How Orion Governance’s Enterprise Information Intelligence Graph (EIIG) Helps Banks to Meet BCBS 239 Requirements

Orion Governance’s EIIG can help banks meet all 11 BCBS 239 principles that apply to governance/infrastructure, risk data aggregation, and risk reporting by providing end-to-end lineage, active metadata, and governance controls. 

Governance and infrastructure principles

• Principle 1 – Governance: EIIG provides a centralized data governance platform with ownership, stewardship, and policy mapping, helping banks embed accountability for risk data quality and reporting processes.
• Principle 2 – Data architecture & IT infrastructure: EIIG connects to 70+ technologies and builds a unified knowledge graph, improving architectural integration and standardization needed for BCBS 239-compliant risk data infrastructure.

Risk data aggregation principles

• Principle 3 – Accuracy & integrity: EIIG’s automated lineage and federated view of data assets support accurate, consistent, and largely automated aggregation of risk data, reducing manual errors and reconciliation issues.
• Principle 4 – Completeness: By ingesting metadata across mainframe, relational, cloud, ETL, BI, and code assets, EIIG helps capture and aggregate all material risk data across entities, products, and regions.

Additional aggregation principles

• Principle 5 – Timeliness: EIIG automates lineage discovery and change detection so banks can more quickly identify impacts and support faster, more frequent risk aggregation where required.
• Principle 6 – Adaptability: With centralized metadata and impact analysis, EIIG helps institutions adjust to new regulatory requirements, new products, or structural changes without rebuilding everything manually.

Risk reporting principles

• Principle 7 – Accuracy of reporting: Traceability from reported risk metrics back to source systems lets teams validate numbers and explain discrepancies to management and supervisors.
• Principle 8 – Comprehensiveness: EIIG’s knowledge graph and catalog make it easier to design reports that cover all relevant risk types, entities, and exposures, supported by clear definitions and lineage.

Further reporting principles

• Principle 9 – Clarity & usefulness: EIIG links business glossary terms, metrics, and technical data, helping banks present risk information in a clear, well-defined way for decision-makers.
• Principle 10 – Frequency: Better automation of data flows and transparency into pipelines makes it operationally easier to produce risk reports at the frequency supervisors expect.

Distribution and access

• Principle 11 – Distribution: EIIG supports controlled, self-service access to risk data and reports with role-based permissions, helping ensure that risk information is delivered securely and promptly to the right stakeholders.

About the Author: Greg Moffett is the Senior Vice President at Orion Governance, Inc. Connect with Greg on LinkedIn.