The delay to the UK’s Basel 3.1 implementation date has given banks something rare in regulatory change: time. Instead of a compressed rush to the original go‑live, firms have an extended runway to recalibrate programmes, strengthen systems and resolve the uncertainties that surrounded earlier proposals.

With the final Basel 3.1 rules now in force and the 1 January 2027 start date confirmed, that time is no longer about waiting to see what the framework will look like. It is about making sure the framework can actually run – cleanly, repeatedly and explainably – across credit, market and operational risk, reporting and risk management.

Five months on from the final rules, the key question has shifted from “What do the Basel 3.1 rules say?” to “How ready are we to operate under them on day one?”

2. What has changed since the final rules

The near‑final Basel 3.1 package gave a strong indication of direction, but it also left gaps, drafting inconsistencies and areas where firms had to make assumptions. The final rules clarify much of this picture.

In particular, the final framework:

• Confirms the overall structure of the UK’s Basel 3.1 implementation, including key elements across credit risk, market risk, operational risk and disclosure.
• Introduces targeted refinements in areas such as market risk, where the details of the trading book framework and sensitivities‑based approaches matter for implementation.
• Provides technical corrections, clearer definitions and updated templates so that reporting and disclosure requirements align coherently with the policy intent.

For banks, this means most of the regulatory uncertainty is now resolved. The main variable is no longer the rules themselves, but the institution’s ability to embed them into data, systems, models and governance in a way that stands up to supervisory scrutiny.

3. Four pillars of Basel 3.1 go‑live readiness

To move from policy interpretation to operational readiness, it can be helpful to structure activity around four pillars: full compliance with the rules, reporting framework readiness, impact analysis validation, and risk management alignment.

3.1 Full compliance with the rules

This pillar is about making sure the core requirements across risk types are genuinely implemented rather than conceptually understood.

• Credit risk
  Banks need to ensure the revised standardised and internal ratings‑based approaches are fully reflected in their systems and processes. That includes updated risk weights, exposure classifications and the treatment of specialised lending. It also means testing how these changes flow through to capital, pricing and portfolio decisions.
• Market risk
  The move to the Fundamental Review of the Trading Book (FRTB) brings new sensitivities‑based calculations and stricter boundaries between trading and banking books. Firms must not only implement the formulae, but also have robust booking practices, clear desk structures and governance over model eligibility and approvals.
• Operational risk
  Transitioning to the standardised measurement approach (SMA) requires accurate calculation based on relevant business indicators and integration into capital planning. This is not just a change in calculation; it affects how firms understand, aggregate and manage operational losses and exposures.

Across all three risk types, documentation, testing and internal challenge are critical. “Implemented” should mean ready to withstand internal audit and supervisory review, not just coded in a single system.

3.2 Reporting framework readiness

Basel 3.1 is as much a reporting reform as a risk reform. New templates, data points and definitions will stretch existing infrastructure.

Key questions include:

• Are systems and data models updated to support the new reporting taxonomy and COREP templates required under Basel 3.1?
• Do revised Pillar 3 disclosures reflect updated definitions, assumptions and calculation logic, with traceability back to underlying data?
• Have firms run end‑to‑end dry runs of the new reporting packs, including data extraction, transformation, validation, sign‑off and submission?

Dry runs are particularly important. They help reveal data gaps, inconsistencies between risk and finance views, and process bottlenecks that may not be obvious from design documents alone.

3.3 Impact analysis validation

Most banks have performed some form of quantitative impact analysis during earlier phases of Basel 3.1 implementation. The final rules make it necessary to revisit those assessments.

Effective impact analysis at this stage should:

• Use the final rule set, current portfolios and up‑to‑date market data, rather than relying on older assumptions or draft proposals.
• Consider both point‑in‑time and forward‑looking impacts, especially where business models or balance sheets have evolved since the original analysis.
• Prepare and review the templates used for supervisory data collection, ensuring consistency with internal views and external submissions.
• Provide clear, board‑level narratives about capital implications, key drivers of change and the range of plausible outcomes under different scenarios.

