Format for Incident Reporting Exchange (FIRE) - Executive Summary
The Financial Stability Board (FSB) report on the Format for Incident Reporting Exchange (FIRE), published in April 2025, establishes an approach to promote common information elements and requirements for reporting operational incidents by financial institutions to authorities. It aims to improve regulatory coordination in responding to operational incidents, thereby helping to enhance financial stability.
Rationale
Incident reporting is considered one of the primary mechanisms financial authorities use to maintain the visibility of disruptions occurring within their regulated entities. However, approaches to incident reporting have developed independently over time, leading to fragmented reporting requirements and coordination challenges across authorities and jurisdictions. The FSB developed FIRE to address this fragmentation and inefficiency in how financial sector incidents are reported and managed across jurisdictions.
By standardising the information required for incident reporting, FIRE seeks to:
- facilitate timely and coordinated responses to operational and cyber incidents
- streamline compliance for firms operating across multiple jurisdictions
- enhance data quality and comparability for financial authorities
- lay the groundwork for global convergence while allowing for flexibility in local implementation
Scope
FIRE is a standardised reporting format designed to streamline incident reporting, while remaining flexible to a range of implementation practices. It covers all operational incidents – beyond strictly cyber events – that financial institutions report to authorities.
Financial institutions may also agree with their third-party providers that these providers use FIRE for their reporting to the institution of any operational incident that affects delivery of services.
FIRE's key features
Key features of FIRE relevant for enhancing financial stability include the following:
 |
Global coordination and convergence: Fragmented incident-reporting regimes have hampered authorities' ability to monitor and respond to systemic risks. FIRE establishes a common set of 87 information items (with 39 being optional) for incident reporting, promoting harmonisation across borders. |
 |
Flexible, modular design: Authorities can adopt FIRE in full or in part, customise field names and input types for local context, and decide on essential versus optional information items. This balances the need for convergence with operational realities and existing local frameworks. |
 |
Machine-readable data model: FIRE is supported by a data model using the Data Point Model (DPM) method and an extensible business reporting language (XBRL) taxonomy, enabling efficient, accurate and automated reporting and data analysis. |
 |
Confidentiality and security: Recognising the sensitivity of information (eg critical vulnerabilities and IP addresses), FIRE emphasises the importance of confidentiality in handling incident reports. Security measures are determined locally. |
FIRE's reporting format
FIRE reporting is structured into four main sections.
| FIRE reporting format | |
|
Reporting details |
Identifies the reporting and receiving entities, including global and local identifiers (such as the Legal Entity Identifier), entity type, country and contact information |
|
Incident details |
Captures what happened, including unique incident identifiers, description, incident type (using standardised taxonomies), discovery method and reporting triggers. It also distinguishes between reporting phases – initial, intermediate and final – to reflect the incident life cycle and confidence in the information |
|
Impact assessment |
Assesses the severity, affected parties, disrupted services or resources, transaction impacts, and qualitative and quantitative impacts (eg financial, operational, reputational, external and geographic reach). Impact is rated using harmonised scales |
|
Incident closure |
Details root cause(s), origin (internal, third-party, external), lessons identified, remedial actions and supplemental documentation |
Conclusion
FIRE represents a significant step towards global harmonisation in incident reporting for the financial sector. Its flexible but standards-based approach enhances operational resilience, streamlines regulatory compliance and supports effective risk management in an increasingly interconnected and digital financial system.
To support global adoption and practical implementation of FIRE, the FSB provides a suite of resources:
- Human-readable template: A structured spreadsheet that clearly lays out all required information items. This tool is not intended for actual regulatory submissions but is designed for training and familiarisation, helping institutions and authorities understand the reporting process.
- DPM: A structured, human- and machine-readable blueprint that precisely defines each data field, ensuring consistency and clarity in reporting requirements. The DPM underpins both the human-readable template and machine-readable formats.
- XBRL taxonomy: Provided as an example, this machine-readable format enables automated, standardised data exchange across systems and jurisdictions. While XBRL is offered for reference, the DPM allows authorities to implement FIRE in any machine-readable format that suits their needs.
These resources make FIRE accessible, understandable and ready for automation, supporting efficient, harmonised and resilient incident reporting across the global financial system.