PwC's Financial RegTech Insights: March 2019


BCBS 239 – Principles for effective risk data aggregation and reporting

The Basel Committee on Banking Supervision (BCBS) came up with BCBS 239 Principles1 on effective risk data aggregation and reporting (RDAR) in 2013. Its main objective was to strengthen banks’ risk data aggregation capabilities and risk reporting during normal and stress situations. These principles are applicable for Global Systemically Important Banks (G-SIBs) and Domestic Systemically Important Banks (D-SIBs). Banks identified as G-SIBs by the Financial Stability Board (FSB) in 2011-12 were required to be compliant by January 2016.

The guideline focuses on 14 principles, which are broadly categorised under four topics:

BCBS 239

Overarching governance and architecture
Risk data aggregation capabilities
Risk reporting practices
Supervisory review, tools and cooperation

Overarching governance and infrastructure

According to BCBS 239 Principles, banks need to comply with a strong governance framework, risk data architecture and Information Technology (IT) infrastructure. Their boards are required to provide oversight to their senior management who are responsible for ensuring robust implementation of all risk data aggregation and risk reporting capabilities during normal as well as in stress situations or during crises.

Risk data aggregation capabilities

According to BCBS 239 Principles, banks need to put in place strong risk data aggregation capabilities that are aligned with the requirements of their risk management reports. In addition, they are required to generate accurate and reliable risk data on an automated basis. It is imperative for them to capture and make available data by business line, legal entity, asset type, industry, region and other relevant groupings with regards to all material risks. The risk data aggregation capability of a bank should be robust and capable enough to publish data to relevant stakeholders at any specified frequency. These capabilities should ensure that the bank complies with the required data quality so that its risk data is reliable.

Risk reporting practices

According to BCBS 239 Principles, banks are required to ensure effective dissemination of risk data through reporting practices that provide appropriate information to their boards and senior management. Moreover, their risk reports should include accurate, clear and complete information and be distributed to the intended recipients in a well-defined and timely manner so that they can facilitate informed decision-making by the banks’ boards and senior management.

Supervisory review, tools and cooperation

The principles under this fourth pillar are concerned with regulating authority. They underline the role of the regulator to periodically review and evaluate banks’ compliance with the principles of the three pillars given above. In the event of non-compliance or partial compliance, the regulator needs to use the appropriate tools and resources to address deficiencies in aggregation of risk data and risk reporting practices.

As is evident, it is a difficult task for banks to become BCBS 239-compliant. Earlier, they did not have to create a streamlined and efficient data flow. This led to the creation of an inefficient data architecture. For banks to amend this situation, it will take considerable effort both in terms of time and resources. Keeping this in mind, global banks have started their compliance journey by being materially and fully compliant.

Material compliance-related recommendations

In order to achieve material compliance it is recommended that banks consider the following:


Data Management
  • Well-defined Logical Data Models
  • The suitability of the technology tools they currently use to manage data


  • Data quality-related issues mitigated through data lineage and process mapping
  • Data gaps identified in data profiling
  • Adequate controls in place to plug material gaps in data quality


  • High-level architecture plan created
  • Infrastructure upgrade roadmap
  • Plan to automate reporting


  • Creation of Governance Model for BAU state
  • An operational audit function implemented for all in-scope processes


  • In line with proper risk reporting standards
  • Effective risk reporting operating model covering all material risks
  • Reconciliation and validation of reports

Recommendations for achieving full compliance

In order to achieve full compliance, it is recommended that banks consider the following:


Data Management
  • Implementation of physical data models
  • Implementation of technology tool set identified at target state


  • Improved data lineage and process mapping
  • No issues related to data quality
  • Enhanced controls and assessment of control coverage and effectiveness


  • Risk and Finance departments in alignment with technological vision
  • Implementation of architecture plan
  • Implementation of infrastructure optimisation and upgrade roadmap
  • Automated BAU reporting 


  • Implementation of Governance Model for BAU state
  • Operational independent audit function for all processes run by independent Assurance team


  • Risk reporting practices consistent with organisation’s changing policies
  • Exception reports explaining errors in data and weaknesses in its integrity

Implementation-related challenges

By January 2019, a sizeable number of G-SIBs were expected to be BCBS 239-compliant. However, according to the Basel Committee’s latest review on compliance with BCBS 239, only three banks2 have achieved it. This clearly indicates that the sheer size of the overhaul process has taken more time than envisaged. Moreover, it has been observed that banks generally rely on the IT landscape, which comprises geographically dispersed systems and fragmented databases for risk reporting. These systems are complex and rigid and have inefficient data architecture and taxonomies, which leads to weak data management. Due to the inadequate infrastructure and data quality, it is challenging to produce aggregated risk data for reporting during a crisis. In the case of many banks, data aggregation is still largely manual and in a spreadsheet form. And as the responsibility for reporting involves individual departments using different processes, this leads to a siloed approach to reporting, leading to duplication of data and increased workloads. It is due to such inaccurate and inefficient processes that banks find it difficult to aggregate data that can enable meaningful decision-making. Moreover, since BCBS 239 is a principle-based approach, it is challenging to evaluate compliance against each regulation. Principles focusing on completeness, timeliness, accuracy and adaptability may have different meanings when applied to different risk types.

