Almost a decade after publishing its BCBS 239 principles on data aggregation and reporting, banks are at different stages in aligning with these principles, according to a BCBS report published today.
Extra work is required across the banking community to be fully compliant, with only two global systemically-important banks (G-SIBs) out of 31 surveyed found to be fully compliant with the Principles.
These conclusions appear in a report on banks’ progress in implementing the BCBS 239 Principles for risk data aggregation and reporting.
The BCBS finds that some banks have responded well to the recommendations made in previous progress reports by setting in place roadmaps to deliver full compliance with these principles.
However, in many cases these initiatives were poorly funded, limited in their scope and they did not receive adequate attention from key decision makers within the organisation, particularly boards of directors and senior management.
Some banks failed to address legacy IT concerns and to set ambitious timelines, falling short in recognising the full complexity of these projects and how these are interdependent with other initiatives.
In a number of cases, banks widened the scope of their implementation programmes beyond risk data aggregation to embrace more emerging risks and a wider range of entities. This has, on occasions, extended the time required to become fully compliant with the BCBS 239 principles, the report finds.
Covid-19 and other more recent stress events have shone the spotlight on weaknesses at banks associated with maintaining a fragmented IT landscape and deficient risk aggregation procedures and reporting systems.
In the findings of the recently published 2022 Bank Compliance evaluation, the BCBS concludes that 10 years after the initial publication of the principles and seven years after the expected date of compliance, most banks had achieved the status of “largely compliant” (a rating of “3”).
However, only two banks out of 31 surveyed were found to be fully compliant (rating of “4”) with all of the Principles.
Additionally, there is not one Principle that has been fully implemented across all banks in the survey.
In comparing findings of the 2022 assessment with those for 2020, the BCBS concluded that a few banks had advanced in implementing mature data management frameworks, effective committee oversight and end-to-end ownership, accountability and monitoring of data across the data lifecycle (p 4).
Some banks had set in place well-documented policies regarding how IT and data processes — particularly data quality criteria and controls, management of meta data — should be implemented and enforced.
Many banks surveyed had implemented cloud-based data storage and data management to improve continuity and compatibility of applications, security and performance. A number of banks had also adopted automated reporting platforms, business intelligence solutions and dashboards to create customisable reports and analytics.
However, on the downside, the report confirms that data architecture and IT improvements can take time to implement, given the complexity of most bank’s global operating environments. It suggests that some banks lack a common taxonomy and complete data lineage to facilitate this process.
The report also finds that artificial intelligence has not yet materially improved banks’ risk data aggregation and risk reporting procedures.
While banks regularly emphasise the potential of new technologies to help overcome persistent data management challenges — including the need to automate documentation, to reduce manual touch points, to automate the discovery and visualisation of data flows — many banks lack quality data, which is a fundamental requirement for the successful implementation of any digitalisation project.
