Following the 2007–2008 global financial crisis, it became painfully clear that many of the largest global financial services firms did not have the tools, methodology or data governance principles needed to accurately measure their risk exposures, with often disastrous consequences. Data was siloed, incomplete, and inconsistent, making timely and effective risk management nearly impossible.

In 2013, the Basel Committee on Banking Supervision (BCBS) issued BCBS 239, a set of principles for effective risk data aggregation and reporting. Supervisors have since used these principles as a benchmark and embedded them into local regulatory frameworks, requiring banks to upgrade their governance, data, and reporting capabilities. These principles have been implemented by regulators worldwide and now form a core part of how large banks are assessed on risk data aggregation and reporting.

In May 2024, the ECB published its Guide on effective risk data aggregation and risk reporting, which reinforces and specifies BCBS 239-aligned expectations for banks under its supervision. According to the ECB: “The ability of institutions to effectively manage and aggregate risk-related data represents an essential precondition for sound decision-making and strong risk governance.”

The BCBS has published 14 principles as part of BCBS 239, which are classified into four categories:

• Governance and infrastructure: Requires banks to implement strong governance frameworks and maintain robust IT infrastructure to support risk data.
• Risk data aggregation capabilities: Focuses on the accuracy, completeness, timeliness, and adaptability of risk data.
• Risk reporting practices: Calls for clear, comprehensive, and frequent reporting that supports decision-making at all levels.
• Supervisory review and cooperation: Emphasizes regular regulatory reviews and collaborative oversight mechanisms.

BCBS 239 and Data Observability

If BCBS 239 is the “what” of risk data management then data observability is the “how.” Data observability is the ability to fully understand, monitor, and troubleshoot data as it moves through a system. It gives you insight into the health and behavior of your data pipelines. The capabilities associated with data observability (continuous monitoring of data quality, lineage and reporting) are directly linked to the supervisory expectations articulated in BCBS 239:

• Accuracy and integrity: Automated monitoring, anomaly detection, and validation ensure that risk data remains accurate and reliable throughout ingestion and aggregation, reducing manual errors and supporting reporting needs in both normal and stressed conditions.
• Completeness: Visibility into all data sources, pipelines, and transformations makes it possible to confirm that every material data element, across business lines, entities, asset types, regions, and risk types, is captured, reconciled, and included in aggregated risk views.
• Timeliness: Continuous tracking of data freshness, pipeline delays, and update cycles ensures that aggregated risk data is always up to date and available at the speed required by the bank’s reporting frequency and the volatility of the underlying risk.
• Adaptability: Clear lineage, flexible monitoring, and rapid validation capabilities allow institutions to incorporate new data sources, respond to regulatory or internal reporting changes, and support on-demand supervisory requests.

Ultimately, data observability strengthens the core capabilities that BCBS 239 depends on, spanning everything from data capture to reporting.

SelectZero and BCBS 239

SelectZero is a data observability platform built to maintain data quality, data integrity, and regulatory readiness. The platform is designed to support compliance with BCBS 239 by helping financial institutions meet key requirements for risk data aggregation and reporting.

Data validations

Ensure that data is clean, complete, and trustworthy before it reaches downstream systems. Validations help detect anomalies, missing fields, and formatting issues early in the pipeline, which reduces manual work and strengthens confidence in data.

Automated data catalog and lineage tracking

Gives full visibility into data assets, including definitions, ownership, dependencies, and quality status. Lineage tracking reveals how data flows across systems, showing source inputs, transformation logic, intermediate stages, and downstream usage. This transparency enables faster root cause analysis and impact analysis, helping teams understand both where a data issue originates and which reports, models, or regulatory submissions may be affected. These capabilities are essential for governance, auditing, and meeting regulatory expectations around traceability and accountability.

Centralized business glossary

Helps to unify the definitions of key terms, metrics, and business rules across the organization. This reduces ambiguity in risk reports and ensures that teams use consistent terminology when interpreting or communicating data.

These capabilities are closely aligned with principles articulated within BCBS 239, in particular risk data aggregation and governance. Furthermore, SelectZero’s observability model offers financial institutions a way to get beyond checkbox compliance to actual, operational resilience. By bringing observability to their data culture, organizations can significantly improve their ability to meet regulatory expectations.

The cost of non-compliance

Non-compliance with BCBS 239 isn’t just a regulatory headache, as it can have severe business consequences. Not only does poor risk data aggregation block decision-making, slow response times in crises, and undermine stakeholder confidence, but organisations that fall short may now also face regulatory consequences like enforcement actions, capital add-ons, public disapproval, and fines. As one example, global investment bank Citigroup, was fined $400 million in October 2020, and again $136 million in 2024, by US banking regulators for failing to address “long‑standing deficiencies” in enterprise-wide risk management, data governance, internal controls, and compliance risk management – all issues closely related to BCBS 239.

Turning compliance into competitive advantage

Regulatory compliance is often viewed as a burden, but BCBS 239 presents an opportunity for forward-looking financial institutions. By adopting data observability as a foundational discipline, organizations can:

• Respond faster to market stress
• Identify emerging risks earlier
• Support strategic decision-making with reliable data
• Improve auditability and transparency

As the ECB and other supervisory bodies increase their scrutiny, those who invest in observability now will be better equipped not only to comply, but to thrive.

How SelectZero is used for regulatory reporting

Banks and financial institutions in SelectZero’s portfolio are currently working on improving their compliance with BCBS 239 using the platform. One key factor for this is the previously mentioned data lineage tracking, which enables our clients to trace every transformation and movement of risk data with clarity. This supports faster root cause analysis, smoother regulatory reviews, and more reliable end-to-end reporting. The second key factor is automated data validations, which help teams detect issues early in the process, reducing manual workload and strengthening confidence in the reports they submit to supervisors. As a result, institutions using SelectZero are not only meeting regulatory expectations with greater ease, but are also building more efficient and resilient reporting workflows that scale as their data landscape grows.