The goal is to avoid surprises post go‑live and to ensure that management understands not just the numbers, but the drivers behind them.

3.4 Risk management changes alignment

Basel 3.1 is not just a technical recalibration of capital requirements; it has implications for how risk appetite, limits and risk processes are set and monitored.

Areas to consider include:

• Updating risk appetite statements and internal limits to reflect changes in capital requirements and risk-weighted assets.
• Aligning risk policies and procedures with new definitions, thresholds and methodologies, so that front‑line decisions are consistent with the regulatory framework.
• Revising ICAAP processes, risk and capital models, and stress testing to incorporate Basel 3.1 assumptions and outputs.
• Ensuring committees and governance forums have the information they need to oversee both the transition and the steady‑state regime.

Where multiple jurisdictions are involved, cross‑border coordination is also important to align local implementations with group‑wide policies.

4. Data, governance and explainability: the binding constraints

Beneath the four pillars lies a common set of challenges: data, governance and explainability.

Basel 3.1 introduces new data requirements across credit and market risk, including more granular risk sensitivities and enhanced treatment of unrated counterparties. It also extends disclosure expectations under Pillar 3. This places a premium on:

• Data completeness and accuracy across products, counterparties and risk factors.
• Clear data lineage from source systems through transformation layers to final reports.
• Defined ownership, controls and remediation processes for critical data elements.

Strong governance is needed to ensure that methodology changes, model updates and implementation decisions are well documented and subject to appropriate challenge. Training for finance, risk, IT and front‑line teams helps embed the new framework into day‑to‑day activities rather than treating it as a one‑off project.

Explainability is where these elements come together. Boards, senior management and supervisors will expect firms to not only produce numbers under Basel 3.1, but also to explain changes over time, reconcile to previous regimes and articulate the link between regulatory outcomes and business decisions.

5. Making the most of the remaining time

With the final rules established and the implementation date fixed, the remaining months are an opportunity to turn Basel 3.1 into a stable, repeatable process.

Practical steps for this phase include:

• Running a structured readiness assessment across the four pillars, identifying gaps between current and target state.
• Establishing a timetable for dry runs and parallel runs, including clear entry and exit criteria.
• Aligning technology and data initiatives with Basel 3.1 needs, avoiding short‑term workarounds that create long‑term complexity.
• Enhancing documentation, training and governance to support sustainable adoption.
• Engaging boards and senior management with concise, decision‑focused updates on progress and residual risks.

By treating the extended timeline as a chance to build durable capabilities rather than deferring effort, banks can enter 2027 with greater confidence in their capital framework and regulatory reporting – and be better positioned for whatever comes next.

Book a demo with a RegTech specialist

See how Suade helps financial institutions modernise regulatory reporting, improve control and manage change with transparent, data-driven technology.

Book a demo

Date: Tuesday, 23 June, 2026
Duration: 45 minutes
Time: 12:00 to 12:45 pm BST | 13.00 to 13.45 pm CET
Format: Live webinar

Register below.

The European Central Bank (ECB) has published the main implementation milestones for the Integrated Reporting Framework (IReF), giving banks the clearest view yet of how integrated statistical reporting will roll out across the euro area. It marks a significant moment in a journey that has brought together central banks, commercial banks, reporting agents and industry bodies under the Joint Bank Reporting Committee (JBRC) to rethink how regulatory data flows in Europe.

For reporting and data leaders, this isn’t just another date in the diary. It is a signal that the shift from template‑driven reporting to granular, standardised, AI‑ready data is no longer theoretical – and that architecture and operating‑model decisions made over the next few years will define their IReF experience.

What the ECB announced

In its June 2026 communication, the ECB set out a three‑step roadmap for IReF implementation.

First, a public consultation on the draft IReF Regulation is planned for the second half of 2027, which will help shape the final legislative proposal and clarify scope and requirements.

Second, a one‑year pilot phase starting in the second quarter of 2030 will invite reporting agents to test their ability to meet the new data requirements and to identify and resolve structural issues in data, processes and systems.