BCBS 239 in the Indian context

It is considered that D-SIBs are too big to fail and their failure would have a cascading effect on regional financial systems. The Reserve Bank of India (RBI) has categorised three banks―SBI, ICICI and HDFC as D-SIB3. It has compiled this list on the basis of size, interconnectedness, substitutability and complexity. The RBI is yet to provide any guidance on implementation of BCBS 239 in India.

Way forward

Even though RBI has not yet communicated its mandate for identified D-SIBs on their implementation of BCBS 239, D-SIBS should start on the journey towards improving their data governance and use BCBS 239 as the guiding principle to achieve this. In doing this, they can learn from the mistakes of global banks and adopt their best practices. Many global D-SIBs and banks have already started to look at data governance proactively, after getting a steer from their boards to start on organisation wide program that are not only limited to risk data management. Sponsorship of such programmes is driven at the CXO level. Consequently, the role of a Chief Data Officer (CDO) has become very important in the industry.

It is imperative for banks to be clear about the business insights they need to derive from data and also the risks they want to mitigate. They should work towards harmonising their definition of data structure across their operations. This will help them improve the quality of data by identifying data gaps and redundancies. However, to achieve this, they need to first identify the golden sources, establish their data profiling and data lineage, and implement the requisite controls and governance structures. These exercises do not merely bring about regulatory changes, but they result in a cultural change in the entire banking industry.

Regulatory News

Hedging of exchange rate risk by Foreign Portfolio Investors (FPIs) under Voluntary Retention Route (VRR)

The RBI has published additional guidelines for hedging the exchange rate risk exposure for investments by FPIs under the Voluntary Retention Route.

The circular includes operational directions, terms and conditions. It also includes products such as forwards, options, cost reduction structures and swaps with the rupee as one of the currencies.

The detailed notification can be accessed here.

VRR for FPIs investment in debt

The RBI has released its final guidelines on the VRR scheme for investments by FPIs.

According to the notification, the RBI has directed relevant changes to FEMA regulations, allowing FPIs investing under the VRR scheme to not only hedge their interest rate and exchange rate risks, but also to deal with repo and reverse-repo transactions to meet their liquidity-related requirements. Some of the key points mentioned on the notification include the definitions, the eligible instruments and investors, the features and management of a portfolio and other operational aspects.

These directions will be applicable with immediate effect. The detailed notification can be accessed here.

Trade Credit Policy – revised framework

The RBI has finally published its revised Trade Credit Framework.

The framework elaborates on forms of trade credits, the eligibility of borrowers, the amount of trade credit acceptable under the automatic route, recognised lenders, the period of trade credit, the exchange rate, the hedging provision, and the all-in-cost ceiling per annum and change of currency of borrowing. Additionally, the circular mentions the trade credit to SEZs, security for trade credit and reporting requirements. A bank considering the trade credit proposal is expected to comply with the trade credit rules. Its failure to do this will invite penalty under the FEMA 1999 guidelines.

The revised guidelines will come into force with immediate effect. The detailed notification can be accessed here.

Reserve Bank of India (Prevention of Market Abuse) Directions, 2019

The RBI has published its final regulations to prevent their abuse in RBI-regulated markets.

The key points in the circular include definitions of various terms, market manipulations, benchmark manipulations, misuse of information, monitoring, compliance and reports, and regulatory action for market abuse. The regulations apply to the transactions of all market participants for financial instruments, excluding those executed through recognised stock exchanges and regulated by SEBI. According to the notification, the rules do not apply to banks and the Central Government in relation to monetary policy, fiscal policy or other public policy objectives.

The circular is to be effective from 15 March 2019. The detailed notification can be accessed here.

Compilation of R-Returns: Reporting under Foreign Exchange Transactions Electronic Reporting System (FETERS)

The RBI has decided to incorporate an additional field to capture the country code of the ultimate exporter or importer in the BoP file-format under FETERS.

In the case of import of services, Form-A2 has been revised to capture information pertaining to a country. For export of services, banks may use transaction-related information available with them to report specific country codes of export. The circular includes the BoP-file-format under FETERS and revised Form-A2.

The updated format for reporting of R-Return for forex transactions performed has been effective from 1 April 2019. The detailed notification can be accessed here.

Other Regulatory News

Modification of circular dated 7 December 2018 on disclosure of significant beneficial ownership in the shareholding pattern

The SEBI has published the amendments to its earlier circular, which specify certain requirements for disclosure of significant beneficial ownership in the shareholding pattern of listed entities.

As per the notification, the key amendments are:

  • The guidelines shall be applicable to listed entities.
  • The proposals under this circular shall have to comply with the requirements of the Companies (Significant Beneficial Owners) Rules, 2018.
  • The revised format specified in the circular shall replace the formats specified in the annexure.

