With banks facing increased pressure from regulators to improve their risk data aggregation processes, BCBS 239 constitutes a particular point of focus. At this point, BCBS 239 – the Basel Committee on Banking Supervision’s “Principles for effective risk data aggregation and risk reporting” – should not be treated as a set of regulations for data aggregation, but as a collection of ongoing practices for achieving the best risk management experience. Recognizing the importance of BCBS 239, this paper specifically explores the key weaknesses around existing data aggregation capabilities that affect the validation function. As it transpires, proving complete data lineage under BCBS 239 is challenging for banks. Therefore, this paper advises on solutions, tools and techniques to improve the audit trail of risk data and the overall understanding of the risk data universe. This paper, based on a survey of twenty-nine global banks, looks into how risk data is provided and validated.