Third, the first official IReF reporting is scheduled for the second quarter of 2031, with an initial one‑year period in which current statistical reporting continues in parallel to manage transition risk.

These milestones build on earlier announcements, including the ECB’s 2024 communication that positioned IReF as the backbone for harmonising banks’ statistical reporting and as a potential first step towards more integrated statistical and prudential requirements over time. Taken together, they turn IReF from a concept into a concrete, multi‑year change programme with clear waypoints for banks and authorities.

What it means for banks

IReF’s stated objective is to standardise and harmonise existing statistical frameworks across countries and reporting domains, reducing the reporting burden on euro area banks while improving the quality and reusability of data. In practice, this means that a single integrated set of granular data is intended to replace or consolidate multiple existing ECB datasets, including balance sheet items (BSI), monetary interest rates (MIR), securities holdings statistics (SHS‑S) and AnaCredit, with a view to further integration into balance of payments and related statistics over time.

For banks, the implications go well beyond adding a new report. A granular, integrated framework requires changes to data sourcing, modelling, lineage and governance, and asks institutions to move away from template‑specific solutions towards reusable, standardised data layers that can support multiple reporting and analytical demands. The pilot and parallel‑run phases will test not just whether firms can populate IReF structures, but whether their architectures and close processes can produce consistent, reconciled data under tighter expectations.

Why the timeline is shorter than it looks

On paper, a first official reporting date in 2031 sounds distant, but the combination of a consultation in 2027 and a pilot in 2030 effectively pulls critical decisions forwards. Banks will need to make progress on data foundations, ownership and operating models before every technical detail is finalised, particularly if they want to avoid last‑minute remediation when pilot findings expose structural gaps.

Earlier communications from the ECB and market commentary have already highlighted how IReF timelines have evolved, with previous plans for earlier start dates being refined to reflect investigation‑phase findings and implementation realities. The latest roadmap offers more time on the surface, but it also underlines that the preparatory phase – including detailed implementation planning and consultation – is where most of the heavy lifting on design and architecture will happen.

From template‑based reports to granular, AI‑ready data

The direction of travel is clear: rather than submitting multiple aggregated templates, banks will be expected to deliver more detailed, standardised information at transaction or exposure level to supervisors. That approach not only supports integrated statistical reporting, but also creates a stronger foundation for prudential, resolution and internal risk reporting – and, increasingly, for AI and advanced analytics use cases that depend on high‑quality, well‑governed granular data.

For many institutions, this will mean rethinking long‑standing assumptions about where regulatory data sits, how it is transformed, and who owns the standards and models that underpin it. The “define once, report many times” principle that has been associated with IReF and other standardisation efforts becomes much harder to realise if data remains fragmented across silos and tailored to individual templates.

The strategic questions banks should be asking now

With the latest milestones in place, the most important questions for banks shift from “if” to “how” and “when”. Heads of Regulatory Reporting, Heads of Data and change leaders can use the ECB’s roadmap as a trigger to revisit several key areas:

• Data model strategy: How close is the current data model to an integrated, granular design that could support IReF and other regulatory or internal demands without repeated transformation layers?
• Architecture and sourcing: Are reporting architectures still organised around templates and point‑to‑point feeds, or is there a clear pathway towards centralised, reusable data stores with consistent controls and lineage?
• Governance and ownership: Who owns IReF‑relevant data standards and the associated dictionary, and how well are these aligned with broader enterprise data initiatives and AI strategies?

Addressing these questions early allows banks to treat the 2030 pilot as an operational rehearsal for steady‑state reporting rather than a scramble to meet minimum requirements. It also creates space to align IReF changes with other regulatory and digital programmes, reducing duplication and making better use of investment in modern data and RegTech solutions.

Get ready for Europe's data reporting shift

In this webinar, Massimo Casa (Banca d'Italia, co-chair of the BIRD Steering Group) joins Stefan Röth (PwC) to examine the latest IReF developments and their implications for regulatory reporting.

