BCBS 239 Benchmark Survey 2026
How are banks coping with compliance challenges since the publication of BCBS 239 and the finalisation of the ECB RDARR Guide?
Our BCBS 239 Benchmark Survey 2026 examines how banks are responding to heightened supervisory scrutiny, focusing on evolving supervisory demands and banks’ remediation approaches. Building on our 2024 survey, this edition more than doubles the previous sample size and is based on insights from over 50 institutions. As the most comprehensive survey of its kind to date, it provides valuable peer benchmarking and practical insights for banks seeking to strengthen their risk data aggregation and reporting capabilities.
Key Takeaways
- The benchmark survey highlights key practices, gaps, and trends across governance, data architecture, and data quality to help banks meet ECB RDARR expectations and strengthen compliance.
- The survey supports banks in turning BCBS 239 into a strategic lever, enabling stronger data governance and more resilient, data-driven decision-making.
BCBS 239 Benchmark Survey 2026
Download our study here
BCBS 239 in 2026: An industry under sustained scrutiny
More than a decade after the introduction of BCBS 239, risk data aggregation and risk reporting (RDARR) remain firmly in the supervisory spotlight. With the ECB’s RDARR Guide finalized in 2024, expectations have become more explicit and significantly harder to challenge. The focus has shifted from interpretation to execution – examining how banks evidence governance, scope, integrated data architecture, and remediation in practice.
Against this background, our BCBS 239 Benchmark Survey 2026 provides an updated snapshot of how banks are responding to this next phase of regulatory pressure. Building on insights from the first edition, our new benchmark reflects how implementation approaches are evolving as supervisory scrutiny continues to intensify.
A new and expanded benchmark
Our survey draws on responses to 22 questions designed to capture how banks are implementing and operationalising ECB’s expectations across governance, scope, integrated data architecture, and data quality.
It includes responses from over 50 international banking institutions, representing a wide range of geographies, business models and levels of implementation maturity. Participants are mainly large, internationally active banks, with the majority headquartered in the European Union, supplemented by banks from the UK, the US, and Asia with significant European operations. In terms of size, the benchmark is dominated by institutions with total assets above 100 billion EUR, including a substantial share of banks exceeding 500 billion EUR.
The expanded participation compared to the 2024 edition enables a more robust assessment of existing practices and emerging market trends. The survey results are enriched by Deloitte’s ongoing dialogue with the market, including regular BCBS 239 roundtables, supervisory discussions and extensive client interactions across Europe and beyond. These insights help to contextualise the survey responses, identify recurring supervisory themes and distinguish between isolated practices and broader industry signals.
Key results of the survey: What the market is telling us
Our results reveal a number of consistent signals across the industry:
- Banks are applying BCBS 239 well beyond its original scope. While internal risk reporting remains the most mature application area, banks are increasingly applying RDARR requirements to FINREP, COREP, Pillar 3 disclosures, stress testing, and risk management models.
- Supervisory pressure continues to drive scope expansion. Compared to earlier findings, application to regulatory and financial reporting has increased significantly, reinforcing expectations of enterprise-wide coverage.
- BCBS 239 ownership is mainly anchored in finance and risk functions. Our survey points to a strong partnership between risk and finance, with the support of operations and IT, as the prevailing governance model for BCBS 239 remediation.
- Cost transparency remains a persistent gap. A large majority of institutions are still unable to precisely quantify BCBS 239 spending, as remediation costs are often embedded within broader data, risk and IT initiatives.
- End-to-end data lineage is now the dominant target state. Most banks define lineage from the reporting layer back to source systems, aligning with RDARR expectations, although implementation depth varies.
- End-User Computing continues to pose risk. Despite widespread EUC usage, many banks still lack systematic data quality controls and detailed lineage documentation in this area.
From regulatory burden to strategic foundation
Our survey highlights an industry undergoing a gradual but notable shift. BCBS 239 is increasingly viewed as more than a compliance obligation, with leading institutions treating RDARR progress as a foundation for stronger data governance, transparency and resilient decision-making.
This shift is reinforced by growing demands for automation, advanced analytics and generative AI, all of which rely on well-governed data foundations. Challenges remain around scope, lineage granularity, EUCs, and the operationalisation of data quality risk. But banks have stopped simply living with these regulations and started leveraging them to build a resilient, data-driven business.
Download our BCBS 239 Benchmark Report Survey 2026 here for more information.
"Banks that treat BCBS 239 purely as a regulatory obligation risk missing its broader value. Strong risk data foundations are increasingly becoming a prerequisite for automation, advanced analytics and AI use cases.”
