Data Management Toolkit

In the last decade, significant efforts have been made to enhance risk management practices in major banks related to data aggregation governance. The Basel Committee introduced BCBS 239 in 2013, aiming to establish a robust data management framework that improves internal and regulatory risk reporting and decision-making while reducing losses.

Although banks acknowledge the importance of BCBS 239 and have made progress, achieving full compliance remains challenging. None of the global systemically important banks have achieved complete compliance, leading to a prolonged implementation timeline. Compliance now extends to a wider range of banks, assessed based on progress and commitment.

BCBS 239 has become the leading standard, setting higher data management expectations for regulators and stakeholders. Its application covers various risk management processes, with banks determining the specific areas requiring compliance. Initially focusing on COREP and FINREP reports, the industry has expanded to include additional regulatory and internal reporting, making the BCBS 239 principles a “de facto” standard for essential business data.

To effectively implement BCBS 239, starting with a limited scope and gradually expanding the data management framework, is recommended, as well as taking a pragmatic approach in ensuring alignment with the principles and delivering the required reports. For that purpose, Finalyse has developed a data governance toolkit that seamlessly aligns with the regulatory framework, while offering a practical, hands-on approach to implement industry best practices, resulting in faster implementation. The Finalyse toolkit enables clients to adopt these practices efficiently, using as a starting point already a few steps down the process.

Finalyse acknowledges the imperative of investing in a centralised data management framework and effective data governance, and sees the following focus areas and approach when tackling data management:

Implementing data governance for managing and leveraging on data effectively, can be a rather complex and lengthy process. Finalyse supports and promotes the importance of adopting a pragmatic approach and sets the basis for capturing the minimum requirements which all organisations in the sector should adhere to, irrespective of their size, complexity, and regulatory obligations.

The Data Governance Toolkit offers a comprehensive solution to address challenges associated with implementing and maintaining robust data governance practices.

From establishing a governance framework to ensuring data quality, compliance, and security, the toolkit empowers organizations to overcome data governance hurdles and leverage their data as a strategic asset. By adopting the Data Governance Toolkit, organisations can achieve enhanced data governance maturity, drive informed decision-making, and establish a strong foundation for their data-driven initiatives.

Finalyse has consolidated its best practices and adopted a value-centric approach for BCBS239 compliance. As a result, six practical tools, processes, and templates have been developed, easily customisable to any organisation’s requirements.

The primary objective of this feature is to provide a clear representation of the existing controls, and document these effectively, by identifying key reporting standards and defining the controls' scope within the identified reporting framework.

Once the scope of a project or task is established, the relevant data shall be mapped in a process flow dictionary, which ensures that all data elements in scope are identified, understood and accurately documented. Mapping the data, includes capturing information about the specific data fields, their definitions, formats, sources, and any relevant attributes. This step helps in creating a comprehensive inventory of the data elements involved, promoting clarity and consistency in data management. It also contributes to creating a clear reference for data management, enables effective analysis and decision-making, and establishes the necessary controls to ensure data integrity and security.

Next to data mapping, also the data dimensions are being identified. Data dimensions refer to the different aspects or categories that provide context to the data. This assists in understanding the various factors that influence the data and enables a better analysis and decision-making.

The dimensions are described below:

The reporting inventory plays a crucial role in the reporting process as it provides pertinent information, ensuring adherence to harmonised reporting templates. The proposed template follows a specific sequence to streamline the inventory creation:

Scope Definition: The first step involves defining the scope of reports encompassing Risk, Finance, and Regulatory aspects, while ensuring all relevant data is incorporated.

Assignment of Responsibilities: All reports may be assigned specific responsibilities, ensuring clear ownership and accountability for their accurate and timely completion.

Inventory Establishment: The inventory describes all the necessary information related to each report, including details such as report name, purpose, data sources, key stakeholders, and any specific requirements or guidelines.

Validation of Inventory: The created inventory must be validated by internal and external contributors and stakeholders, ensuring that all relevant parties have reviewed and confirmed accuracy and completeness of the inventory.

Process Definition: To maintain the effectiveness of the inventory, defining and establishing a process to ensure regular updates, is essential. This process outlines the steps, responsibilities, and frequency of updating the inventory to reflect any changes or additions accurately.

