It looks more like a set of recommendations on data management and governance from the DAMA Body of knowledge book than a good old-fashioned regulatory hustle.
A few years ago a friend of mine was hired to build a risk department in a bank which had been bought by a Western banking group in a post-soviet country. The bank was pretty large (something like 14.000 branches), but with a business and risk culture all of its own.
He started his work with a simple task for his subordinates - we need to know our position on the dollar, euro, yen … He got kind of stuck on this very first task. After a considerable number of meetings and status updates, his team finally produced their report - a sheet of A4 paper with a few numbers proudly written on it. They were really surprised that he wasn't happy. They brought him what he had asked for, even with a big red round stamp to confirm that it’s really true.
My friend wanted to setup a regular reporting process on foreign currency positions, not a one time reckoning up of the balances on foreign accounts. The whole concept of risk management was lost in translation.
I have worked on several implementations of banking regulatory requirements. The most common attitude of the bank towards regulatory requirements and an assignment baseline for consultations is “make us compliant”; the regulator does not understand our business, we do not intend to use this for everyday business, we have our own reports and KPIs.
After I'd read the BCBS 239 paper thoroughly and compared it to previous papers e.g. Basel II, I realised I was seeing a sea-shift in approaches. Basel is mainly about reporting "these 180 attributes about a retail client …". The BCBS is not about "what" to report, but "how" to report e.g. make sure that reports have an owner, that they are validated, that relevant people have access to them, that there is reporting documentation and people can actually understand the reports, etc.
It sounds more like a set of recommendations on data management and governance from the DAMA Body of knowledge book than a good old-fashioned regulatory hustle ;) Just remove the word "risk" from the recommendations and you have a recipe for building a robust BI/DWH reporting solution.
I’m really interested how banks will implement this. Will they take a “make me compliant” approach or will they actually see it as an opportunity to make an organisational and cultural shift towards a data-driven organisation that makes decisions on trustworthy data and not on cooked up spreadsheets and presentations.