Skip to main content

RDARR 101: Risk Data Aggregation and Risk Reporting Explained

What is RDARR
24 June 2021

As anyone in banking knows, risk—understanding it, measuring it, and managing it—is at the very heart of the business. History has proven, most recently and dramatically with the 2008 financial crisis, that when risk isn’t properly understood, measured, or managed, it can lead to widespread instability and massive losses. 

Since the Great Recession, risk management teams at banks around the world have been trying to manage risk data aggregation and risk reporting (RDARR) more effectively using an internationally accepted set of principles as a North Star: BCBS 239.

What is BCBS 239?

The international banking authorities that make up the Basel Committee on Banking Supervision (BCBS), based in Basel, Switzerland, work to create global standards for banking regulation. The group has 45 members from 28 jurisdictions around the world, including representatives from central banks and authorities who oversee the banking industry. 

In 2013, the organisation released BCBS 239, a new set of standards to help banks manage their risk data aggregation and risk reporting practices more holistically. BCBS 239 includes 14 principles that fall into four general categories: governance, data aggregation, risk reporting, and supervisory requirements. The goal? Enhance financial stability by creating greater trust in data, more informed decisions by banking leaders, and more clarity for regulators. 

14 principles in BCBS 239


BCBS 239 applies to large banks worldwide that are either Global Systemically Important Banks (GSIBs) or Domestic Systemically Important Banks (DSIBs). While small and mid-tier banks don’t have to comply with the BCBS 239 standards, many of them are using the same principles to improve their RDARR programs. 

The Basel Committee on Banking Supervision in April 2020 provided a summary of big banks’ progress on compliance.

Bank progress on BCBS 239 compliance

Source: Basel Committee on Banking Supervision

Banks are still moving forward, but COVID-19 likely affected the pace of progress and resource deployment.

What is RDARR?

A strong risk data aggregation and risk reporting (RDARR) program is meant to help bank teams efficiently give managers the right data to accurately depict risks facing the organisation at any given time.

Institutions not subject to BCBS 239 should consider the 14 principles of BCBS 239 as leading standards to implement to strengthen their RDARR capabilities. 

Every financial institution should have a RDARR program that substantiates the quality of its management reporting, which includes financial metrics as well as narrative. The narrative is key in summarising existing risk positions, corresponding drivers, conclusions related to risk versus reward, and can convey review and challenge considerations. Your datasets underscore all of that narrative.  

That same program also can govern model development and forecasting. Automation, standardisation, and connected data are fundamental components to strengthening adoption of RDARR principles.

How does RDARR work? 

Not surprisingly, anyone on a bank’s risk reporting team will tell you that creating an effective RDARR program is not easy.  

Two of the biggest challenges of managing RDARR are:

1. Decentralised information

Risk management teams collect risk data from throughout their organisations. Even in a small bank, that could mean receiving data from dozens of sources and in just as many formats. All institutions, from community banks to the largest GSIBs, have in common the variety and volume of financial and management reporting performed weekly, monthly, quarterly, and annually.  

Data quality and governance are not concepts unique to the largest institutions. They are fundamental to risk management. Implementing a RDARR program should not be seen as a defensive exercise. There is significant opportunity to create value through transforming processes and supporting the evolution of your analytical routines.   

Consider using a centralised environment to give teams one place to collect their data and collaborate on analysis and reporting. Standardising reporting structures and providing cleaner, more transparent, more traceable data should free up time for risk practitioners to spend more time on analysing, reviewing, and challenging.

2. Inadequate tools

Many risk teams manage RDARR with word processing and spreadsheet software tools that simply aren’t up to the task. Not only are these legacy tools unwieldy, but they also cause critical breaks in the data management chain, which can lead to inaccuracies, limit transparency, and reduce trust in the data.   

Cloud platforms streamline RDARR and can help teams move toward achieving greater accuracy, clarity, and integrity of the data. They also can provide the scale that’s needed to process large amounts of data without crashing your files.

Modern platforms also give you the ability to dynamically link data across spreadsheets, presentations, and documents. Connecting data across reports and teams should reduce the risk of differences in numbers and conclusions. Meanwhile, linking data back to a source should support reviewers’ overall comfort with the data that are driving conclusions.

For more detail, plus four ways to improve RDARR processes, check out our white paper

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at

Thank you

A Workiva team member will follow up with you shortly.

Thank you for registering

You'll receive a confirmation email shortly.

Thank you

You are now subscribed to receive blog updates.

Thank you

Your preferences have been updated.