Skip to main content
Questions and answers17 October 2023Directorate-General for Financial Stability, Financial Services and Capital Markets Union8 min read

Questions and Answers on the proposal to amend the European Supervisory Authorities (ESAs) and the European Systemic Risk Board (ESRB)

Regulations to facilitate data sharing and re-use by financial sector authorities.

Why are you putting forward with this proposal now?

As announced in its Communication Long-term competitiveness of the EU: looking beyond 2030 of March 2023, today the Commission is putting forward concrete proposals to rationalise reporting requirements for companies. This proposal complements other initiatives adopted today and together they aim to rationalisereporting, either to supervisors or to the wider public. In particular, in the context of supervisory reporting in EU financial services, this proposal makes a new push towards greater data sharing by authorities overseeing the financial sector. It also aims to limit data requests to what is necessary and not already available to authorities, in order to avoid duplicative reporting.

Duplicative reporting as well as a lack of data-sharing between authorities and insufficient reuse of data that has already been reported was one of the key concerns raised by stakeholders in the Commission’s fitness check of EU supervisory reporting requirements in the financial sector in 2019. Therefore, one of the key goals of the strategy on supervisory data in EU financial services to move towards a system where data is reported once and then shared and reused as much as possible.

What is your strategy on supervisory data in financial services?

The Commission aims to reduce reporting burden, including in its financial services policy. In recent years, it has conducted a comprehensive fitness check on supervisory reporting and, based on the conclusions of that exercise, has adopted an ambitious Strategy on supervisory data in EU financial services.

The aim of the strategy is to modernise supervisory reporting and deliver accurate, consistent, and timely data to authorities at EU and national level, while minimising the aggregate reporting burden for all relevant parties.

The strategy consists of four building blocks

  1. more consistent and standardised data
  2. more data sharing and re-use
  3. better designed reporting requirements and
  4. joint governance arrangements

Today’s proposal falls under the second building block, where the Commission has committed to improving data sharing between authorities, removing redundant and outdated requirements, and investigating ways to make data available more extensively for research and innovation.

To implement the Strategy, the Commission has already made proposals in this mandate to rationalise reporting in the main sectoral frameworks in financial services, including for banks, insurers, fund managers and other businesses, and is moving ahead with work on all four building blocks. Among several other initiatives, the Commission is promoting the development of a common data dictionary, improving the design of reporting requirements and exploring the application of machine-executable reporting and other technological solutions (RegTech/SupTech). A complete overview of the ongoing work is available on the Commission’s Finance website.

What are you proposing today in more detail?

Today’s proposal aims to

  1. facilitate the sharing of reported data between authorities overseeing the EU financial sector. The data sharing applies to national and EU authorities where both authorities already have the right to collect the data. This is done to avoid duplicative requests to reporting entities and also to facilitate the sharing of clean or processed versions of such data (to move away from a situation where all authorities concerned have to perform quality checks and process the data separately). It also provides a legal basis for exchanging anonymised data between authorities and, for the purposes of policy work, with the Commission
  2. explicitly require authorities to regularly review reporting requirements, remove any redundant or obsolete ones, and keep the reporting burden to a minimum, as well as to consider reusing existing data before introducing new requirements
  3. allow, under strict confidentiality and data protection conditions, the sharing of data held by authorities with financial institutions, researchers, and other entities, for research and innovation purposes

The improvements to supervisory reporting proposed today are achieved through amendments to the Regulations of the European Supervisory Authorities - the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority - and the Regulation of the European Systemic Risk Board.

How does data sharing help reduce the reporting burden?

Rationalising reporting requirements does not mean simply reducing them. Reporting requirements are an essential component of the supervisory toolbox and provide authorities with the necessary information to supervise the financial sector. They contribute   to promoting transparency, maintaining financial stability,  market integrity, and protecting consumers, investors and other users of financial services. At the same time, it is in the interest of all stakeholders, i.e. the financial services industry, its customers, and public authorities, to maximise the quality of the information reported and minimise the costs associated with providing it.

The purpose of the horizontal provisions adopted today is therefore not only to help remedy existing inefficiencies in data flows, such as duplicative and obsolete reporting, but also to allow authorities to change and adapt data sharing arrangements to respond to their constantly evolving information needs.

