The standard also recommends that it is, by the national supervisors, applied to Domestic Systemically Important Banks (D-SIBs) three years after their designation as such.
Even on the lowest level it is a principle based-standard with few clear and defined metrics which can be used to monitor compliance.
The depth and scope of these reports should be consistent with the size and complexity of the bank’s operations and risk profile, as well as the requirements of the recipients.
Principle 9 Clarity and usefulness - Risk management reports should communicate information in a clear and concise manner.
Reports should include an appropriate balance between risk data, analysis and interpretation, and qualitative explanations.
Principle 13 Remedial actions and supervisory measures - Supervisors should have and use the appropriate tools and resources to require effective and timely remedial action by a bank to address deficiencies in its risk data aggregation capabilities and risk reporting practices.
[5] notes that "Thus far, none of those [25] significant institutions – some of which are classified as global systemically important banks – have fully implemented the BCBS 239 principles", adding that "Weaknesses stem mainly from a lack of clarity regarding responsibility and accountability for data quality".