By following this sequence, the reporting inventory becomes a reliable and comprehensive resource that supports efficient reporting processes. It provides a clear overview of the reports, their associated responsibilities, and the necessary information, ensuring accurate and consistent reporting across the organization.

Project data maturity refers to the level of data management and governance practices within an organisation's project. It encompasses processes, tools, and methodologies used to collect, analyse, store, and maintain project data. Assessing project data maturity allows organisations to identify gaps and implement improvements that enhance data quality and the overall project management lifecycle. The proposed template features the following items:

Maturity Assessment: It assesses various dimensions of project data maturity, such as data governance, data quality, data integration, data security, and data lifecycle management, providing insights on the existing data management practices.

Scoring Framework: It provides a structured scoring framework for measuring the maturity level of each dimension, assign scores based on predefined criteria, identify areas for improvement, and prioritize the data management efforts accordingly.

Actionable Recommendations: Actionable recommendations and best practices to enhance data management enable organisations to implement strategies such as data governance frameworks, data quality controls, data integration standards, and data security measures.

Improved Data Quality: By assessing project data maturity, organizations can identify data quality gaps and implement measures to enhance data accuracy, completeness, and consistency. This ensures reliable and trustworthy project data, leading to informed decision-making.

Compliance and Risk Mitigation: This helps ensure compliance with data privacy regulations and mitigate data-related risks. By implementing data governance and security measures, organisations can protect sensitive project data, maintain regulatory compliance, and safeguard their reputation.

To assist the process of assessing compliance with BCBS239, the Data Governance Toolkit also offers an Assessment Questionnaire Template. Specifically, the key features of which are listed below:

Comprehensive Coverage: The questionnaire covers the key principles outlined in BCBS239, addressing areas such as data governance, risk data aggregation capabilities, reporting processes, data quality management, and technology infrastructure.

Evaluation Framework: The template provides a structured framework to assess compliance with each BCBS239 principle. It includes a series of targeted questions that prompt organisations to evaluate their current practices and identify areas for improvement.

Actionable Recommendations: Based on the assessment results, the template offers actionable recommendations to enhance compliance with BCBS 239. These recommendations guide financial institutions in implementing necessary changes, such as establishing data governance committees, enhancing data quality controls, improving data lineage documentation, and strengthening reporting frameworks.

Regulatory Compliance: The toolkit helps assess adherence to BCBS 239 requirements, ensuring that regulatory expectations are met, and penalties and reputational damage are avoided, while demonstrating a commitment to sound risk data management.

Enhanced Risk Management: Evaluating compliance with BCBS 239 principles allows institutions to identify gaps in risk data aggregation and reporting. By implementing the toolkit's recommendations, organisations can enhance their risk management capabilities, leading to more informed decision-making and improved risk mitigation strategies.

Efficiency and Transparency: The toolkit promotes efficiency and transparency in risk data processes. It assists organisations in streamlining data governance practices, establishing standardised data definitions, and improving data quality. This, in turn, facilitates smoother operations and reliable reporting mechanisms.

BCBS 239 related governance should now be considered for implementing in a wider range of organisations, than systemic institutions. Smaller banks and late adopters can benefit from the extensive experience gathered along the years in multiple data governance projects and use this as a basis for implementing the minimum standards for data governance.

Summarising these insights, the Finalyse toolkit is offering hands-on best practices in order to start a new governance from scratch or to audit governance that has proven limited to deliver the desired results. The toolkit is highly customisable to the specificities of every different banks.

Finalyse’s recommendation lies on the value of ‘starting small’ and ‘grow steady’, identifying a reporting stream that should be analysed with priority, deploy, and adapt the toolkit for this specific stream. Further, gain insight on how to make it achieve the specific goals of the organisation it is applied to, then extend the scope on new reporting streams iteratively.

Applying this agile way of working we can make sure promised value expected from this governance is delivered as soon as possible for a small scope. Proportionating the effort to the value it creates to reports and data owners being a key factor of success for the implementation of a new data management framework.

Do not hesitate to request a free workshop to be introduced to the different features of toolbox and identify the parts and approach that would suit your governance goals.