BCBS 239 Data Governance: 5 Data Catalogs to Support Risk Data Governance

Most banks fail BCBS 239 because they can’t explain the data. Risk data is scattered across silos, reporting is slow, and no one knows who owns what. That’s exactly what BCBS 239 was meant to fix. But more than a decade later, many institutions still struggle to put its principles into practice. The missing link? A data catalog that actually gets used. In this article, we explore how modern data catalogs support real-world BCBS 239 compliance, what capabilities you need, and which tools help you get there faster, affordably, and with company-wide adoption.

What is BCBS 239?

The global financial crisis of 2007–2009 exposed a critical vulnerability in the banking sector: the inability of many institutions to quickly and accurately aggregate their risk exposures. This lack of transparency and control over risk data significantly contributed to the crisis and its wide-reaching impact on global financial systems. In response, regulators began placing greater emphasis on how banks manage, aggregate, and report their risk data.

To address these shortcomings, the Basel Committee on Banking Supervision (BCBS) released a key regulatory framework in January 2013, BCBS 239: Principles for Effective Risk Data Aggregation and Risk Reporting. This guidance laid out 14 principles designed to enhance banks’ ability to manage risk through improved data practices. Eleven of these principles apply to banks directly, while the remaining three target regulatory bodies, with a focus on supervision and oversight.

BCBS 239 is not a prescriptive checklist, but a principle-based regulation grouped into four main categories:

  • Overarching governance and IT infrastructure
  • Risk data aggregation capabilities
  • Risk reporting practices
  • Supervisory review, tools, and cooperation

Together, these principles aim to establish a stronger foundation for risk management by improving the accuracy, completeness, and timeliness of the data used by banks’ leadership teams. Ultimately, the goal is to ensure banks can identify, monitor, and respond to risks proactively, before they threaten.  

What are the 14 key principles of BCBS 239?

The BCBS 239 principles are formally titled “Principles for Effective Risk Data Aggregation and Risk Reporting". These 14 principles are grouped into four categories and provide a framework for building a resilient, compliant risk data environment.

The 14 principles of BCBS 239
The 14 principles of BCBS 239

I. Governance and IT infrastructure

1. Governance

Banks must establish a robust data governance framework with defined roles and accountability for risk data aggregation and reporting.

2. Data architecture and IT infrastructure

A scalable, integrated IT environment is required to support accurate and timely risk data aggregation, even under stress conditions.

II. Risk data aggregation capabilities

3. Accuracy and integrity

Risk data must be precise and consistent. Controls should ensure integrity across all systems and reports.

4. Completeness

Banks must aggregate all material risk data across business lines and legal entities to achieve a comprehensive view.

5. Timeliness

Data must be aggregated and reported fast enough to support effective decision-making, especially during market volatility.

6. Adaptability

Risk aggregation systems must be flexible and responsive to new risks, regulatory requirements, and internal demands.

III. Risk reporting practices

7. Accuracy

Risk reports must reflect the underlying data accurately and support confident, real-time decision-making.

8. Comprehensiveness

Reports should cover all material risks, ensuring that nothing critical is overlooked.

9. Clarity and usefulness

Reports must be clear, relevant, and structured to meet the needs of senior management, the board, and regulators.

10. Frequency

Banks must produce risk reports at appropriate intervals, with the ability to increase frequency during times of stress.

11. Distribution

Reports must be distributed to the right stakeholders securely and efficiently, balancing data accessibility and confidentiality.

IV. Supervisory review and cooperation

12. Review

Regulators should regularly assess banks’ compliance with BCBS 239 principles and evaluate progress toward maturity.

13. Remedial actions and supervisory measures

Supervisors must have the authority to take action when banks fall short of compliance expectations.

14. Home and host cooperation

For internationally active banks, supervisory bodies must collaborate to ensure coordinated and consistent oversight.

The business value of BCBS 239 compliance

Nothing is just black and white. Achieving compliance with BCBS 239 is also about strategic investment in better risk data aggregation and financial risk reporting. By implementing the principles of BCBS 239, banks can ensure their risk data is accurate, timely, and complete. This empowers senior management with the insights needed to make informed decisions, especially in high-pressure situations.  

