The Basel Committee’s standards for the Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239) and the broader Operational Risk framework require banks to demonstrate rigorous oversight over the data and systems used to calculate capital and report risk.
When these critical calculations rely on spreadsheets and other EUCs, manual oversight is no longer sufficient to satisfy the regulator.
The Requirement:
Principle 3 (Accuracy and Integrity) mandates that banks must be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis to minimize the probability of errors.
How Incisive helps:
Incisive’s Automated Governance Platform maps 100% of your data ecosystem, wherever it may live, including shared drives, folders, Sharepoint, etc. Once inventoried, controls and lineage logs can be placed on the reported assets, ensuring that the final risk report can be traced back to authoritative sources with total confidence, satisfying the demand for data lineage and accuracy.
The Requirement
Under Basel III and 3.1, banks must manage operational risk, defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems. Banks are expected to ID and mitigate high severity risks that could impact capital adequacy.
The Challenge
Uncontrolled EUCs are a primary source of failed internal processes. A single formula error, mis-attribution, or overwritten cell in a model can lead to material misstatements, capital add-ons, and severe reputational damage. Treating these as simple “documents” or files leaves a significant gap in operational risk frameworks.
How Incisive Helps
Incisive allows EUCs to be treated as managed software assets rather than loose files. By enforcing version control, change management, and access restrictions on critical assets, the probability of high-impact failures is substantially reduced. The Automated Governance Platform creates a demonstratable control environment that directly supports operational risk lines of defense and internal audit requirements.
