The European Systemic Risk Board (ESRB) in an announcement highlighed that enhanced data sharing among EU authorities is key for the ESRB to deliver on its broad financial stability mandate:

Finally, the General Board highlighted that enhanced data sharing among EU authorities is key for the ESRB to deliver on its broad financial stability mandate. The General Board took note of the ongoing legislative process initiated with the European Commission’s proposal regarding reporting requirements in the fields of financial services and investment support (Regulation 2023/0363 (COD)). The General Board also acknowledged the European Parliament’s and Council’s first readings of that proposal, as well as the opinion of the ECB. In view of the announcement by the Hungarian Presidency of the EU to start the negotiations between the Parliament and the Council in the second half of the year, the General Board will present its views in a letter to the EU co-legislators in the coming weeks.

On 19 August ESRB sent data sharing letters to the European Parliament, the European Commission and the Council of the European Union.

In all of the letters, it is stressed ESRB needs granular data (microdata) for its work. These granular data include personal data of European citizens. In the letter to the Parliament ESRB notes:

The General Board of the ESRB firmly believes that timely access to granular data 1 is essential for the ESRB to fulfil its broad financial stability mandate. However, the ESRB’s access to data is not fully aligned with its objectives in several important areas. The rules governing the ESRB’s access to data can be divided into two frameworks: (i) ex ante, whereby the ESRB has access to data on a regular, ongoing basis, i.e. as soon as it is reported; and (ii) ex post, whereby it can only access data through ad hoc requests, which take time to process. As we demonstrate below, the ex ante framework is well aligned with the ESRB’s objectives and mandate, while the ex post framework has inherent limitations that hamper the ESRB’s ability to continuously monitor and mitigate risks to financial stability. Most importantly, the ex post framework applies to the ESRB’s access to certain granular data collected by the European Supervisory Authorities (ESAs).

Granting the ESRB ex ante access to granular data collected by the ESAs as part of structured, regular supervisory reporting should therefore be a priority. In the light of the European Parliament’s first reading, this improvement – referred to as “access by default” – will need to be considered by the EU co-legislators as part of the ongoing legislative process. The enhanced data sharing proposed by the European Parliament would improve the consistency and effectiveness of macroprudential oversight across sectors and strengthen statistical and analytical cooperation to the mutual benefit of the ESRB and the ESAs.

The General Board notes that the discussion among EU co-legislators will also touch upon other elements relating to the broader aim of the proposed regulation. However, the General Board strongly believes that enhancing data sharing between the ESAs and the ESRB is of primary importance for systemic risk monitoring and financial stability. To this end, the remainder of this letter discusses (i) the ESRB’s objectives, mandate and current rules governing access to granular data; (ii) how to better align the ESRB’s data access with its objectives and mandate; and (iii) other matters that would benefit from further clarification.

1 In this letter, the terms “data” and “information” are used somewhat interchangeably; the ESRB Regulation refers to “information”, while the specific legal acts mostly refer to “data reported”. Information can be defined as the sum of data and knowledge, while data require context and need to be processed, structured, organised and analysed to be understood.

ESRB requires granular data collect by the ESAs (footnotes deleted):

Most importantly, this framework applies to granular data collected by the ESAs within structured, regular supervisory reporting frameworks such as (i) COREP/FINREP data reported under CRD/CRR, (ii) data reported under Solvency II, and (iii) data reported under MiFID II and MiFIR. To date, cooperation between the ESAs and the ESRB has been excellent in this regard, despite the operational burden such ad hoc requests entail for all authorities involved, and the ESRB’s data requests have been always fulfilled. However, these data requests necessarily entail an institutional process of consultations and approvals, which results in a considerable time lag

They stress their need for these data (footnote deleted):

The ESRB’s experience over more than ten years of working with data has shown that monitoring an increasingly complex, interconnected and fast-moving financial system requires timely access to granular data. Modern financial systems are characterised by their interconnected, evolving and complex nature, with aspirations towards even greater integration, such as that envisioned under the Capital Markets Union (CMU). This interconnectedness facilitates risk sharing across various sectors, enhancing the resilience and efficiency of financial markets. However, it also poses a risk of contagion, where shocks in one sector can quickly propagate and take on cross-sectoral dimensions. To effectively monitor these risks and develop an appropriate policy response, it is crucial to link data across markets and counterparties. This requires granular data that facilitate a comprehensive analysis of how entities are interlinked and how risks can spread throughout the financial system. Moreover, monitoring and assessing systemic risks before they materialise (or in normal times) requires continuous access to information encompassing the various components of the financial system and their interdependencies, based on a broad set of relevant macroeconomic and micro-financial data and indicators.

According to the Board enhancing data sharing between the ESAs and the ESRB is increasingly important for the ESRB to continue delivering on its mandate.

The letters show that the government’s appetite for granular data is everywhere. Let’s hope data protection is in order.