search
Highlights
     // . //  Insights //  Data Management And Risk Reporting Challenges For EU Banks

    When the European Central Bank (ECB) identified “addressing long-standing deficiencies in risk data aggregation and risk reporting” as a supervisory priority for 2024–2026, it presented a critical challenge: Banks need to step up their data management capabilities and processes right now. The bar has been set with the ECB’s publication of the "Guide on Effective Risk Data Aggregation and Risk Reporting (RDARR)" in May 2024.

    The ECB guide is in keeping with the renewed attention that regulators worldwide have paid to RDARR. This has left no option for an increasing number of banks but to come to terms with their practical failings on data, and the greater regulatory pressure will significantly boost industrywide efforts to rectify those failings and create true accountability for higher-quality data. The good news is that as difficult as that may seem, choosing the right strategies and implementing them skillfully can minimize the work required and realize significant commercial benefits.

    Emphasizing consistent data management practices in risk reporting and aggregation

    RDARR implementations to date jump-started data management as a discipline for banks and helped lay the foundational elements for sound data management. However, many banks strove only for minimum compliance with the letter of RDARR rather than embedding true ownership and accountability for risk data across the organization. As a result, their plans and execution approaches crumbled in practice, and there remains a disconnect between the theory of risk data management and how it is executed by data practitioners in their day-to-day.

    Exhibit 1: Key takeaways from the ECB guide
    Source: Oliver Wyman analysis

    BCBS 239 is no longer only a risk reporting issue

    The guide makes the Basel Committee on Banking Supervision’s standard number 239 (BCBS 239) a “bankwide” effort by explicitly including financial reporting and model development its scope. It makes the management body responsible for setting clear roles and responsibilities within the business organization and calls for increased coordination and collaboration with IT change initiatives.

    Compliance minimum defined with no end-game in sight

    The guide is articulated as a set of minimum supervisory expectations and prerequisites for effective identification, monitoring, and reporting of risks that are not necessarily sufficient to achieve sound RDARR.

    Threat of enforcement actions and capital add-ons is real

    The guide explicitly mentions enforcement actions, capital add-ons, and the removal of responsible executives as potential measures for banks that do not respond promptly to supervisory feedback, in line with the expected increase in “supervisory escalation” announced by the vice-chair of supervisory board of the ECB.

    Understanding RDARR’s technical nature is essential for management

    Bank leaders, specifically senior management, will need to be familiar with data management concepts like data lineage, understand key data quality performance indicators, and keep an up-to-date knowledge of data management and IT.

    What banks need to do moving forward to enhance data management

    Banks must demonstrate meaningful progress by making BCBS 239 a top regulatory and transformation agenda item. Industry pioneers offer useful examples for achieving this objective.

    Implementing mechanisms to install true accountability for data quality: This includes the application of tools that allow the risk and finance teams to enforce strict data quality standards. Among other examples, these banks are creating transparent overviews of progress against process-level data quality objectives through data dashboards, structuring reporting to provide immediate understanding of data quality status and trigger remediation, and implementing data contracts/SLAs, automated controls, and incentive systems linked to data.

    Using lineage to improve data quality and efficiency: Building systemic knowledge of critical data processes, diagnosing the root causes of errors and inefficiencies, and applying tried-and-trusted management principles to resolve them (such as remediation at source).

    The steps industry pioneers are taking too improve data setups

    Banks that are executing the above changes share some common characteristics that have enabled them to proactively improve their data setups. These banks have embedded consistent data management processes into business-as-usual (BAU) ways of working among teams that use the data, rather than treatingdata management as an add-on activity.

    They have set clear key performance indicators (KPIs) and objectives linked to risk outcomes. As such, they are continuously measuring their performance and quality of data. These banks also have a strong notion of first line of defense executive accountability for risk, while second line of defense has already transitioned to an oversight and challenger role rather than purely a center of competence. Furthermore, management has created a culture of compliance through strong leadership and taking RDARR seriously within the organization. The risk and finance functions usually have strong alignment, and data remediation is linked to IT change initiatives to maximize investment efficiency and minimize new technical debt.

    Exhibit 2: The main financial benefits from sound risk data management
    Notes: 1. Based on capital buffers due to data quality at various European banks. 2. Based on liquidity buffers due to data quality at various European banks. Conservative assumption of 100bps cost of funding. 3. Based on the Danish Financial Supervisory Authority statement on inspection of Danske Bank A/S’s management of data quality, February 2024. 4. Based on the OCC fine to Citibank in October 2020 for deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls. 5. Based on average across various GSIBs/DSIBs.
    Source: Oliver Wyman analysis

    The impact and benefits of effective risk data management for banks

    Since its inception, BCBS 239 has primarily been a regulatory response program, with banks often overlooking the commercial business case. This approach misses opportunities for real transformation in a bank's future economics.

    Effective risk data management offers "soft" benefits like efficient operations and better risk decisions, less time spent on manual data handling, and faster data quality indicator (DQI) remediation.

    Showing progress toward ECB standards is crucial for banks

    As the ECB continues to prioritize and review risk data management practices, it is vital that banks think carefully about how to enhance their processes to show progress toward reaching required standards. The benefits are far greater than pure regulatory compliance and can lead to transformational improvements of the risk, finance, and business line functions.

    Authors

    Additional contributors: Lewis Cannon, principal, Oliver Wyman. Peter Laskowski, principal, Oliver Wyman. Anna Maria Rosati, principal, Oliver Wyman.

    You Might Be Also Interested In

    Addressing Vulnerabilities In The European Banking Sector

    Recent rate hikes have affected the European banking sector, yet these short-term priorities can help firms manage through the crisis and boost profitability.

    Compliance Playbook To Accelerate Bank ESG Risk Management

    Discover how European banks address ESG compliance, mitigate greenwashing, and foster sustainable practices.

    10 Key Policy Issues In Finance In 2024

    The key policy topics expected to receive significant attention in finance for 2024, based on extensive global insights and accurate annual predictions.

    Three Strategies To Leverage Cloud Data Management

    Discover three ways organizations can use cloud technology to improve the management of their data and work toward compliance with privacy regulations.