EU strategy on supervisory data in EU financial services

In December 2021, the European Commission adopted its “Strategy on supervisory data in EU financial services” (COM (2021) 798 final). With this strategy, the Commission intends to digitalise and consolidate financial reporting processes and thus lessen the reporting burden for companies. In the following, we highlight key points of the supervisory data strategy and give an outlook on what is to come.

Tens of thousands of data points – improvement of reporting system needed

Over the last years, financial reporting obligations heave steadily increased, both in terms of volume and granularity. While this helps to “address information gaps identified during the global financial crisis and reflect the increasing complexity and interconnectedness of the financial system”, the Commission highlights that the amount of data to be reported is staggering: “financial institutions in the EU are subject to more than 500 reporting obligations comprising more than 1000 tables with more than 70 000 individual data points”. This leads to a significant reporting burden on companies, but also to challenges on the part of supervisory authorities, who have to cope with analysing all this data. Furthermore, the Commission notes several inefficiencies with regard to variations in reporting requirements and the process of data collection in the EU.

Thus, the EU Commission stresses that improvements to the supervisory reporting system are sorely needed. According to the Commission, these improvements will enable supervisory authorities to (i) follow developments across markets with greater precision and speed; (ii) make better informed and faster decisions to safeguard financial stability and (iv) better coordinate amongst themselves – while at the same time the compliance burden for companies will be reduced.

Five actions to be undertaken by the EU Commission

To this end, the Commission’s supervisory data strategy promises measures to be undertaken in five areas:

• Consistent and standardised data: the Commission will develop a common data dictionary which will allow all relevant parties to rely on a common terminology as well on common standards, formats and rules.
• Sharing and re-use of reported data: to avoid duplicative data requests, the European Commission intends to remove legal and technical obstacles to data re-use and data sharing between supervisory authorities. In the long term, this is planned to lead to the establishment of a supervisory data space which, as far as technical standards are concerned, will be aligned with the European Single Access Point (the “ESAP” will be a centralised platform for company data, please see our webinar on the ESAP).
• Design of reporting requirements: in a 2019 “fitness check” (SWD(2019) 402 final), the Commission has identified a number of shortcomings in the design and development of financial reporting requirements. These shortcomings are planned to be addressed by developing guidelines for the design of reporting requirements based on best practice
• Joint governance arrangements: in order to improve coordination between supervisory authorities and other relevant stakeholders, joint governance arrangements are to be developed.
• Use of modern technologies: the EU Commission will work with the European Forum of Innovation Facilitators to develop and test novel technical solutions for supervisory reporting. The Commission envisages the measures taken to create optimal conditions for the use of “RegTech” und “SupTech” tools, further simplifying the reporting process.

What are the next steps in implementing the supervisory data strategy?

According to the Commission, the next key milestones for the implementation of the supervisory data strategy will be (i) investigating further integration of reporting and improvement of consistency and data standardisation; (ii) establishing sectoral data dictionaries; (iii) reviewing obstacles to data-sharing; and (iv) formalising governance arrangements.

The Commission has stressed that modernising the supervisory reporting system across the EU is a complex undertaking. In order to reduce implementation risks, a gradual approach will be taken, with various initiatives building on existing tools. By 2023, the Commission is expected to report on the progress made. Since the Commission plans on promoting modern technologies to implement this strategy and since there will be an alignment with other initiatives such as the ESAP, chances are that the strategy will comprehensively boost digitalisation and data sharing – not only with regard to financial reporting, but also for the financial services sector as a whole.

ESAP and Open Finance Framework: the broader data sharing landscape

The supervisory data strategy will play a vital role in implementing the European Data Strategy (the EU’s overarching framework for various legislative initiatives around data) – alongside several other initiatives around data sharing in the financial services sector, like the European Single Access Point and the Open Finance Framework.

The regulation on a “European Single Access Point” or “ESAP” (COM(2021) 723 final, draft proposal adopted in November 2021) concerns itself with publicly disclosed company information. The regulation will introduce a network of competent authorities collecting company data (including sustainability data) in a standardised format. This data will then be transferred to a central platform that is open to the public. Investors will be able to search the ESAP database using various filter criteria (for details, please see our webinar on the ESAP).

Innovation around the use of data obtained from customers of payment services will be the focus of the “Open Finance Framework” – which the European Commission is intending to regulate by means of an “Open Finance Framework” legislation in the second quarter of 2023. The goal of this framework will be “to allow customer data (…) to be shared and re-used by financial service providers for creating new and improved services (…) as well as the effective application of data protection rules and security safeguards”. We will provide more information on this soon.