The Second Day of BCBS 239: Governance

By Stephen Engdahl | 5 December 2014

Without proper control of the data supply chain, you risk big misunderstandings and mistakes. Now that G. Sibley has established his bank’s critical data definitions, he can put in place the structure necessary to assure the proper controls around those elements – the aspects of business ownership, data stewardship, change management controls, and steering committee oversight. This calls for enterprise-wide data governance.

Business and operations, take note – this isn’t just an IT issue, it applies to you too. The BCBS 239 Principles specifically call out IT, business, operations, auditors, and risk managers to each play a part in risk data aggregation.

  • BCBS 239 Principle 1 incorporates a bank’s data supply chain into its overall risk management framework. Data risks become bank risks, from a regulatory standpoint.
  • BCBS 239 Principle 2 takes this concept further, calling upon both the business and IT to have defined roles and responsibilities for the quality and ownership of risk data. It also stipulates there must be controls throughout the lifecycle of data, from source to use.

We’re often asked by our clients and prospects how to get started with implementing data governance across their organisations. It starts with establishing general principles for oversight of data sets within your organisation – how steering committees work, what steps must be followed for change management, how information about the management of data is communicated.

But another early step is identifying how people relate to data sets: who are the producers, consumers, processors, and overseers of each data supply chain? G. Sibley will need to identify steering committees and consumers. G. Sibley will also need to identify individual data stewards with ultimate responsibility and accountability for every important data set. We have found that the right people with the right skill sets to become good data stewards could be resident in multiple places throughout business, operations, and technology teams.  This is why we believe one of the top skill sets for successful Chief Data Officers is their ability to navigate the politics of a complex organisation to secure the buy-in they need.

Governance must be a living process, rather than something which gets documented in a binder and then set aside. Once the relationships of people to data are established, these aspects can and should be captured in a dynamic operational system which is linked to your data dictionary. Setting data entitlements, managing communications, and supporting traceability all improve if your data governance framework can drive your actual data processing environment.

Once he sets up data governance, G. Sibley will turn next to Data Architecture. 

Look out for day three next week.

By Steve Engdahl, SVP, Product Strategy, Goldensource 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development