In 2013, the Bank for International Settlements wrote that many banks lack “the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities.” Translation? Financial institutions as a whole have become so complex and the products they sell have developed so rapidly that their own risk infrastructure has not kept pace.
Financial Institutions’ Systems Don’t Provide a True Picture of Their Risk Exposure
The 2007 Global Financial Crisis exposed the inadequacies of financial institutions, (FIs’) risk-assessment and risk-management systems. In the aftermath, the Basel Committee on Banking Supervision, tasked with improving the quality of global banking oversight, passed legislation to prevent a repeat of the systemic problems. The guidelines, known as BCBS 239, aim to strengthen FIs’ risk-aggregation and risk-reporting practices, backed with a strong governance structure.
BCBS Compliance Deadline Approaches
The date by which the BCBS 239 requirements have to be met—January 2016— is fast approaching. But while this deadline is important, particularly for the 30 large FIs who are obliged to comply, its significance goes beyond those specific regulatory requirements for two reasons:
First, because the legislation is likely to be extended to a broader range of FIs outside the global mega-institutions.
Second, because the BCBS recommendations make sound business sense.
How Much Progress Have the FIs Made?
In February 2015, Oracle commissioned the Center for Financial Professionals to
undertake a Risk & Data Governance survey, through questionnaires and interviews
targeted at risk- and data-management professionals. The aim was to gauge the level
of readiness to meet the BCBS 239 requirements and to identify the main obstacles.
The results can be seen in detail at:
The survey, with almost 300 responses, was followed by a series of one-onone
interviews with senior professionals. With almost half of the participating
institutions holding assets of US$100bn or more, the insights that emerged need to be taken seriously.
Data Issues Continue to Dog the FIs
Drilling down into the problems faced by FIs in creating a comprehensive
risk-management system reveals data as the common factor. Specifically:
1. Poor data quality due to it originating from multiple sources
2. Inconsistent data availability due to siloed systems
3. Difficulty in collecting and aggregating data thanks to 1. and 2.
Only 17 percent of those surveyed claimed that data usage was consistent
across their organization and 57 percent weren’t confident that data was defined,
harmonized, and appropriately aligned to critical business and risk operation.
Silos Turn into Information Black Holes
The heart of the problem is that enterprise data tends to be held in multiple
separate data warehouses—for example, within the Risk, Marketing, Finance,
and Compliance functions. There is little evidence of widespread adoption of
central data warehouses, and silos remain the norm.
So What’s the Solution?
The challenges then are both technical and organizational. Technically, a unified
data platform is essential to eliminate silos and create a “single source of truth.”
But alongside this, effective data governance—the organizational tools which
ensure the gathering of high-quality, consistent data—has to be embedded in
the structure of the enterprise and treated as an ongoing process.
Ensuring that data assets are effectively managed to generate the trustworthy
numbers needed for critical decision-making is problematic. Data crosses functional
and geographic boundaries, and companies therefore need an organizational structure
that can overcome the human and technical barriers that this creates.
Strong business sponsorship, driven by powerful executives who can influence
across departments and geographies, is essential. This is why an increasing
number of forward-thinking organizations have set up data-management offices,
with a Chief Data Officer empowered to operate across all lines of business.
My FI Isn’t Online so Why Should I Bother?
If your organization is not one of the relatively small number of FIs affected by
BCBS 239, that’s a legitimate question. There are two reasons why you should care:
1. You may have to comply in future.
It’s very possible that tighter regulations will be imposed on the next
tier of FIs in the future. It would be wise to start planning for this sooner
rather than later.
2. It makes business sense.
There’s a growing recognition that data governance is not something driven solely
by regulatory demands; it is also an effective business tool. Rationalizing data into a
single source of truth that is accurate, clear and complete could have major strategic
benefits for the organization. Regulation is pushing FIs in a direction they should
be going anyway, namely business-led data governance linked to strategic goals.
So there it is. Getting to grips with your data will help should another
financial crisis emerge. But more than that, it’s just good business.