EU Banking Package Revisions and Navigating Data Challenges in the AI Era

As the final text for a revised EU banking package has been agreed, the clock has started ticking for banks to ensure compliance by the official implementation date of January 1st, 2025.  

Banks must address several areas of their risk and capital management practices, with the basis of it all being data. Ensuring a careful plan, a coherent data set-up framework, and leveraging new AI technologies can both support compliance and open the doors to more insightful business making.  

The latest revision to the EU Banking Package represents the last step to implement Basel III reforms in European law. This step has the stated goal of restoring credibility in the calculations of the minimum capital by decreasing unjustifiable variability in risk weighted assets (RWA) stemming from the use of internal models.  

These changes are expected to be comprehensive and multi-layered. They will affect organisations horizontally, as their impact spreads across functions, i.e. departments and business areas. However, the reforms will also affect organisations vertically in their capabilities, from data acquisition, modelling, and processes across all the elements needed to transform input into secure and compliant business outcomes. 

The basis of it all will be a robust data foundation encompassing data granularity, data integration, analytics, reporting capabilities, and traceability. Below, we summarise the major changes regarding minimum capital requirements, the consequences these might have for banks, and strategic considerations going forward. 

The changes implied by the revised package will affect the overall framework, including modelling principles and methodologies, which will have consequences for banks’ IT architecture, data, modelling, and reporting frameworks. 

Here, we review some of the main changes in principles and methodologies that are expected to impact banks’ minimum capital requirements.  

These include: 

• Output floor
• Constraints on IRB models, input floors, and collateral indexation 
• Changes in the standardised approach for credit risk (SA-CR) 
• Changes to the RWA methodology for other risk types 

Based on the latest assessments conducted by the EBA, these changes will lead to an average 10% increase in minimum capital requirements.

CRR 3 incorporates an output floor for the RWA calculated using internal models. The floor is based on the RWA calculated using the standardised approaches (SA) for all risk types and portfolios. A phase-in period over five years will allow banks to adjust to the change, with the output floor level rising from 50% of the SA RWA in 2025 to the final level of 72.5% in 2030. 

The consequences of the floor are twofold: operational and capital. From an operational perspective, banks will have to run a double set of calculations for the portfolios that are under internal models. While many banks using internal models for parts of their portfolios today only calculate capital based on those models, going forward a double set of calculations will be needed for the same portfolios. This can result in increased complexity of the IT architecture.  

Additionally, the same exposures might be classified differently, for example as different exposure classes, under the internal models and the standardised approach, thus requiring different data dimensions linked to the same data point. Consequently, better data analytics capabilities and lineage will be needed. Besides the operational consequences, the output floor will likely result in an overall increase in the minimum required capital, as estimated by the EBA.  

Credit exposure to big corporates (above EUR 500m in revenue) and financial institutions will no longer be modellable under the so-called advanced IRB (A-IRB) approach, which allows all risk parameters to be assessed through internal models. This means that only the default probability of the counterparty is allowed to be modelled going forward, leaving other parameters, such as the loss given default, to be treated in a standardised and typically more conservative way.  

Additionally, equity exposures will only be allowed to be assessed under the standardised approach. These changes will require banks to revise the calculation methods used for their exposures and update their current data to ensure correct mapping between exposures and relevant calculation parameters. 

Some of the variables used in the minimum capital requirements calculations will be subject to floors, affecting the current calculation and, ultimately, capital levels. Additionally, the treatment of collateral has been upgraded in the new framework. This may necessitate the collection of new data and updates throughout the entire calculation and reporting process. 

The revised standardised approach for credit risk (SA-CR) increases risk sensitivity by introducing two new exposure classes and refining the treatment of off-balance sheet exposures as well as the framework for assessing collateral. These changes put new demands on the data landscape, where higher data granularity will likely be needed. 

Additionally, the SA-CR makes use of external ratings to determine the credit quality of corporate borrowers and institutions. External ratings are currently typically non-existent or not widely used, especially by banks that have previously used IRB models for these exposures. The change will therefore require efficient acquisition and integration of data from potentially new sources.  