Strong data governance in banking also improves operational efficiency, reduces reporting errors, and supports faster regulatory response. In the long term, BCBS 239 compliance enables financial institutions to build resilience, gain the trust of regulators, and stay ahead in an increasingly data-driven environment.

How to implement the principles of BCBS 239

Complying with the 14 principles of BCBS 239 requires a coordinated effort across people, processes, and technology. A key first step is establishing strong data governance frameworks with clearly defined roles, responsibilities, and ownership for critical risk data. Financial institutions must also invest in scalable IT infrastructure that supports automated risk data aggregation, consistent data definitions, and real-time access to high-quality information.

Tools like data catalogs and metadata management platforms play a central role by providing visibility into data lineage, improving data quality controls, and ensuring that risk data is accurate, complete, and traceable. Collaboration between risk, finance, IT, and compliance teams is essential to ensure that governance is embedded in daily operations, not just documented in policy. Finally, regular internal audits and continuous improvement practices help maintain alignment with BCBS 239 over time and adapt to evolving regulatory expectations.

BCBS 239 data governance: Essential capabilities

To meet the expectations of BCBS 239 compliance, banks must establish a robust data governance framework that supports transparency, accuracy, and control over risk data. This involves several essential capabilities:

  • Data ownership and stewardship – Clear assignment of accountability ensures that critical risk data is consistently defined, maintained, and used across the organization.
  • Metadata management – Managing metadata is key to understanding the structure, source, and flow of data. It enables traceability and supports regulatory reporting.
  • Data quality monitoring – Continuous assessment of data accuracy, completeness, and timeliness is vital for reliable risk data aggregation.
  • Lineage and traceability – Full visibility into where data originates, how it moves, and how it’s transformed helps ensure compliance and boosts confidence in reporting.
  • Centralized data catalog – A modern data catalog provides a searchable inventory of data assets, business definitions, and relationships, making it easier to locate and trust the right data.
  • Policy enforcement and auditability – Governance rules must be enforceable and auditable to demonstrate alignment with BCBS 239 principles during regulatory reviews.

Together, these capabilities create a foundation for effective risk data management and help financial institutions move from fragmented systems to a unified, compliant data landscape.

Why achieving common understanding is so difficult in banking

One of the core reasons banks struggle with BCBS 239 compliance is the lack of a shared understanding of data. As illustrated in the diagram above, financial institutions operate across multiple platforms, with changing architectures, workarounds, and hundreds of stakeholders, all while facing evolving regulations and region-specific tax rules. Add to that poor cross-team communication, and it's clear why aligning on consistent definitions, ownership, and reporting is so difficult. This complexity makes it nearly impossible to achieve “common assent”, a unified view of risk data, without the help of a centralized, business-friendly data catalog that bridges the gap between systems and people.

Reasons of existing problems in banks to comply with BCBS 239

Banks operate across regions with conflicting regulatory demands, where different authorities define and require risk data in incompatible ways. Add regional tax complexity, where reporting obligations vary by country and tax authority, and even simple metrics become difficult to standardize. Combined with siloed platforms, gaps in communication, and workarounds built on legacy systems, it’s no surprise that aligning on a single version of truth is still out of reach for many institutions.

The real challenge: Shifting mindset, not just systems

Implementing BCBS 239 data governance isn’t just a technical project; it’s a cultural shift. One of the biggest obstacles is resistance to change. Not because employees don’t see the value, but because change demands effort, new habits, and shared accountability. Even when data quality issues or reporting gaps are obvious, it’s easy to default to business-as-usual thinking. But effective risk data aggregation and compliance require more than policies and tools, they demand a company-wide mindset that values transparency, accuracy, and responsibility. That’s why choosing a business-friendly solution is essential. A platform that’s intuitive and accessible helps engage not just IT, but also risk, finance, and business teams, because real data governance only works when everyone is on board. Now it is even more important with the AI revolution.

5 data catalogs to help you stay BCBS 239 compliant

If you're looking for a data catalog to support your BCBS 239 compliance journey, not all platforms are created equal. Here’s how five leading tools compare, starting with the one designed specifically to be usable, adoptable, and effective across your entire business.  

