Data Risk: A Critical Focus for Banks in the UK

After the Prudential Regulation Authority’s (PRA) latest round of Dear CEO letters for UK deposit takers and international banks active in the UK, released earlier this year, it’s clear that data risk is one of the banking industry’s most persistent and precarious focus areas.

While mitigating the negative outcomes of data risk has always been the most prominent concern for the industry, it has become increasingly obvious that countless digital transformation strategies are being undermined by poor data quality, unclear data governance and various other data management deficiencies. The current strategic pillars of transformation, including the implementation of artificial intelligence, migration to the cloud and adoption of advanced analytic practices, are all business cases that are fundamentally reliant on strong data governance and data management.

While priorities are not necessarily ranked by importance, reliability of regulatory reporting and data risk have continued to climb to the top of the PRA’s subsequent letters over the last five years, while European banks also face renewed pressure to remediate risk data aggregation and reporting deficiencies.

From the PRA’s latest statements there are three important takeaways:

1. Poor data is exacerbating risks and impeding risk management

2. Poor data is holding back innovation

3. Poor data must be effectively remediated

1. Poor data is exacerbating risks and impeding risk management.

Deficient data management and data governance have been a long-standing issue in the banking industry with extensive implications. In the UK specifically, the PRA has identified detrimental impacts to the reliability of regulatory reporting, while internationally, the collapse of Silicon Valley Bank in 2023 was partly attributed to continually incorrect data inputs into the bank’s balance sheet management models. (1)

Required capabilities highlighted in the latest letters – including stress testing and scenario analysis, counterparty credit risk management, effective balance sheet management and robust internal risk reporting – are all undermined by poor data and, more specifically, poor data aggregation capabilities. Both the PRA (2) and ECB (3) have recently highlighted strong risk data aggregation capabilities as essential to managing risk exposure to the growing and relatively unregulated market of private credit, which is value at more than EUR 1 trillion globally.

2. Poor data is holding back innovation.

While the PRA cited poor data as a root cause to several risks, it has an equally disruptive impact on banks’ ability to innovate. The implementation of artificial intelligence – models that often rely on large amounts of high-quality data – have exposed the underwhelming state of many financial institutions’ data landscapes.

From the PRA’s latest research on artificial intelligence in the UK financial services industry, 118 UK financial firms, including over 60 banks, consider “data quality” the second largest risk to AI implementation behind “data privacy and protection”. (4) Alongside the enhanced focus on model risk management in the UK, AI and machine learning models will be under increased scrutiny by regulators, who will be insisting on accurate, complete and controlled data inputs.

3. Poor data must be effectively remediated.

Without significant remediation, banks will continue to struggle with data deficiencies, leading to inefficiencies, stifled innovation, poor strategic decisions, and even regulatory fines. The industry need only look to Standard Chartered’s £46.5m PRA fine for liquidity misreporting in 2017—a cautionary tale. (5) A simple spreadsheet entry error led to multiple liquidity miscalculations by the regulator over four months, during which an internal investigation was conducted by the bank before the PRA was alerted.

With the PRA highlighting the need for banks to improve their ability to aggregate data, implementation and embedment of the BCBS 239 principles for effective risk data aggregation and risk reporting remains an essential milestone not just for mandated G-SIBs but also the greater UK banking industry.

However, enhancements to data management and governance capabilities cannot be taken lightly and require concerted effort across an institution, while being strategically driven and overseen by senior management. As highlighted in the PRA’s thematic findings on the reliability of regulatory reporting, banks should focus on strategic investment into their data, particularly as the issue of data risk remains a top priority for banks and bank supervisors.

What Next?

UK bank executives must act now to remediate data risk and enhance regulatory reporting capabilities. With increasing regulatory scrutiny, inaction poses a threat to both compliance and competitiveness. Existing data programmes should be reassessed to evaluate their long-term remediation outcomes and strengthened through adequate resourcing, executive sponsorship, and enterprise-wide buy-in to effectively address these persistent issues.

How Monocle Can Assist

Principles must be converted into practice. With over ten years of implementation experience, BCBS 239 has been a significant aspect of Monocle’s consulting expertise since the principles were published in 2013. At Monocle, we perform a variety of functions, including project management, business and technical analysis, and facilitation with regulators.

Our prior engagements include remediation of regulatory reporting deficiencies and participating in the end-to-end BCBS 239 implementation journey, from establishing robust programme oversight and governance frameworks to implementing comprehensive controls and effective data management strategies. We have also supported risk aggregation processes, enhanced risk reporting capabilities, and developed IT and data architectures, ensuring alignment with BCBS 239 requirements at every step.

1 Board of Governers of the Federal Reserve System , 2023

2 Bank of England PRA, 2024

3 European Central Bank, 2025

4 Bank of England PRA, 2024

5 Bank of England PRA, 2021