Register now

Date: Tuesday, 23 June, 2026
Duration: 45 minutes
Format: Live webinar

How are IReF, BIRD and AI‑ready data standards going to change the way banks think about regulatory reporting – not in theory, but in day‑to‑day delivery?

In this session, senior reporting and data leaders from PwC, Banca d'Italia and Suade explored the shift from template‑based reports to granular, standardised data, and what that means for architectures, close processes and controls. We discussed how initiatives like IReF and BIRD can reduce duplication and reporting burden, what “AI‑ready” really looks like for regulatory data, and the practical priorities banks should be tackling over the next few years.

Designed for Heads of Regulatory Reporting, Heads of Data and change leaders, this was a practitioner‑led conversation about building a reporting stack that can cope with rising supervisory expectations and the coming AI wave – without adding yet more complexity.

You can access the full webinar below.

LONDON, UK, May 21, 2026 – Suade Labs, a regulatory reporting platform used by financial institutions across global markets, today announced that its flagship event, RegTech Forum, supported by the City of London Corporation, will return to Guildhall in London on 6 October 2026. The in-person event will bring together senior regulatory reporting professionals to explore the future of reporting, supervision and regulatory change. 

The forum will welcome up to 400 attendees and feature five expert-led panel discussions, alongside smaller breakout sessions and targeted roundtables. This expanded format is designed to enable practical collaboration across the regulatory ecosystem, bringing together banks, regulators, policy specialists, compliance leaders, and technology and data experts navigating an increasingly complex reporting landscape. 

“RegTech Forum is special because it brings together people from different backgrounds, including industry, regulators and policy experts,” said Diana Paredes, CEO and Co-Founder of Suade. “This mix of perspectives allows for open and honest conversations about the issues that matter most. It is what makes the event so valuable and why it remains an important meeting point for the future of regulatory reporting.” 

The 2026 programme will cover key topics including AI in regulatory reporting, real-time reporting, Basel 3.1, SDDT, regulatory divergence and modern data architectures. Roundtables and breakout sessions will provide more focused, practical discussions tailored to different types of institutions. 

“Banking, regulation and technology all depend on human relationships,” said Neil Esho, former Secretary General of the Basel Committee on Banking Supervision. “You cannot build those relationships while sitting behind a computer screen. RegTech Forum creates an environment for the conversations that matter.” 

Taking place at a time of increasing data intensity and regulatory change, RegTech Forum 2026 offers a space for professionals to exchange insights, compare approaches and help shape the future of regulatory reporting. 

Event details 
RegTech Forum 2026 will take place on 6 October 2026 at Guildhall, City of London. For more information and registration, please visit our landing page. 

Regulatory reporting is entering a phase where three powerful trends are colliding: regulators are shifting to granular data models, supervisory expectations are becoming more continuous, and AI capabilities are moving from simple chatbots to agentic systems that can act across tools and datasets. For heads of regulatory reporting, data and risk, the question is increasingly not whether AI will play a role, but how to design data, governance and architecture so agentic AI improves control rather than undermines it.

1. Regulatory change has become a data problem

Across jurisdictions, supervisors are moving away from purely template-based collections and towards granular, common data models. That shift has three important consequences for reporting teams:

• One core dataset, multiple regulatory views. Firms are expected to maintain granular data that can support different supervisory perspectives, rather than building each report as a standalone artefact
• From periodic to continuous. As regulators gain access to richer datasets, the logic of fixed reporting cycles starts to erode. Oversight becomes more “always on”, and so must the associated controls
• Change manifests in data, not just forms. Regulatory change now often arrives as new attributes, revised definitions or different aggregation rules, rather than only as redesigned templates

In this world, regulatory change is fundamentally a data challenge. The institutions that cope best will be those that invest in a well-understood internal data model, with clear definitions and mappings to external standards, rather than those that focus purely on re‑engineering templates each time the rules move.

