ECB consults on Guide on effective risk data aggregation and risk reporting

24 July 2023

• ECB invites comments from banks and other stakeholders on effective risk data aggregation and risk reporting
• Guide details supervisory expectations for governance and risk management and shares best industry practices
• Banks expected to step up efforts and improve their capabilities in this area in a timely manner

The European Central Bank (ECB) is today launching a public consultation on its Guide on effective risk data aggregation and risk reporting. The consultation period ends on 06 October 2023.

The Guide outlines prerequisites for effective risk data aggregation and risk reporting (RDARR) to assist banks in strengthening their capabilities, building on good practices observed in the industry. The Guide intends to specify and reinforce supervisory expectations in this field, taking into account the Basel Committee on Banking Supervision’s Principles for effective risk data aggregation and risk reporting (BCBS 239). It complements and does not replace the guidance already provided since 2016 in public communications and in institution-specific supervisory activities.

Adequate capabilities in this area are still the exception, and banks have to improve their risk data aggregation frameworks, also in light of the BCBS principles. Banks are expected to step up and conclude their efforts to improve their governance framework and data management process in a timely manner.

The Guide is part of a wider strategy intended to ensure that supervised banks ultimately achieve substantial progress in remedying their identified structural shortcomings in risk data aggregation.

ECB Banking Supervision has identified important areas for robust governance and effective processes to identify, monitor and report risks. In the Guide, seven key areas have been singled out: the responsibility of a bank’s management body; the scope of application of the data governance framework; key roles and responsibilities for data governance; the implementation of a group-wide integrated data architecture; the effectiveness of data quality controls; the timeliness of internal risk reporting; and implementation programs.

The effective management and aggregation of risk-related data is essential for banks’ sound decision-making and strong risk governance. This applies to data used to steer and manage banks, both strategically and operationally, as well as data used for risk management and financial and supervisory reporting.

The essential capabilities and practices identified will assist banks in their efforts to better identify and manage group-wide risk concentrations on the basis of quality data, whether it is credit, market or third-party related. This has proved to be critical for effective risk management, not just during the 2008 financial crisis but also more recently during the coronavirus (COVID-19) pandemic and other crisis situations.

As part of the public consultation process, the ECB will organise a stakeholder meeting during the consultation period, bringing together relevant experts at supervised institutions and other interested parties. Further information can be found on the ECB Banking Supervision website.

For media queries, please contact Andrea Zizola, tel.: +49 170 2292 502.

Notes

• Risk data aggregation and risk reporting have been regarded as supervisory priorities by ECB Banking Supervision since its inception.
• In 2016, the ECB launched a thematic review on effective risk data aggregation and risk reporting, which revealed serious weaknesses within the sample of 25 significant institutions and found that many of their practices were unsatisfactory. Overall, the results of the thematic review and the findings from on-site inspections demonstrated that the implementation of the Basel Committee on Banking Supervision’s Principles for effective risk data aggregation and risk reporting (BCBS 239) was unsatisfactory and a source of concern.
• In 2019, the ECB issued a letter to all significant institutions under its direct supervision, urging them to make substantial and timely improvements to their risk data aggregation capabilities and risk reporting practices and to implement integrated reporting solutions.