Risk data aggregation and risk reporting – Executive Summary

FSI Executive Summaries  | 
25 March 2022

The 2007–09 Great Financial Crisis exposed severe deficiencies in the management information systems (MIS) of many of the major global banks. Certain banks took entire days, or longer, to aggregate their exposures to single counterparties. In practice, such information was needed during the crisis several times a day for multiple counterparties. Even during non-crisis episodes, such information is needed for management to make sound business decisions and for supervisors to effectively protect the safety and soundness of the financial system. The crisis therefore served as a "wake-up call" for the banking industry and the regulatory community and highlighted the need to overhaul the risk data aggregation capabilities and risk reporting practices of banks.

As a result, in 2011, the Financial Stability Board recommended the development of a set of supervisory expectations to move data aggregation capabilities of financial firms – particularly significantly important ones – to a level where supervisors, firms and other users of the data (eg resolution authorities) can be confident that the MIS reports accurately capture the risks. Subsequently, the Basel Committee on Banking Supervision (BCBS) established the Principles for effective risk data aggregation and risk reporting (the Principles) in 2013.


The Principles aim to support a bank's efforts to:

  • enhance the infrastructure for reporting key information, particularly that used by the board and senior management to identify, monitor and manage risks;
  • improve the decision-making process throughout the banking organisation;
  • enhance the management of information across legal entities, while facilitating a comprehensive assessment of risk exposures at the global consolidated level;
  • reduce the probability and severity of losses resulting from risk management weaknesses;
  • improve the speed at which information is available and hence decisions can be made; and
  • improve the organisation's quality of strategic planning and its ability to manage the risk of new products and services.

For bank supervisors, the Principles complement other efforts to improve the intensity and effectiveness of bank supervision. For resolution authorities, improved risk data aggregation should enable smoother bank resolution, thereby reducing the potential recourse to taxpayers.

The Principles

The Principles are broken down into four complementary sets:

  • governance and infrastructure;
  • risk data aggregation capabilities;
  • risk reporting practices; and
  • supervisory review.

The BCBS has acknowledged that there are interactions and relationships between the Principles. For instance, poor data governance and information technology infrastructure can have a negative impact on a bank's risk data aggregation capabilities. This, in turn, can negatively affect the quality and the timeliness of risk reporting.

The table outlines expectations in these areas.


The Principles apply to global systemically important banks (G-SIBs) on both a banking group and solo basis. National supervisors are strongly encouraged to apply the Principles to their domestic systemically important banks as well. They may also choose to apply them to a wider range of banks in a way that is proportionate to the size, nature and complexity of their operations.

G-SIBs were expected to meet the Principles in 2016. The BCBS implementation monitoring has observed tangible progress over the years in several key areas, including governance, risk data aggregation capabilities and reporting practices. However, the 2020 BCBS report noted that none of the G-SIBs has achieved full compliance with the Principles, as attaining the necessary data architecture and IT infrastructure remains a challenge for many.

This Executive Summary and related tutorials are also available in FSI Connect, the online learning tool of the Bank for International Settlements.