Introduction

More than a decade after the introduction of BCBS239, many banks still struggle to demonstrate effective risk data aggregation and reporting capabilities. Although formal compliance has improved, supervisory findings continue to highlight persistent weaknesses in data quality, lineage, ownership, and accountability. These weaknesses are not primarily caused by missing tools or insufficient remediation programs. They stem from treating BCBS239 as an implementation challenge rather than a governance challenge.

While these approaches may create short‑term improvements, they fail to deliver sustainable outcomes. Only a structural governance approach—embedded in decision‑making, ownership, and accountability—can close the gap between regulatory intent and actual practice.

The BCBS239 Journey: From Regulatory Intent to Fragmented Implementation

In practice, many banks translated BCBS239 into one‑off remediation programs driven by regulatory deadlines. Gap analyses were performed, action plans defined, and visible issues addressed. The focus shifted to reconciling reports, fixing specific data elements, or building parallel data solutions to satisfy supervisory requests.

At the same time, banks invested heavily in data catalogues and lineage tools, often without a clear plan for sustainable use. The result is frequently a technically rich but operationally unused landscape: extensive documentation with limited ownership, adoption, or decision‑making impact.

Over time, this approach created fragmentation rather than control. Supervisors increasingly distinguish between formal compliance and effective compliance: banks may be able to produce reports, but struggle to explain lineage, demonstrate consistent ownership, or respond reliably under stress.

The changing Role of the CDO: From Data Enabler to Governance Catalyst

BCBS239 has fundamentally reshaped the role of the Chief Data Officer (CDO). Initially, the CDO was often positioned as the owner of data quality and reporting solutions. While understandable, this model has proven ineffective.

BCBS239 does not require a single function to own data. It requires clear ownership, accountability, and escalation across the bank. When the CDO is perceived as the owner of all data issues, accountability is unintentionally removed from the business, risk, and finance functions that actually create and use the data.

Leading banks are redefining the CDO role from solution owner to governance enabler. The CDO sets standards, defines decision rights, establishes governance forums, and ensures transparency, while first‑line accountability remains firmly with the business. Data owners stay in the line; the CDO ensures they act as owners and have the mandate to do so.

Why Banks Still Fail and Why Governance Is the Structural Answer

Despite years of investment, banks continue to fall short of BCBS239 expectations for three structural reasons:

• Governance is treated as documentation rather than behavior: policies and ownership models exist but are not enforced when they conflict with delivery timelines or commercial priorities.
• Banks rely on point‑in‑time compliance, closing findings without changing how decisions are made.
• Stress situations expose governance weaknesses that remain hidden in normal conditions—precisely the scenarios BCBS239 was designed for.

A governance‑led approach addresses these issues structurally. It shifts the focus from fixing data to controlling decision‑making. Ownership is embedded in the line, escalation is mandatory, and compliance becomes an outcome rather than an objective.

Conclusion

BCBS239 is not a technology program or a one‑off remediation exercise. It is a governance framework designed to ensure banks can rely on their information when it matters most.

Banks that continue to pursue point solutions will remain trapped in cycles of remediation. Those that build BCBS239 on structural, enforced governance can move from formal compliance to real effectiveness.

How can Mount help you

With our extensive experience in BCBS239 implementations and OSIs at GSIBs, DSIBs and central banks across Europe, we are the perfect partner to help you tackle your data issues in a structured and sustainable way.

Shall we discuss your data challenges?