2. Clean, governed data is the precondition for AI

There is a well‑known maxim in AI: garbage in, garbage out. In regulatory reporting, that principle is unforgiving. Agentic AI systems can traverse datasets, fire off queries and orchestrate workflows at machine speed – but they can’t fix fundamental ambiguity in the underlying data.

For regulatory reporting, “clean data” means more than technically valid values:

• Reconciled across functions. Finance, risk and regulatory views must be consistent, with no “multiple versions of the truth” for core measures
• Fully traceable. Every number in a report should be explainable back to underlying transactions, with lineage that covers systems, transformations and controls
• Owned and governed. Data needs clear ownership, quality rules and a governance framework that treats it as a controlled asset, not a byproduct

AI can help here. It can draft or refresh documentation for complex calculations, highlight inconsistencies between definitions, and surface anomalies in large datasets far faster than manual methods. But those benefits only materialise when institutions have already done the groundwork on reconciliation, lineage and governance. Otherwise, AI simply accelerates the wrong answers.

3. From chatbots to agentic AI: what actually changes?

Most organisations have now experimented with conversational tools – chatbots that can answer questions, summarise documents or generate first drafts. Agentic AI goes further. Instead of waiting for one-off prompts, agentic systems can:

• Plan and decompose tasks into steps
• Call tools and APIs, not just handle text
• Interact with other agents to complete workflows

In regulatory reporting, this opens up use cases such as:

• Investigating why a control or validation failed
• Tracing the drivers of movement in a particular cell
• Mapping attributes between two regulatory data standards
• Drafting explanations or documentation for review

Crucially, none of this changes where accountability sits. As Murat Abur, Suade’s CIO, puts it: “AI, while it feels like it’s an intelligent being doing things – it doesn’t take away the accountability or the responsibility. It’s just a tool, like a hammer. The person using it is still going to be responsible.” AI can propose explanations, but humans still sign off on regulatory submissions and stand behind the numbers.

For that reason, agentic AI in regulatory reporting should initially focus on analysis, investigation and drafting – the work that supports judgment – rather than on making binding decisions.

4. What an AI‑native reporting architecture looks like

Agentic AI does not sit in isolation; it sits on top of architecture. For regulatory reporting, “AI‑native” architecture has a few defining characteristics:

API-first and granular

Agentic systems need the ability to ask precise questions of data. Instead of exporting entire datasets and hoping a model can cope, the platform must:

• Expose well-documented APIs that can fetch exactly the slice an agent needs (for example, “time deposits from this source system on this date”)
• Support filtering, aggregation and sampling in ways that make sense for reporting controls and for AI context limits
• Allow agents to iterate: ask a focused question, receive a subset, then refine further

If the only options are “all or nothing” – dumping millions of rows and hundreds of columns into a model – costs, latency and context limitations will quickly become blockers.

Open and interoperable

Regulatory data models will continue to evolve. Different supervisors will move at different speeds. To remain flexible, institutions need:

• A standardised internal model (ideally aligned with open standards) that can map to multiple regulatory schemas
• An ability to generate or transform data between models without brittle, one‑off builds
• Avoidance of black‑box systems where neither humans nor agents can inspect or query intermediate layers

Here, AI can act as an adapter: reading attribute definitions and sample data to propose mappings between schemas, or to generate test data aligned with a new standard. But the underlying design still needs to be open and documented.

Designed for interrogation, not opacity

As models become more capable, the difference between institutions that can interrogate their data at every layer and those that cannot will be stark. AI‑native reporting architectures are built on the assumption that:

• Every number, transformation and control may be questioned by humans, by AI agents, or by supervisors
• It must be possible to drill down, slice, and recombine data programmatically, not only through GUIs
• Closed, opaque systems will be increasingly unacceptable in a world of granular data, continuous oversight and model risk scrutiny

5. Practical agentic AI use cases – and clear boundaries

To move beyond theory, institutions need a pragmatic ladder of use cases, starting where risk is low and value is clear.

