BCBS 239, the failure of utilities and let’s imprison the chief compliance officer.
23 November 2015
Three reports have been at the front of my mind this week.
The first report being BCBS 239 which essentially requires organisations to implement a robust data integrity framework. I won’t bore you with the entirety of BCBS 239 but to pull out a couple of principles. Principle 2 requires a bank to design, build and maintain a data architecture and if the same data is held in more than one model then “there should be robust automated reconciliation procedures where multiple models are in use.”. Principle 6 requires such a framework to be adaptable to change due to both changing internal needs and requests from supervisory authorities. In summary “Build a robust data integrity framework and reconcile any data item if it is held in more than one data model”.
The second report being from Aite group and Sungard on the state of reconciliation utilities. As if reconciliation wasn’t a boring enough subject, it makes for depressing reading. According to the report, the average time to build a control is 64 days! These controls are central to the integrity framework that BCBS is mandating. And each one is going to take 64 days to build. How can an organisation hope to be BCBS compliant when building controls takes so long? As the report acknowledges this problem originates because many utilities are using tools that were implemented 9 or more years ago. Of course, these two things are highly connected, legacy tools make developing and maintaining controls hard work. With a modern tool, new controls can be developed in less than a week in an agile way that supports ongoing change.
The final report is from Thomson Reuters. They find that regulators are increasingly targeting individuals rather than firms, and compliance officers foresee themselves as the focus of accountability rather than CEOs. The study also highlights an expectation that regulatory focus towards senior managers will be extended internationally.
Pity the poor compliance officer. Required by BCBS 239 to have a robust reconciliation framework in place but finding their reconciliation utility is built on 10 year old tech that is failing and then along comes the regulator with a threat to imprison.
In an ever-changing legislative landscape trust and certainty are everything. CTC’s agile infrastructure was designed specifically to embrace change. Core regulatory initiatives such as BCBS 239 are baked-in to the platform, while additional measures can be added quickly and efficiently at any time. Integrity is assured and evidence of control is easy to access at any time, withstanding the most zealous of “lock ‘em up and throw away the key” regulator scrutiny.