Answers / Risk & Compliance

What is BCBS 239, and why is risk-data aggregation and reporting capability a supervisory priority?

A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

BCBS 239 sets the Basel principles for effective risk-data aggregation and risk reporting, introduced after the 2008 crisis exposed that many banks couldn't quickly and accurately aggregate their risk exposures across the group — they didn't know their total exposure to a counterparty, sector, or risk factor when it mattered most. Its principles span governance and data architecture/IT infrastructure, the aggregation capabilities themselves (accuracy and integrity, completeness, timeliness, and adaptability — being able to produce reliable aggregated risk numbers quickly and flexibly, including in stress and ad hoc), and risk-reporting practices (accuracy, comprehensiveness, clarity, frequency, distribution). It's a supervisory priority because risk management is only as good as the data behind it: poor data lineage, fragmented systems, and manual workarounds mean decisions are made on wrong or stale numbers, stress tests are unreliable, and a firm can't respond in a crisis. Supervisors have repeatedly found persistent shortfalls (especially data architecture and governance), so it remains an active focus, increasingly intertwined with data governance, automation, and the data demands of newer areas like climate risk. The core message: trustworthy, timely, aggregable risk data is foundational infrastructure, not a back-office afterthought.

WHAT INTERVIEWERS LISTEN FOR

  • Basel principles for risk-data aggregation and reporting (post-2008)
  • Crisis showed banks couldn't aggregate exposures accurately/quickly
  • Covers governance, data architecture, aggregation (accuracy/completeness/timeliness/adaptability), reporting
  • Foundational: poor data → wrong decisions, unreliable stress tests, crisis blindness

COMMON MISTAKES

  • Treating it as a pure IT/reporting formatting issue
  • Ignoring governance and data lineage
  • Not linking data quality to risk-decision reliability

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Risk & Compliance case simulations →

RELATED QUESTIONS