Transforming Risk Management Through Effective Data Aggregation: Insights from ECB's Latest Supervisory Newsletter

Emphasis on Risk Data Aggregation

The Basel Committee on Banking Supervision has long emphasized the importance of effective risk data aggregation and reporting as a cornerstone of sound risk management. Inadequate data governance and fragmented IT infrastructures were among the major weaknesses exposed by the 2008 financial crisis, where banks struggled to obtain a holistic view of their risk exposures. To address these deficiencies, BCBS 239 established a set of principles aimed at improving banks' data aggregation capabilities and internal risk reporting. By enhancing their risk data reporting frameworks, banks can improve decision-making, strengthen risk governance, and increase resilience to financial shocks.

The Cost of Weak Risk Data Aggregation: Insights from FINMA’s Report

The repercussions of poor risk data aggregation have been starkly illustrated by the Swiss Financial Market Supervisory Authority report on the Credit Suisse crisis. The report highlights how inadequate risk management and weak internal controls led to significant losses and, ultimately, a loss of confidence in the institution. Repeated deficiencies in risk monitoring, combined with an overreliance on manual processes and insufficiently robust governance structures, left Credit Suisse vulnerable to market shocks. The bank’s inability to swiftly aggregate and assess its risk exposure exacerbated liquidity issues, ultimately forcing regulatory intervention. This case underscores the real-world costs of failing to adhere to robust risk data reporting principles.

The ECB’s Efforts to Strengthen Risk Data Aggregation and Reporting

Recognizing the persistent shortcomings in risk data aggregation, the European Central Bank has intensified its supervisory approach to enforcing BCBS 239 compliance. In 2022, the ECB launched a dedicated on-site inspection campaign to assess how well banks were implementing risk data aggregation and risk reporting frameworks. The findings were concerning: many banks still relied on outdated IT systems, weak governance structures, and excessive manual interventions, which hindered timely and accurate risk assessment.

To address these issues, the ECB published the Guide on Effective Risk Data Aggregation and Risk Reporting in May 2024. This guide outlines the minimum supervisory expectations for banks’ RDARR capabilities and aims to ensure a level playing field among supervised institutions. The ECB has also implemented an integrated framework combining on-site inspections, targeted reviews, and thematic assessments to drive improvements in banks’ data governance and IT infrastructures.

Recent Supervisory Insights: The 2025 Supervisory Newsletter

A recent ECB Supervisory Newsletter from February 2025 further reinforced the urgency of enhancing risk data aggregation. The newsletter highlighted the role of robust RDARR capabilities in mitigating losses during periods of market stress. Banks with strong risk data infrastructures were able to quickly assess their exposures to crises such as the COVID-19 pandemic, the Russia-Ukraine war, and recent financial market turmoil. Moreover, the ECB has made it clear that supervisory interventions will intensify for banks that fail to meet minimum expectations.

The newsletter also emphasized how banks with advanced RDARR capabilities benefit from enhanced operational efficiency, lower IT costs, and better strategic steering. “Banks that have invested in sound risk data aggregation not only demonstrate resilience in stress scenarios but also achieve greater efficiency and profitability,” the newsletter stated. It also noted that “High-quality data is a prerequisite for leveraging AI and advanced analytics, which are increasingly essential for competitive risk management.”

Additionally, risk data aggregation facilitates holistic exposure monitoring across business units, instruments, and legal entities, allowing banks to swiftly identify and respond to emerging risks. The ECB further observed that effective RDARR enhances banks' ability to integrate environmental and climate-related risk assessments into their strategic planning, improving regulatory compliance and long-term financial stability.

Key Takeaways for Banks and Supervisors

1. Regulatory Expectations are Rising: BCBS 239 compliance is no longer optional. Supervisors are intensifying scrutiny on banks’ RDARR frameworks, and failure to meet standards could result in penalties or restrictions.
2. Poor Data Governance Carries Heavy Costs: The Credit Suisse crisis demonstrated that weak risk data aggregation can lead to financial instability and regulatory intervention. Banks must prioritize investments in risk governance and IT modernization.
3. The ECB’s Integrated Approach to RDARR: The ECB has adopted a multi-pronged strategy combining inspections, thematic reviews, and new supervisory guidance to enforce compliance. Banks should proactively align with these expectations.
4. Technology as an Enabler: Banks that embrace automation, AI, and advanced analytics in risk data aggregation can improve decision-making, reduce operational costs, and enhance their resilience to crises.
5. Timely and Accurate Data is Critical for Risk Management: Supervisors expect banks to have real-time risk insights, particularly in stress scenarios. Strengthening RDARR frameworks is key to meeting these demands.

Conclusion

A sound risk data reporting framework is essential for banks to navigate an increasingly complex financial landscape. The lessons from BCBS 239, the FINMA report on Credit Suisse, and the ECB’s ongoing supervisory initiatives all point to the same conclusion: Banks that fail to invest in robust risk data aggregation will face greater financial and regulatory risks. European supervisors are intensifying their focus on RDARR, making it clear that banks must prioritize data governance, IT modernization, and compliance with evolving regulatory expectations. Those that do will not only meet supervisory standards but also position themselves for sustainable growth and resilience in a rapidly changing environment.

References

• Basel Committee on Banking Supervision. Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239). Bank for International Settlements, January 2013.
• FINMA. Lessons Learned from the Credit Suisse Crisis. Swiss Financial Market Supervisory Authority, December 2023.https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/finma-publikationen/cs-bericht/20231219-finma-bericht-cs.pdf?sc_lang=en&hash=3F13A6D9398F2F55B90347A64E269F44
• European Central Bank. Guide on Effective Risk Data Aggregation and Risk Reporting. May 2024.https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.supervisory_guides240503_riskreporting.en.pdf
• European Central Bank. Supervision Newsletter: Sound Risk Data Reporting as Key to Better Decision-Making and Resilience. February 2025. https://www.bankingsupervision.europa.eu/press/supervisory-newsletters/newsletter/2025/html/ssm.nl250219.en.html