Aug 2022 | Data Quality |

During the Global financial crisis in 2008 banks struggled to responsively gain clarity on their exposure or predict default despite banks having robust modelling in place. Regulators found it to be the quality and credibility of the data used in these models to be the root cause. Despite these learnings, 2 years later, banks were yet again faced with similar challenges during the EuroZone Greek crisis.

Regulators stepped in and created BCBS239 as a regulation to ensure data used to determine risk metrics are managed appropriately.

BCBS239 should never have been a regulation. Actively managing one of their key assets, their data, is something banks should always have been doing.

The Covid pandemic has once again shown that no-one can predict the future and what it may hold. Even though BCBS 239 should never have been a regulation, it provides key foundational principles to ensure readiness for the next world event.

Managing Data Risk in Australia (APRA CPG 235 Guidelines)

CPG235 is a similar guideline implemented by APRA in the Australian context – even though required in Australia – as it is in Europe and other countries. CPG235 suggests appropriate management of all data risk within financial services organisations. It is a wider scope than BCBS where the focus is more on risk data management than managing risk associated with all data.

BCBS239 – managing risk data, CPG235 – managing data risk

Summary overview of BCBS239 and CPG235 

BCBS-239 is a principle based regulation that covers various aspects of risk data which includes credit risk, operational risk, market risk and all other material risk types.

The 11 principles prescribed for the banks in the BCBS regulation are categorised into three distinct categories and can be summarised as follows:


  • Governance
  • Data Architecture and IT infrastructure
CPG is also a principle-based regulation taking into account the broader data risk and can be summarised as follows:
  • Overarching Data Management Framework
  • Data Risk Management
  • Staff awareness and Training
  • Data Risk Assurance & Audibility
  • Managing Data Quality – Metrics & Issues
  • Establish data Controls and Validation
  • Risk Management throughout Data Lifecycle

Becoming materially compliant to these regulations requires significant investment from organisations and in order to build a business case the data management capabilities of the organisation must be enhanced to build long term value – over and above being compliant.

With global banks especially in South Africa and Europe having done this for many years, there are multiple benefits of joining the journey late. Australian banks are in a unique position where they can learn from the successes and mistakes that the global banks have made. Collateral and accelerators that have also been developed, and most importantly access to resources who have done this before or are still busy doing it.

It is a marathon, not a sprint


Regulations don’t have to be seen as a negative. In the case of both CPG235 and BCBS239, there are numerous benefits including:

Improved risk management through data quality
  • Improved identification, monitoring and management of risks at both global, consolidated and detailed levels.
  • Enhance capabilities of risk management quantifications that may result in the reduction in risk losses and ultimately in capital requirements.
  • Simplification of data processes drive responsiveness and adaptability in normal and times of stress/crisis.
Cost reduction
  • Drive structural cost reductions through process rationalisation.
  • Reduce losses through more accurate, adaptable and faster reporting and insights.
  • Minimising of costs associated with poor-quality data (such as reporting that requires constant remediation).
Improved decision making
  • Better quality of strategic decision making and planning.
  • Empowerment of risk and business line teams to access and leverage data assets.
  • Maximise return on investment from the BCBS 239 program as it increases speed of the decision-making process throughout the organisation.
  • The introduction of these regulations will ensure that financial services organisations in Australia uplift their data management capabilities and move towards being truly data-driven.
NovoFinity provides accelerated compliance, powered by Experian Aperture Data Studio

Together, NovoFinity and Experian offer a custom-built solution that includes services and software with a proprietary rules package to help businesses comply with these regulatory guidelines and standards. We aim to deliver data that is consistent, complete, accurate, available, fit for use and timeliness.

NovoFinity provides financial institutions with governance advisory services to meet BCBS239 & CPG235 guidelines.


Contact Us

By providing your personal information you agree that we may collect and process it in accordance with our Privacy Statement.