Navigating the new Operational Risk Framework under CRR3

Since CRR3 / CRD6 were adopted in June 2024 and will become largely applicable as of 1 January 2025, European banks are facing one of the most far-reaching changes to their capital and risk framework since the financial crisis.

One of the key changes concerns the operational risk regime: whereas multiple approaches were previously permitted, CRR3 introduces a new, uniform framework through a standardised approach.
For institutions, this represents a challenge that is often still underestimated in the context of the new prudential requirements: banks will need to revise their systems, risk culture, data management and governance in order to remain compliant, while also ensuring that the new regime does not lead to unnecessary capital consumption or operational inefficiencies.

In this article, we outline the key changes, their implications, and how Projective Group can support organisations through this transition.

The key changes

With CRR3, the entire operational risk framework has been redesigned. The various internal and standardised approaches used in the past are being abolished and replaced by a single harmonised standard approach. Central to this is the Business Indicator Component (BIC), which reflects the size and activities of the bank and forms the basis for the capital calculation.

Although historical loss data are no longer directly included in the capital calculation, they remain a mandatory element for reporting, validation and internal control. In addition, CRR3 introduces new and expanded reporting requirements, including changes to COREP templates and additional ITS requirements. As a result, many institutions will need to revise their data models, interfaces and control frameworks.

The implications

Based on recent engagements within the banking sector, we observe that many institutions are struggling with the practical implementation of the new framework. The transition to a single standardised approach has proven more complex in practice than initially expected. We see several recurring challenges emerging among clients.

Within our assignments, we find that banks often encounter issues with the quality and classification of historical loss data, which frequently do not align sufficiently with the new EBA taxonomy. This necessitates additional effort to make the data suitable for reporting and validation.
Furthermore, we regularly observe differences in the interpretation of the BIC components between risk, finance and reporting functions. These discrepancies lead to inconsistencies in calculations and reporting, which can in turn result in discussions with internal governance bodies or supervisors. In addition, many IT and reporting systems are not yet prepared for the new templates, requiring substantial changes to data models, consolidation flows and validation rules.

Another significant challenge lies in governance. As internal models are phased out, the focus shifts from model validation to process and data governance. Many organisations are still searching for an appropriate structure in which responsibility for data, calculations and reporting is clearly defined.
Finally, institutions often express uncertainty regarding the capital impact of the new framework. BIC simulations frequently reveal unexpected trends or volatility, complicating both internal decision-making and discussions with supervisors.

These challenges demonstrate that, while the transition to CRR3 may appear methodologically simpler, it requires an intensive, multidisciplinary effort in practice.

How Projective Group can help

Projective Group has a multidisciplinary team that combines expertise in regulation, risk management, data management and implementation. This enables us to support institutions at every stage of the transition to the new CRR3 framework.
We typically begin with a comprehensive impact analysis, comparing the current state of data quality, governance, methodology and IT systems with the new requirements. Based on this, we support the development of a consistent and well-substantiated methodology for the BIC calculation, including documentation, validation and internal review.

In addition, our data specialists assist banks in redesigning data models and reporting chains. This ensures that systems are updated in a timely manner to meet the new COREP structures and that controls, mappings and data lineage are fully transparent and audit-proof.
We also play an important role in the governance dimension. We support institutions in redefining roles and responsibilities, strengthening internal controls and establishing clear escalation procedures. Finally, we deliver training and knowledge-sharing sessions for risk, finance and reporting teams, ensuring that the new requirements are not only implemented technically but are also broadly understood and embedded within the organisation.

In short, Projective Group combines in-depth knowledge of the new banking regulatory package with risk management expertise and strong implementation capabilities, enabling banks not only to comply with the new operational risk framework but also to manage their capital and risks efficiently.