Skip to main content

RDARR 101: Risk Data Aggregation and Risk Reporting Explained

Regulatory Reporting
Risk Management
What is RDARR
5 min read
Christian Albela
Director of Solution Engineering
Published: May 12, 2021
Last Updated: September 15, 2023

Name a risk-aware profession, and banking should be near the top of the list—right after, maybe, skydiving or lion tamer. 

As anyone in banking knows, risk—understanding it, measuring it, and managing it—is at the very heart of the business. History has proven, most recently and dramatically with the 2008 financial crisis, that when risk isn’t properly understood, measured, or managed, it can lead to widespread instability and massive losses. 

Since the Great Recession, risk management teams at banks around the world have been trying to manage risk data aggregation and risk reporting (RDARR) more effectively using an internationally accepted set of principles as a North Star: BCBS 239. Here’s a quick primer. 

The international banking authorities that make up the Basel Committee on Banking Supervision (BCBS), based in Basel, Switzerland, work to create global standards for banking regulation. The group has 45 members from 28 jurisdictions around the world, including representatives from central banks and authorities who oversee the banking industry. 

In 2013, the organization released BCBS 239, a new set of standards to help banks manage their risk data aggregation and risk reporting practices more holistically. BCBS 239 includes 14 principles that fall into four general categories: governance, data aggregation, risk reporting, and supervisory requirements. The goal? Enhance financial stability by creating greater trust in data, more informed decisions by banking leaders, and more clarity for regulators. 

14 principles in BCBS 239


BCBS 239 applies to large banks worldwide that are either Global Systemically Important Banks (GSIBs) or Domestic Systemically Important Banks (DSIBs). While small and mid-tier banks don’t have to comply with the BCBS 239 standards, many of them are using the same principles to improve their RDARR programs. 

The Basel Committee on Banking Supervision in April 2020 provided a summary of big banks’ progress on compliance.

Bank progress on BCBS 239 compliance

Source: Basel Committee on Banking Supervision

Banks are still moving forward, but COVID-19 likely affected the pace of progress and resource deployment.

A strong risk data aggregation and risk reporting (RDARR) program is meant to help bank teams efficiently give managers the right data to accurately depict risks facing the organization at any given time.

Institutions not subject to BCBS 239 should consider the 14 principles of BCBS 239 as leading standards to implement to strengthen their RDARR capabilities. 

Every financial institution should have a RDARR program that substantiates the quality of its management reporting, which includes financial metrics as well as narrative. The narrative is key in summarizing existing risk positions, corresponding drivers, conclusions related to risk versus reward, and can convey review and challenge considerations. Your datasets underscore all of that narrative.  

That same program also can govern model development and forecasting. Automation, standardization, and connected data are fundamental components to strengthening adoption of RDARR principles.

On the RDARR: Enhancing Risk Data Aggregation and Risk Reporting

But how does the work actually get done? Not surprisingly, anyone on a bank’s risk reporting team will tell you that it’s not easy. The process is inherently complex, the stakes are high—and that’s just the start.  

Two of the biggest challenges of managing RDARR are:

1. Decentralized information

Risk management teams collect risk data from throughout their organizations. Even in a small bank, that could mean receiving data from dozens of sources and in just as many formats. All institutions, from community banks to the largest GSIBs, have in common the variety and volume of financial and management reporting performed weekly, monthly, quarterly, and annually.  

Data quality and governance are not concepts unique to the largest institutions. They are fundamental to risk management. Implementing a RDARR program should not be seen as a defensive exercise. There is significant opportunity to create value through transforming processes and supporting the evolution of your analytical routines.   

Consider using a centralized environment to give teams one place to collect their data and collaborate on analysis and reporting. Standardizing reporting structures and providing cleaner, more transparent, more traceable data should free up time for risk practitioners to spend more time on analyzing, reviewing, and challenging.

2. Inadequate tools

Many risk teams manage RDARR with word processing and spreadsheet software tools that simply aren’t up to the task. Not only are these legacy tools unwieldy, but they also cause critical breaks in the data management chain, which can lead to inaccuracies, limit transparency, and reduce trust in the data.   

Cloud platforms streamline RDARR and can help teams move toward achieving greater accuracy, clarity, and integrity of the data. They also can provide the scale that’s needed to process large amounts of data without crashing your files.

Modern platforms also give you the ability to dynamically link data across spreadsheets, presentations, and documents. Connecting data across reports and teams should reduce the risk of differences in numbers and conclusions. Meanwhile, linking data back to a source should support reviewers’ overall comfort with the data that are driving conclusions.

That’s just the start. For more detail, plus four ways to improve RDARR processes, check out our white paper

Take a break from reading about risk data and join the discussion virtually at Amplify 2023 on Sept. 21st. Access 13 sessions, and get the chance to earn up to 8 CPE credits! Register now.

About the Author
Christian Albela of Workiva
Christian Albela

Director of Solution Engineering

Christian Albela is an experienced banking and consulting professional with a diverse background in asset-liability management, credit risk reporting, risk and data analytics, stress testing, and regulatory reporting. His roles within risk and treasury teams have focused on measuring and monitoring risk and identifying opportunities for risk-balanced growth. His banking career started as a regulator with experience at both the state and Federal Reserve levels, primarily as a safety and soundness examiner. Chris earned bachelor's degrees in economics and criminology from the University of Miami, an MBA from Florida International University, and an accounting certificate through Northeastern University.

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at