The circular with the amended guidelines shall come into force from quarter ended 30 June 2019. The detailed notification can be accessed here.

Review of Investment by Foreign Portfolio Investors (FPI) in debt securities

According to the notification, the RBI has withdrawn its existing provision with regard to exposure of more than 20% of FPI's corporate bond portfolio to a single corporate with the objective of attracting more investors to invest in the Indian Corporate Debt market.

The earlier released circular directed that no FPI should have exposure of more than 20% of its corporate bond portfolio to a single corporate. Henceforth, all directions and circulars issued by the RBI in the context of investment conditions for FPI investment in corporate debt securities would need to comply with the specified timeframe given in the circular.

The provision stands withdrawn with immediate effect. The detailed notification can be accessed here.

Framework for utilisation of regulatory fee foregone by SEBI

SEBI has reduced the regulatory fee for stock exchanges on the turnover in agricultural commodity derivatives.

According to the notification, stock exchanges dealing with these derivatives have to create a separate fund for farmers or Farmer Producer Organisations (FPOs) wherein the foregone fees by SEBI will be deposited and utilised exclusively by farmers and FPOs. Any other revenue generated from an investment shall have to be ploughed back into the fund. The circular also outlines the guidelines for utilisation of the fund.

The action plan shall be drawn by 10 April 2019 and implemented by 30 April 2019. The detailed notification can be accessed here.

Global Regulatory News

RegTech and SupTech – change for markets and regulators

The European Securities and Market Authority (ESMA) has published a report based on an analysis of the regulatory and supervisory technology presently being developed in response to various drivers of demand and supply.

According to the analysis, demand-side drivers include regulatory pressures and budget limitations. These are gradually increasing the use of automated software in lieu of human decision-making activities. This trend is supplemented by supply side drivers such as increasing computing capacity and improved data architecture.

The detailed notification can be accessed here.

ESMA publishes taxonomy files to facilitate implementation of ESEF regulation

According to the notification, the eXtensible Business Reporting Language (XBRL) taxonomy files published by ESMA aim to enhance the European Single Electronic Format (ESEF) Regulatory Technical Standards. The issuers need to create their own taxonomies using these files.

The ESEF taxonomy is based on the IFRS taxonomy and comprises a set of electronic files depicting a structured set of the elements that constitute the core taxonomy. The taxonomy is furnished on the ESMA website.

According to the notification, the ESEF RTS requires that starting from 2020 all listed issuers publishing AFRs will need to prepare their AFRs in the xHTML format.

The detailed notification can be accessed here.

Basel III monitoring results published by the Basel Committee

The report explores the impact of the Basel III regulations.
It is based on data from 106 large internationally active banks with tier 1 capital of more than US$3 billion and 83 banks with tier 2 capital of less than US$3 billion. The report identifies the capital requirements for final Basel III minimum requirements. The expected date of its implementation is 1 January 2022 and it is to be fully phased in by 1 January 2027. The report also studies the risk-based minimum capital requirements for initial Basel III minimum capital requirements, which were to be fully phased in by 1 January 2019. The monitoring reports also collect bank-related data on Basel III's liquidity requirements. However, finalisation of the market risk framework is exempted from the report.

The detailed notification can be accessed here.

Transparency-related requirements of the EU Securitisation Regulation to be incorporated into Euro system collateral framework

The European Central Bank (ECB) has decided that the loan-level data reporting requirements of the Euro-system collateral framework will be merged with the EU Securitisation Regulation disclosure requirements.

The decision has been taken to promote efficiency and standardisation in the securitisation market.

The changes will be implemented after a three-month transition period from the date on which certain criteria are fulfilled in order to be eligible for the merged reporting requirement. For asset-backed securities, issued prior to 1 January 2019, which are not subject to regulation, the prevailing data reporting requirements will be applicable for three years. It is envisioned that the disclosure requirements of the Securitisation Regulation will apply in their totality to the asset backed securities (ABSs). The detailed notification can be accessed here.

European Banking Authority (EBA) publishes updated impact of the final Basel III reforms on EU banks’ capital and updates on compliance with liquidity measures in the EU

The EBA has published two reports on measuring the impact of implementing the final Basel III norms and monitoring the present implementation of liquidity measures in the EU.

While the former report includes a preliminary assessment of the impact of the Basel reform package on EU banks with the underlying assumption of full implementation, the latter monitors and evaluates liquidity coverage requirements currently in place in the EU.

Overall, the EBA evaluates that after implementation of Basel III reforms, there will be an average increment of 19.1% in EU banks’ Tier-1 minimum required capital. On the other hand, the liquidity coverage ratio (LCR) of EU banks, which was fully implemented in January 2018, stood at 146% on an average in June 2018, well above the minimum threshold of 100%. However, shortfalls were noticed by some institutions in their overall LCR. The detailed notification can be accessed here.

Contact us

Vivek Belgavi

Vivek Belgavi

Partner, India FinTech Leader, PwC India

Follow us