Regulatory change

BCBS239 … beyond compliance

BCSB239, Principles for Effective Risk Data Aggregation and Risk Reporting, or PERDARR, became mandatory for Global Systemically Important Banks (G-SIBs) as of January 1, 2016. BIS suggested that D-SIB banks should follow three years later, and central banks across Europe are now setting compliance deadlines for the so-called non-SIB institutions. The G-SIB self-reporting survey of March 2017 published by BIS indicates that only one out of the full population of G-SIB banks reports full compliance[2]. Non-SIB institutions cannot lean back as most of the recent Regulatory Technical Standards (RTS) published build upon the BCBS239 principles, and thus make these generally applicable.


Why is PERDARR compliance so hard, and achieving it so underestimated?

The principles[1] are not that complicated at first glance. Know your data and how it is processed, ensure adequate ownership, maintain quality and have it all available for timely risk-based decision making. G-SIBs have been spending up to a hundred million euro’s to achieve compliance, but over a year after the deadline G-SIBs are still expecting compliance to be more than a year away[2]. It is the data: getting it up to standard has become a momentous task after data quality dangling at the bottom of the priority list in the past years, next to systems migrations, mergers, and disinvestment. Not in the first place because many systems and process issues still persist throughout the organization today increasing the pool of questionable and invalidated data.


Is achieving full compliance then unattainable?

Achieving compliance is as much an organization attitude issue as it is fixing all the gaps and correcting the data issues. Data and its quality need to

be taken seriously throughout the organization;

become an unchallenged hygiene factor in everything that is done;

become measurable and actionable, through agreements, identification of key data elements and regular (management) reporting on quality.

Systems need to be designed not to produce a result, but to also to qualify accuracy.


How to do it?

Strengthen data governance, get the basic tools in place, and get the organization to use it by demanding insight into the quality of figures from the top down. Projective content driven project managers can give hands on advice on how to interpret and achieve data quality; conduct maturity assessments; successfully deliver solutions to meet data quality expectations; and bring about the needed cultural shift. Data quality insight is the foundation for improving decision making;  strengthening quality of strategic planning; and reducing the level of surprises. These are the goals PERDARR aims to achieve, and you can achieve by solving the right problem.


Sources and references:

[1] Basel Committee on Banking Supervision, Principles for effective risk data aggregation and risk reporting, January 2013

[2]Basel Committee on Banking Supervision , Progress in adopting the Principles for effective risk data aggregation and risk reporting, March 2017,

Published by: Alexander van Lomwel