RegTech Intelligence 
Regulators are disappointed with Banks’ data management and they have been careful to point out that they expect ESG data to be up to scratch. Getting ESG data right is now a board-level imperative for 2024.
The implementation of Corporate Sustainability Reporting Directive (CSRD) will formally put controllers on the hook. However, unlike some regulatory efforts, implementers have not been given much runway, as standards are not yet set but data obligations are due to kick in this year.
This means that CSRD teams have a fantastic opportunity to collaborate and mutualise the “lineage back to text” within the firms and across the industry.
Don’t miss out, come to our 7 Feb conference to hear the experts explain how the industry has leveraged open source tooling to rethink the role RegTech can play in this important space!
Financial data and ESG
At JWG’s FINOS ESG data industrialisation hackathon on 8 November 2023 Kara Succoso Mangone, Executive Office, Head of the Sustainable Finance Group, Goldman Sachs said “This is the decade where compliance will be in the forefront of ESG reporting and regulation.”
Regulators clearly concur. On 28 November, ESMA Chair Verena Ross gave a speech to the EFRAG conference that clearly articulated to the accounting body the new linkage between sustainability and financial statements.
Corporate Sustainability Reporting Directive (CSRD) sustainability reporting requirements are now integrated into the mainstream reporting for companies.
She said “In other words, there is no longer an assumed primacy of financial reporting over sustainability reporting, but rather these are two pillars of the same continuum which are there to tell a consistent story“
Her speech called upon the sustainability and the financial experts “to work together to develop a common control environment for the entire annual financial report.”
Old data grades
After a decade of regulators encouraging banks to adopt better risk data management procedures the BIS issued a sober progress report in November 2023.
Only two of the 31 banks assessed were judged to be fully compliant with data management principles. It stated “nearly ten years after the initial publication of the Principles and seven years after the expected date of compliance, banks are at different stages in terms of aligning with the Principles, and that additional work is required at all banks to attain and/or sustain full compliance.”
One of the five recommended measures urged Banks to apply the risk data aggregation principles comprehensively to risk data in a broader context
“The scope should be well documented and specify the reports, models and indicators that are included. It should be comprehensive and include, at a minimum, all main risk reports for all material risks. All business processes should be covered (front to back) and the full data lifecycle from data origination, capture, and aggregation to reporting, should be reflected. The scope should cover all material legal entities, business lines, and risk, financial, and supervisory reporting activities.”
For those who followed the summer consultation on 18 pages of new BCBS 239 guidance, this should be an ominous warning.
New risk data guidance
Last year, the European Central Bank (ECB) detailed new expectations for banks’ effective risk data aggregation and risk reporting.
The ECB consultation notes, “Banks are expected to step up and conclude their efforts to improve their governance framework and data management process in a timely manner.”
A new guide that compliments, not replaces BCBS239 is part of a wider strategy intended to ensure that supervised banks ultimately achieve substantial progress in remedying their identified structural shortcomings in risk data aggregation.
In the guide, seven key areas have been singled out: the responsibility of a bank’s management body; the scope of application of the data governance framework; key roles and responsibilities for data governance; the implementation of a group-wide integrated data architecture; the effectiveness of data quality controls; the timeliness of internal risk reporting; and implementation programs.
The paper clearly articulates the need for data definitions, validation rules and “complete and up-to-date data lineages” as part of an integrated data architecture as highlighted in Exhibit 2.
Exhibit 1: ECB July 2023 BCBS 239 consultation
BCBS 239 for ESG data
According to the BCBS 239 consultation section ‘3.1 Sufficient scope of application Responsibilities of the management body’, point 7 clarifies that a firm must ensure that “members of the management body and internal control functions, including the heads of risk management, compliance and audit, have a sufficient understanding of data management, IT and financial and non-financial risks (including, inter alia, climate risk and IT and security risk), as well as the related data and reporting requirements. …. This allows for individual members to assess the effect of these matters on the institution’s business and to address the challenges posed by the digitalisation of the banking sector and climate-related risks.”
In section ‘3.2 Sufficient scope of application’ the text also takes care to call out that “To ensure the completeness of processes and controls, the framework should be applicable to all material legal entities, risk categories, business lines and financial and supervisory reporting processes, and cover the entire lifecycle of the data, i.e. all processes from data origination, capture and aggregation to reporting.”
3.2.1(c) further clarifies that the scope of the data governance framework should be comprehensive of “Supervisory reports that are submitted to financial supervisory or regulatory authorities. This includes, for instance, FINREP/COREP reporting templates, submissions to EBA/SSM stress test exercises and Pillar 3 disclosures.”
Many banks have moved ESG reporting from centralised sustainability teams to their Controllers function to help meet risk data aggregation obligations.
However, there is a risk that Controllers, a ‘line 2’ function is left with too much primary ‘line 1’ data work that is traditionally beyond their remit. It will be interesting to see how firms reconcile the line 1 vs. line 2 responsibilities highlighted in BCBS 239 as ESG reporting can be very cross-divisional, while 1st line tends to be siloed.
Green data needs
ESG and climate standard setters have been busy. Boards face an alphabet soup of voluntary, industry, regulatory bodies which are defining how ‘green’ they are.
The Corporate Sustainability Reporting Directive (CSRD) has ushered in a new era of sustainability reporting within the European Union. An important aspect of this directive is the use of the eXtensible Business Reporting Language (XBRL) template for reporting as announced here
Under the CSRD, companies are required to prepare their annual reports in a digital format called Inline XBRL or iXBRL. This involves applying digital XBRL tags to the data within these reports.
It significantly broadens the scope of non-financial reporting, requiring granular data on a wide range of ESG factors. Meeting these extensive disclosure requirements within the XBRL format can be a daunting task for many financial institutions.
Financial institutions may also fear rejections or warnings due to incorrect XBRL filings. Ensuring error-free XBRL filing requires meticulous attention to detail and rigorous data validation processes.
For them to be able to answer the tough BCBS 239 questions, their Chief Data Officers will need to be on top of how vendors compile their data, and to what standard. As exhibit 4 illustrates, this is far from a straightforward equation.
Exhibit 4: ESG data standards overview
| “Know the regulation is coming within a range, you know what the broad spectrum of that regulation is going to be? Get ahead of the curve, don’t wait for it to turn up. It’s, it’s a more complex issue than you realise. If you’re a bank, and you’re start looking at your impairment to your balance sheet, you want to start using things like PCAF to do some of the emissions analysis within your operating model.” |
Kevin Bourne, RegCast Season 4 episode 2 “A new era of ESG data auditability” here
For more background on the data landscape have a listen to RegCast here!
Conclusions & next steps
In conclusion, regulatory appetite for better data on all risk will be channelled into the newly auditable data for CSRD regulatory reporting.
As there is little time to get the new XBRL schema right, it makes sense to collaborate and mutualise the “lineage back to text” within the firms and across the industry.
That’s why we invite you to join us at our annual RegTech conference on February 7th to hear from experts on how we plan to work with FINOS to create open source tooling to navigate this complex landscape.
Don’t miss out on valuable insights and strategies to stay ahead in the world of ESG reporting by registering today.
Get involved. Let’s work together to pave the way for successful and responsible business practices in the future. See you at the conference!