These proposals are a first step towards a system where entities report data only once, and where the data is shared and reused as needed by the various authorities overseeing the financial system in the EU.

Furthermore, access to more complete and accurate information will improve the Commission's ability to estimate the impact of its proposals, and to monitor it over time, which is a prerequisite for keeping costs as low as possible.

Will more data sharing between authorities affect the confidentiality of data for supervised companies?

No. The proposed rules do not extend data access rights but make it easier for authorities that in any case have the right to request the data to share it between themselves. Full transparency would be guaranteed by requiring authorities to inform reporting entities of any data sharing taking place.

The access to specific data for individual authorities is regulated in existing sectoral frameworks. Over the past years, the Commission has taken the opportunity to propose improved data sharing rules between authorities when specific pieces of financial services legislation have been reviewed. However, strengthening and clarifying the legal basis for data sharing in EU legislation also requires horizontal enabling provisions in order to deliver a comprehensive and systematic outcome. Today’s proposal complements the sectoral frameworks.

Will the enhanced data sharing affect the existing competences of the supervisory authorities? Are we moving to an automatic sharing of company data?

No. The proposal does not change the existing tasks of the authorities, and they would only be able to use any shared data to fulfil those tasks. Furthermore, any data sharing would be conditional on the requesting authority already having the right to obtain that same information from companies or authorities. As a result, the new provisions would neither alter, nor interfere with, the existing division of competences between authorities, and between the EU and national levels.

The proposal applies to all relevant financial sector authorities, at both national and European level, and across sectors (insurance, banking and capital markets). It should not lead to a unilateral increase in data flows in one direction or another.

Also, the proposed provisions do not introduce automatic data sharing between authorities. Sharing the data would remain subject to a voluntary request and to the conditions described above. In this respect, the proposal builds on existing rules for information exchange between authorities. It is complementing, and not substituting or restricting, those provisions.

Why does the Commission need access to non-identifiable data collected by authorities?

In accordance with its better regulation agenda, the Commission aims to ensure that EU policymaking is based on the best available evidence.

The Commission already employs a wide variety of tools and sources to gather evidence, when proposing, monitoring and evaluating EU law in the area of financial services (e.g. public consultations, studies, public and private databases, as well as the advice of the European Supervisory Authorities). Getting access to some data held by authorities would significantly improve the evidence base available to the Commission, including for cases where analysis is needed quickly (for example, when the European Parliament or the Council raise specific questions to the Commission in the context of the ordinary legislative procedure).

For these analytical purposes, the Commission does not need to be able to identify the individual reporting companies. Therefore, any access would be limited to data that does not allow for the identification of individual entities. Under the proposal, the same possibility would be available to all authorities overseeing the financial sector, at both EU and national level, as related to their respective needs.

Why should competent authorities grant access to information to third parties?

The access for research and innovation purposes to information held by competent authorities in financial services will improve the utility of the reported data and provide a useful source of information to researchers and entities that wish to experiment with data-driven financial products and services.

The access will be granted only to specific entities with legitimate interest in using data for research and innovation (financial institutions, researchers, academics, FinTechs) and the data to be shared will be anonymised and modified in a way to protect personal data, intellectual property rights and business confidentiality.

Such sharing could take place in an anonymised and secure way on the Data Hub on the Commission’s Digital Finance Platform or based on bilateral agreements with competent authorities.

What steps were taken before adopting this initiative?

In addition, and as a follow-up to the aforementioned fitness check and Strategy, from June to September 2022, the Commission conducted a targeted consultation of authorities overseeing the EU financial system, at both EU and national level, in order to identify barriers to data sharing among them.

The topic was further discussed in a workshop, held in February 2023, with more than 130 representatives of the authorities in question. The outcome was wide support for more sharing of data between authorities in the banking, insurance and financial markets sectors, and also across the sectors, to improve the use of collected data and to reduce redundant reporting.

What happens next?

It is now for the European Parliament and the Council to examine today's legislative proposal. As with all regulations, after the proposal is adopted by the co-legislators and has entered into force, the changes will become directly applicable.

For more information