex sources and repositories without the time-consuming manual processes. The ability to accomplish data discovery tasks automatically and repeatedly means data catalogs, business glossaries, and other critical data artifacts are current, even in a constantly shifting data landscape in which new sources are added, old ones retired, and existing ones changed in size, structure, and scope.
Automated data lineage tools help business intelligence and analytics teams quickly and accurately trace data from source to target, including all the stops in-between. These tools produce visual evidence for auditors and simplify the troubleshooting process when reporting errors are found.
Manual approaches to compliance are no longer sufficient.
They are impractical, anyway. For BCBS 239, automated approaches are part of the requirements; manual processes have greater potential for problems with accuracy and completeness, as well as the inability to respond rapidly in crises.
Although BCBS 239 established new principles seven years ago, companies are still struggling with the right IT infrastructure for compliance, and an automated business intelligence and analytics platform like Octopai is essential for data regulatory compliance of all kinds.