Low-risk, high-value use cases

• Documentation and knowledge management. Use AI to draft and refresh documentation for complex calculations, then have SMEs review and approve. Over time, this builds a high-quality knowledge base that both humans and agents can rely on
• Root-cause investigation. When a control fails or a number moves unexpectedly, agents can traverse lineage, query relevant slices of data and propose candidate explanations for human review
• Data quality triage. Agents can scan large batches for outliers, inconsistencies or missing values, prioritising issues for data owners to fix

In all of these, AI is a force multiplier for experts, not a replacement.

Medium-risk, controlled automation

Once comfortable with the basics, firms can move towards:

• Semi-automated workflows. Agents that, for example, investigate a set of validation failures overnight, group them into patterns, propose fixes, and route them to the right teams – with humans retaining the authority to apply or reject changes
• Schema mapping and regulatory change support. Agents that generate draft mappings between schemas or propose changes to accommodate new rules, again subject to expert review

Boundaries and what AI should not do (for now)

There are also clear lines that should not be crossed in the near term:

• AI should not have the final say on decisions that carry regulatory, legal or reputational consequences
• Agentic workflows should not be allowed to alter production reporting without traceable, human-approved controls
• Models must be monitored for drift, bias and unexpected behaviours; “set and forget” is not an option

The right test for each use case is simple: if the AI is wrong, can the institution detect and correct the error before it becomes a regulatory problem? If the answer is no, the use case is too far up the ladder.

6. A 3–5 year horizon: what leading firms will have in place

Looking a few years ahead, the leading regulatory reporting functions are likely to share several traits:

• Data-first operating models. A single, governed dataset that underpins multiple regulatory views, with clear ownership, lineage and BCBS 239 alignment
• AI embedded in everyday work. Documentation, investigations, testing and data quality are routinely supported by agents, reducing cycle times and freeing experts for higher‑order analysis
• Agentic workflows for change. Regulatory change programmes leverage agents to map schemas, generate test data, simulate impacts and surface implementation risks early
• Mature model governance for AI. AI tools are treated as models within existing frameworks, with defined controls for explainability, bias, drift and performance
• AI‑native platforms. API‑first, open architectures designed for fine-grained interrogation by both humans and agents, rather than monolithic, black-box stacks

For institutions thinking about their regulatory reporting roadmaps today, the most important point is timing. The models are improving quickly. Once they become very good, the gap between firms that have done the foundational work – on data, governance and architecture – and those that have not will widen rapidly.

Now is the time to:

• Consolidate and govern the regulatory data model.
• Bring AI explicitly into model risk and governance frameworks.
• Modernise reporting architecture to be open, API‑first and AI‑native.
• Build a small, well‑chosen portfolio of low‑risk agentic AI use cases and learn from them.

Suade’s platform was built as an API‑first, AI‑native regulatory reporting system, designed to align with these requirements and support “bring your own AI” operating models. If you are exploring how agentic AI fits into your regulatory reporting strategy, or what it would take to move towards AI‑ready data, governance and architecture, our team would be happy to talk.

Book a demo with a RegTech specialist today to see how Suade can help you prepare your regulatory reporting function for the next generation of AI‑driven workflows.

Save the date for Suade’s flagship forum in London on the Future of Regulatory Reporting.

On the 6 October 2026, 400 senior leaders from banking, regulation and technology will come together at Guildhall, City of London. This year’s forum will focus on what firms should prepare for next across AI, data standards, Basel 3.1, SDDT and cross-border complexity.

Key details:

Date: 6 October 2026
Location: Guildhall, City of London
Speakers: 25+ High-profile speakers
Attendees: 400+ Senior Industry Leaders
Audience: Senior Industry Leaders, Regulators, and Technology Experts

Previous speakers have included:

Phil Evans, Director Prudential Policy, Director Brexit, Bank of England, Lyndon Nelson, Deputy CEO, Bank of England, Neil Esho and William 'Bill' Coen, Former Secretary Generals, Basel Committee on Banking Supervision.

Register your interest today!

Speaker announcements and the full agenda will be shared soon.