1.) Dawiso – The Business-Friendly Choice

Dawiso stands out for one simple reason: it’s built to be used, not just deployed. Unlike many enterprise governance tools, Dawiso combines powerful metadata scanning, lineage mapping, and cataloging features with an interface that even non-technical users can navigate confidently.

  • Business-friendly design – Clear UI, intuitive navigation, and terminology tailored to business users.
  • Fast adoption – Users start contributing and collaborating in days, not months.
  • Customizable & flexible – Adapts to your governance model and risk domains.
  • Affordable – Lower total cost of ownership compared to traditional platforms.
  • Actually used by teams – That means more accurate metadata, stronger accountability, and sustained compliance.

If your goal is to democratize governance and get your whole organization involved, Dawiso is built for that reality.

2.) Atlan – Collaborative but Developer-Oriented

Atlan positions itself as a modern data catalog with strong collaboration features and an active metadata layer. However, its strengths lie primarily in technical lineage and integration with modern data stacks like Snowflake, dbt, and Databricks. As a result, it’s best suited for data engineers and developers working in decentralized, code-driven environments. For governance-led initiatives like BCBS 239 compliance, which require clear ownership, business-friendly interfaces, and accessible data definitions, Atlan’s developer-first approach can become a limitation.

  • Modern UI, active metadata
  • Strong technical lineage and modern data stack support
  • May be too engineering-focused for governance-first users

3.) Collibra – Enterprise Power, Enterprise Complexity

Collibra is a heavyweight in the governance space, used by many large financial institutions. It’s feature-rich, but often resource-heavy. Implementations can take months, with high configuration effort and licensing costs.

  • High complexity, slower adoption, and expensive licensing
  • If you are considering Collibra, you can read more about the Dawiso x Collibra comparison on these links:
  • Collibra alternative article
  • UX comparison article

4.) Alation – Feature-Rich but Heavy and Costly

Alation is a well-established data catalog known for its strong search capabilities, metadata discovery, and user-friendly interface, especially once users are onboarded. It supports self-service analytics and governance workflows with a wide range of features. However, those features come at a price: long implementation cycles, high licensing costs, and a platform that can feel heavy for everyday users. While the UI is generally intuitive, the overall setup can be complex and resource-intensive, making it harder to scale adoption quickly across business teams.

  • Powerful search, robust governance features, generally good UX
  • Expensive, long implementation, resource-heavy, slower time-to-value

5.) data.world – Lightweight, Graph-Based Collaboration

data.world brings a knowledge graph approach to metadata, with strong data discovery features and open integrations. It’s ideal for collaboration and exploration, though it may lack some of the compliance-grade controls required for heavily regulated environments.

  • Easy to get started, collaborative
  • May lack full auditability or control features for BCBS 239

Conclusion: The right data catalog makes compliance sustainable

BCBS 239 isn’t just about checking boxes; it’s about building a culture of accountability and transparency around your risk data. That culture starts with access: when everyone can find, trust, and understand the data they use, governance becomes part of the workflow, not an afterthought.

Dawiso makes this possible. It’s the platform your teams will actually use, one that balances regulatory rigor with real-world usability. And that’s what keeps you compliant in the long run.  

List of valuable resources:

Data Catalog Comparison Guide

Article – BCBS 239 in 2025: Why Now is the Time to Strengthen Compliance

Article – What do banks need to know in 2025?

Article – Data Garbage In, AI Garbage Out: Why Governance Matters More Than Ever

Article – Collibra Alternative: 6 Reasons Why Dawiso Is Better for Modern Data Governance

Article – Data Catalogs Comparison for 2025: Best Tools for Your Business

Article – The Role of Data Catalogs in Modern Analytics and AI

Article – How to Get an Overview of Your Database and Understand Data Flows

Article – Why AI Needs Business Intelligence: The Role of BI in the Age of GenAI

Article – From Regulatory Requirements to Effective Competitive Advantage

Article – What is Data Reconciliation? Achieve Consistency and Trust with a Data Catalog

Samuel Nagy
VP of Strategic Growth

More like this

Keep reading and take a deeper dive into our most recent content on metadata management and beyond: