As a result of the 2008 financial crisis, a plethora of regulations emerged. Regulators began to take an active approach to enforce strict compliance and better risk governance through regulations such as the Basel Committee for Banking Supervision Standard 239 (BCBS 239).The cost of building infrastructure to meet the high regulatory bar has been challenging for financial institutions in spite of the financial consequences of noncompliance. As a result, implementation has been slow and sporadic.
At a time where vast amounts of data are created and regulatory compliance continues to become stricter, financial institutions are quickly realizing the importance of creating effective frameworks to manage risk. Rather than solving specific and individual regulatory issues, most institutions are looking for flexible solutions that can be used to meet the evolving regulatory landscape in a cost and time efficient manner.
The Bank for International Settlements (BIS) is owned by 62 central banks globally. Collectively, these banks responded to the financial crisis with a detailed whitepaper, Basel Committee for Banking Supervision standard number 239 (BCBS 239), published in 2013. The whitepaper outlined four major categories and 14 principles (11 of which are applicable to banks) that serve as a framework for effective risk data aggregation. These principles were created to guide financial institutions on how to better anticipate, manage, and assess risk.
BCBS 239 provides a foundational framework to address and help resolve banks’ critical weaknesses in understanding and accurately demonstrating their overall exposures and key risk factors. Before diving into the details of BCBS 239, it’s important to understand the events that prompted its need.
There have been many analyses of the financial crisis. Most analyses focus solely on the 2008-2009 period itself rather than on the various events that led to the crisis.
1999: The Financial Services Modernization Act (repealing of the 1933 Glass Steagall Act)allowed banks to use deposits to invest in derivatives. Banks needed this act to compete with foreign firms, promising to only invest in low-risk securities to protect their customers.
2000: The Commodity Futures Modernization Act exempted credit default swaps and other derivatives from regulation. This federal legislation overruled the state laws that had formerly prohibited this form of gambling.
2000-2008: Big banks had the resources to become sophisticated at leveraging complicated derivatives. The banks with the most intricate financial products made the most money. This phenomenon enabled banks to buy out smaller, safer banks. By 2008, many of these major banks became “too big to fail”.
The Result: Deregulation in the financial industry was the impetus to the 2008 financial crash. It allowed speculation on derivatives backed by cheap, sub-prime mortgages, available to even those with unverifiable creditworthiness. Additionally, “self regulation” by banks was unsuccessful, resulting in regulations created to enforce better management and oversight.
BCBS 239 does not look to reverse the events leading up to the financial crisis. Instead, its framework provides better safeguards against future crashes.
Banks have cited many reasons for their failure to fully comply and implement BCBS 239, despite its overall purpose of regulation and protection. Implementation of BCBS 239 has thus far achieved only partial success for a variety of reasons:
Differing Interpretation and Implementation of the Principles by Participant Banks
BCBS 239 is a framework of 14 principles that can be interpreted differently by each bank or regulator. Determining compliance is not straightforward, because the regulation is principle-based, and the metrics for measuring compliance are not well-defined.
Lack of Standard Industry Tools
Each bank has its own unique IT architecture. There are no known standard industry tools that can be uniformly deployed across all banks.
Legacy Systems
Legacy systems have outdated applications with hard-coded rules. Some of these applications are no longer used in the industry. This discrepancy creates additional challenges for effective and timely implementation.
Quickly Evolving Technologies
Finally, the fast-evolving nature of technology is rendering even recent solutions outdated or inefficient by the time they have actually been deployed.
The challenges with implementing and sustaining an effective risk aggregation and reporting framework continue to exist. However, continued advances in technology and solutions may offer alternative and more seamless approaches to achieving full compliance with BCBS 239.
BCBS 239 outlines three bank-related categories (Governance and Infrastructure, Risk Data Integration, and Risk Reporting Practices) and 11 principles, which are the necessary foundation of successful risk assessment, governance, and reporting. However, these three categories should not be viewed as bilaterally connected. They should be viewed in an integrated pipeline with principles embedded within each other.
In defense of the banks, the merger mania of the late 90s and early 00s left many with an array of applications that were not fully rationalized or integrated into a seamless architecture. The financial crisis exposed these legacy systems and their shortcomings. The requirements proposed by BCBS 239 have proven to be both intellectual and financial challenges.
While the regulators have shown patience towards banks’ progress to reach full compliance, regulators are still bringing down the hammer when appropriate (discretionary capital add-ons). As a result, the focus and pressure to achieve full compliance will remain a high priority.
If we analyze the BCBS 239 requirements in conjunction with the challenges banks have cited, it is apparent that a different approach to full compliance is needed. While course correction is not a real option (as banks have made significant investments into solutions and created a strategy for completion), it is unclear whether full compliance can be achieved in the projected timeline. It is clear, however, that banks need assistance to both support and expedite their journey towards complete regulatory compliance.
Data governance and risk management go hand-in-hand. Data governance should not be viewed as a one-off project to satisfy regulatory requirements. An effective framework continues to highlight weaknesses or shortcomings in systems, methods, and capabilities, allowing banks to address them quickly.
In the Basel Committee’s report, current weaknesses range from a lack of documented policies and procedures around risk data aggregation to weak risk systems, data quality controls, and end-to-end-views. Therefore, it is essential that banks implement a strong data governance framework (in addition to strong risk data architecture and IT infrastructure) to achieve regulatory compliance. By doing so, institutions will have accurate, compliant, and sustainable risk assessment and regulatory reporting. Only then can institutions claim confidence behind the quality and integrity of their data.
PeerNova’s Cuneiform Platform embraces the principles of BCBS 239, providing a solution to support and accelerate banks’ compliance strategy. The platform is an active data governance tool that enables end-to-end (E2E) trust and transparency of data and business flows. With continuous data quality checks, the platform quickly identifies and addresses quality and process issues as data is received, in parallel with other processing systems. PeerNova’s solution creates accurate regulatory and governance reports through a self-serve model, lowering the overall cost of risk and regulatory reports. With regulators quickly tightening the rope on compliance, banks must begin by implementing an active data governance framework if they want to meet (and eventually succeed) today’s stringent regulatory requirements.
To learn more about how PeerNova’s Cuneiform Platform can help your enterprise meet BCBS 239’s regulatory requirements, be sure to get in touch with us and request a demo today.
Sources:
BIS. “Bank for International Settlements.” The Bank for International Settlements, 2020, Link
BIS. “Principles for effective risk data aggregation and risk reporting.” The Bank for International Settlements, 2013. Link
