BCBS 239 - Risk data aggregation and reporting

Scope and objectives

In "BCBS 239 - Principles for effective risk data aggregation and risk reporting" the Basel Committee has drafted requirements for the group-wide integrated interaction of processes, data and methodology across all risk types. These requirements focus on the data used for management control of banks and for ensuring risk bearing capacity. Moreover, consideration of balance sheet data and supervisory reporting is recommended.
The procedures for risk data aggregation and reporting should demonstrate proven effectiveness, not only under normal operating conditions, but particularly in times of crisis when ad hoc information is necessary for rapid decision-making. In this context the ability to perform scenario analysis and stress testing is also of great value.

Content requirements and specific implementation

BCBS 239 formulates abstract principles which both permit and require implementation according to the specific circumstances of the individual institutes. From the viewpoint of the institutes, requirements leading to sustained improvement of the business and IT architecture are of particular interest.


In essence, BCBS 239 targets two subject areas which present different challenges in their practical implementation:


Rapid and reliable standard reporting

This requires stable business and IT processes, enhanced automation, and consequent reduction of manual workarounds in data processing. The tension between the need to report as rapidly as possible while, at the same time, meeting high quality requirements is resolved by requiring explicit specifications from the recipients of reports.


Flexible opportunities for ad hoc analysis

Clearly defined responsibilities and efficiently integrated process chains are necessary in order to be able to make data available quickly and flexibly outside of the standard reporting structure. This is the basis on which, with appropriate tools, the required ad hoc reports can be generated for a crisis situation or for other analytical requirements. In this respect, and in contrast to standard reporting, automation is less a part of the solution than good information management and proven business processes.


Our experience has shown that a practical implementation of BCBS 239 involves the following features.

  • A simple amalgamation of data from various sources and group units is possible:

    • In groups and institutions, the data required is generally held in various databases and data models - each suited to the specific intended use
    • To be able to amalgamate different data records at any time (also on an ad-hoc basis), uniform (logical) identifiers are necessary for entity relevant types of data (e.g. for transactions, counterparties, portfolios)
    • In addition to this, it must be ensured that compatible granularity levels and aggregation levels of inventory data are provided. These levels are defined on the basis of specialist requirements (optimal selection of consolidation points)
    • Achieving this requires a good understanding of the specialist architecture (functional requirements, boundary conditions and interfaces)

  • Extensive automated processes for the quality assurance of data are implemented:

    • Efficient data flow processes, supported by reliable technology, ensure a reliable data supply, including automated quality assurance and reconciliation in accordance with the relevant functional requirements
    • Unique identifiers are transferred to interfaces, enabling data records to be clearly identified at any time and in all systems where these records are used or processed

  • Serviceability and flexibility of the IT infrastructure are guaranteed:

    • Specialist processes are fully considered in the design of IT processes, and IT solutions are organised as uniformly as possible
    • IT Change Management is stringently aligned with technical requirements of the banking business
    • Sufficient resources are available for adaptations as part of the standard release processes, even outside of projects

  • Data responsibilities are clearly defined:

    • Requirements pertaining to data input and quality assurance are derived from consideration of the intended use of the data
    • A leading system and corresponding data model is designated for each distinct data type
    • Maintenance and quality assurance are carried out within the original source systems in accordance with the requirements of the data users

The basis for guaranteeing the above-mentioned features is the relevant general governance procedures specified by company management.

d-fine stands for cost-efficient implementation

  • analysis of the initial situation and specification of objectives and the desired outcome
  • clear definition of data and IT processes
  • pragmatic elimination of existing areas of weakness


The transparent presentation of complex content combined with the implementation of efficient analysis tools, will create sustained added value for your institution.

We will be happy to arrange a meeting with your experts on this important subject. We are looking forward to hearing from you.

For detailed information on our references and our approach in the domain of BCBS 239, call us on +49 69 907370 or email us at info@remove-this.d-fine.de, with the subject line "BCBS 239".