BCBS 239

International

v2013

4 domains

14 controls

Basel Committee Principles for Effective Risk Data Aggregation

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (4)

BCBS 239 Overarching Governance and Infrastructure

2 controls

Controls in the BCBS 239 Overarching Governance and Infrastructure domain of BCBS 239 — 2 controls
Code	Title	Description
BCBS239-P1	Governance	A bank's risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangem...
BCBS239-P2	Data architecture and IT infrastructure	A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggr...

BCBS 239 Risk Data Aggregation Capabilities

4 controls

Controls in the BCBS 239 Risk Data Aggregation Capabilities domain of BCBS 239 — 4 controls
Code	Title	Description
BCBS239-P3	Accuracy and Integrity	A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy re...
BCBS239-P4	Completeness	A bank should be able to capture and aggregate all material risk data across the banking group. Data should be available...
BCBS239-P5	Timeliness	A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principle...
BCBS239-P6	Adaptability	A bank should be able to generate aggregate risk data to meet a broad range of on-demand, ad hoc risk management reporti...

BCBS 239 Risk Reporting Practices

5 controls

Controls in the BCBS 239 Risk Reporting Practices domain of BCBS 239 — 5 controls
Code	Title	Description
BCBS239-P10	Frequency	The board and senior management (or other recipients as appropriate) should set the frequency of risk management report...
BCBS239-P11	Distribution	Risk management reports should be distributed to the relevant parties while ensuring confidentiality is maintained.
BCBS239-P7	Accuracy (Reporting)	Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner....
BCBS239-P8	Comprehensiveness	Risk management reports should cover all material risk areas within the organisation. The depth and scope of these repor...
BCBS239-P9	Clarity and usefulness	Risk management reports should communicate information in a clear and concise manner. Reports should be easy to understa...

BCBS 239 Supervisory Review, Tools and Cooperation

3 controls

Controls in the BCBS 239 Supervisory Review, Tools and Cooperation domain of BCBS 239 — 3 controls
Code	Title	Description
BCBS239-P12	Review	Supervisors should periodically review and evaluate a bank's compliance with the eleven Principles above (governance, in...
BCBS239-P13	Remedial actions and supervisory measures	Supervisors should have and use the appropriate tools and resources to require effective and timely remedial action by a...
BCBS239-P14	Home/host cooperation	Supervisors should cooperate with relevant supervisors in other jurisdictions regarding the supervision and review of th...

Maps to 2 other frameworks

14 total controls

Basel III International Banking Framework

10 source controls mapped|6 target controls covered

71%

NIST Cybersecurity Framework 2.0

1 source controls mapped|2 target controls covered

Compare BCBS 239 with Basel III International Banking Framework

Frequently Asked Questions

What is BCBS 239?

BCBS 239 is a compliance framework from International with 4 domains and 14 controls. Basel Committee Principles for Effective Risk Data Aggregation It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does BCBS 239 have?

BCBS 239 has 14 controls organised across 4 domains. The largest domains are BCBS 239 Risk Reporting Practices (5 controls), BCBS 239 Risk Data Aggregation Capabilities (4 controls), BCBS 239 Supervisory Review, Tools and Cooperation (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does BCBS 239 map to?

BCBS 239 maps to 2 other compliance frameworks. The top mapping partners are Basel III International Banking Framework (71% coverage), NIST Cybersecurity Framework 2.0 (7% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with BCBS 239 compliance?

Start your BCBS 239 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about BCBS 239 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 14 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required