Sep 2021 | Articles |

During the Global financial crisis in 2008 banks struggled to responsively gain clarity on their exposure or predict default despite banks having robust modelling in place. Regulators found it to be the quality and credibility of the data used in these models to be the root cause. Despite these learnings, 2 years later, banks were yet again faced with similar challenges during the EuroZone Greek crisis.


Regulators stepped in and created BCBS239 as a regulation to ensure data used to determine risk metrics are managed appropriately.


BCBS239 should never have been a regulation. Actively managing one of their key assets, their data, is something banks should always have been doing.


The Covid pandemic has once again shown that no-one can predict the future and what it may hold. Even though BCBS 239 should never have been a regulation, it provides key foundational principles to ensure readiness for the next world event.


Managing Data Risk in Australia (APRA CPG 235 Guidelines)


CPG235 is a similar guideline implemented by APRA in the Australian context – even though required in Australia – as it is in Europe and other countries. CPG235 suggests appropriate management of all data risk within financial services organisations. It is a wider scope than BCBS where the focus is more on risk data management than managing risk associated with all data.


BCBS239 – managing risk data, CPG235 – managing data risk


Summary overview of BCBS239 and CPG235 


BCBS-239 is a principle based regulation that covers various aspects of risk data which includes credit risk, operational risk, market risk and all other material risk types.


The 11 principles prescribed for the banks in the BCBS regulation are categorised into three distinct categories and can be summarised as follows: