When the European Central Bank (ECB) identified “addressing long-standing deficiencies in risk data aggregation and risk reporting” as a supervisory priority for 2024–2026, it presented a critical challenge: Banks need to step up their data management capabilities and processes right now. The bar has been set with the ECB’s publication of the "Guide on Effective Risk Data Aggregation and Risk Reporting (RDARR)" in May 2024.
The ECB guide is in keeping with the renewed attention that regulators worldwide have paid to RDARR. This has left no option for an increasing number of banks but to come to terms with their practical failings on data, and the greater regulatory pressure will significantly boost industrywide efforts to rectify those failings and create true accountability for higher-quality data. The good news is that as difficult as that may seem, choosing the right strategies and implementing them skillfully can minimize the work required and realize significant commercial benefits.
Emphasizing consistent data management practices in risk reporting and aggregation
RDARR implementations to date jump-started data management as a discipline for banks and helped lay the foundational elements for sound data management. However, many banks strove only for minimum compliance with the letter of RDARR rather than embedding true ownership and accountability for risk data across the organization. As a result, their plans and execution approaches crumbled in practice, and there remains a disconnect between the theory of risk data management and how it is executed by data practitioners in their day-to-day.
BCBS 239 is no longer only a risk reporting issue
The guide makes the Basel Committee on Banking Supervision’s standard number 239 (BCBS 239) a “bankwide” effort by explicitly including financial reporting and model development its scope. It makes the management body responsible for setting clear roles and responsibilities within the business organization and calls for increased coordination and collaboration with IT change initiatives.
Compliance minimum defined with no end-game in sight
The guide is articulated as a set of minimum supervisory expectations and prerequisites for effective identification, monitoring, and reporting of risks that are not necessarily sufficient to achieve sound RDARR.
Threat of enforcement actions and capital add-ons is real
The guide explicitly mentions enforcement actions, capital add-ons, and the removal of responsible executives as potential measures for banks that do not respond promptly to supervisory feedback, in line with the expected increase in “supervisory escalation” announced by the vice-chair of supervisory board of the ECB.
Understanding RDARR’s technical nature is essential for management
Bank leaders, specifically senior management, will need to be familiar with data management concepts like data lineage, understand key data quality performance indicators, and keep an up-to-date knowledge of data management and IT.
What banks need to do moving forward to enhance data management
Banks must demonstrate meaningful progress by making BCBS 239 a top regulatory and transformation agenda item. Industry pioneers offer useful examples for achieving this objective.
Implementing mechanisms to install true accountability for data quality: This includes the application of tools that allow the risk and finance teams to enforce strict data quality standards. Among other examples, these banks are creating transparent overviews of progress against process-level data quality objectives through data dashboards, structuring reporting to provide immediate understanding of data quality status and trigger remediation, and implementing data contracts/SLAs, automated controls, and incentive systems linked to data.
Using lineage to improve data quality and efficiency: Building systemic knowledge of critical data processes, diagnosing the root causes of errors and inefficiencies, and applying tried-and-trusted management principles to resolve them (such as remediation at source).
The steps industry pioneers are taking too improve data setups
Banks that are executing the above changes share some common characteristics that have enabled them to proactively improve their data setups. These banks have embedded consistent data management processes into business-as-usual (BAU) ways of working among teams that use the data, rather than treatingdata management as an add-on activity.
They have set clear key performance indicators (KPIs) and objectives linked to risk outcomes. As such, they are continuously measuring their performance and quality of data. These banks also have a strong notion of first line of defense executive accountability for risk, while second line of defense has already transitioned to an oversight and challenger role rather than purely a center of competence. Furthermore, management has created a culture of compliance through strong leadership and taking RDARR seriously within the organization. The risk and finance functions usually have strong alignment, and data remediation is linked to IT change initiatives to maximize investment efficiency and minimize new technical debt.
The impact and benefits of effective risk data management for banks
Since its inception, BCBS 239 has primarily been a regulatory response program, with banks often overlooking the commercial business case. This approach misses opportunities for real transformation in a bank's future economics.
Effective risk data management offers "soft" benefits like efficient operations and better risk decisions, less time spent on manual data handling, and faster data quality indicator (DQI) remediation.
Showing progress toward ECB standards is crucial for banks
As the ECB continues to prioritize and review risk data management practices, it is vital that banks think carefully about how to enhance their processes to show progress toward reaching required standards. The benefits are far greater than pure regulatory compliance and can lead to transformational improvements of the risk, finance, and business line functions.