Alternatively, a set of more punitive risk weights would need to be used for these counterparties, leading to higher capital requirements. A failure to strategically integrate these changes could result in a substantial increase in capital requirements for institutions with large unrated portfolios.  

The new framework introduces revisions to the approaches used to calculate RWA for market, CVA, and operational risk. Common to the revisions across risk types is a wish to have more risk-sensitive standardised approaches. This translates to requirements on granularity and data lineage. 

In the market risk and CVA risk spaces, the new approaches also require more granular data. Within market risk, Fundamental Review of the Trading Book (FRTB) introduces tests and controls to enforce better alignment in both data and processes between the risk department and front office.  

Furthermore, a new boundary between the Trading Book (TB) and the Banking Book (BB) has been defined. This will force banks to review their current instrument allocations and possibly introduce changes both to internal policies and at data and system levels. The implementation of IRRBB in Pillar II, which was recently introduced within the current version of the banking package, will also add a layer of complexity to this shift. It will have to account for a new treatment of instruments subject to market risk both in the TB and in the BB. 

On the operational risk side, the advanced measurement approach has been discontinued, and all approaches have been replaced by a single revised standardised approach. Moreover, banks that meet specific criteria must establish and maintain an ongoing loss data set. 

The new requirements affect the end-to-end risk framework, including systems and data, risk models and measures, processes, internal policies, and reporting.  The introduction of the output floor as well as the exclusion of certain exposure classes from the IRB approach will require banks to put new emphasis on their SA calculation. 

Additionally, heightened risk sensitivity in minimum capital calculations across risk types will require increased data granularity, improved data lineage and governance, refined processes and analytics, alongside robust practices for integrating external data sources.  

Investing in creating a solid end-to-end data architecture and governance around those data sources will be essential to ensure both compliance and optimal operations. Failure to invest in better data practices might be costly in terms of direct additional capital costs, additional operational burden, and regulatory demand.  

Besides compliance, there are important additional business and operational advantages for banks that invest in a coherent data setup and architecture. Better data can transform into more efficient processes. A solid data foundation can enable data-driven automations and free up resources now used for manual processes, improving process coherence and decreasing human-based arbitrage and operational risk. One such process is the forbearance and default process that feed into the risk models and capital calculations.  

Additionally, as generative AI techniques develop, models can be built on existing system documentation, underlying code and table structure to generate technical documentation and translate it into language that makes sense to humans. This can potentially lower the bar for accessing relevant information and levelling the playing field for employees to get insights out of data and understand the implication of data registrations for the whole value chain.  

Finally, a solid data foundation in combination with AI-based models can enable more proactive business operations. Pattern recognition technologies can enable deeper insights from the data, which can feed back to the client-facing parts of the organisation. This supports client-centric business development and operations, while producing client-tailored marketing. 

As the January 2025 deadline approaches, banks will have to take several steps to ensure compliance as well as optimal risk management and capital practices. For banks that have not yet initialised this work, the first step involves reviewing the final text and identifying existing gaps. For banks that have done this before, the previous analysis will need to be reviewed and updated with the revisions to the legal text. 

A thorough gap analysis is the basis to start planning and executing remediation actions. Taking a structured approach can make the remediation work more efficient. Additionally, centralised project management in this phase can help identify synergies across the organisation and prepare for a lean development. 

As we have seen, the revised banking package puts increased focus on good data quality and lineage. These elements are essential for ensuring compliance while also presenting potential business opportunities. As the development work on the EU banking package gets started, it is important for banks to review their current data landscape, assess whether it is future-proof under the coming regulatory landscape, and take a stand on how they want to leverage this work to get better business value out of their data. 

ADC specialises in helping ECB and locally regulated banks thrive through regulatory changes. We leverage our extensive experience in the prudential framework, coupled with profound technical expertise in data and AI capabilities, to deliver tangible value in our client projects. 

Our solutions encompass the end-to-end working agenda linked to the upcoming EU banking package: from gap analysis to planning and execution. Furthermore, our proficiency in generative AI techniques can enhance the extraction of tangible value from your data. 

If you would like to learn more about how we can support your organisation in its data journey, get in contact with our Risk Domain Lead, Chiara Stevanato.