EBA Reporting Framework 4.0: Data Point Model (DPM) 2.0
On October 25th, 2024
EBA Reporting Framework 4.0 brings key updates, including the shift to DPM 2.0, enhancing regulatory reporting precision, automation, and compliance with CRR3, CRDVI, and DORA requirements.
Quick-take: Version 4.0 of the EBA Reporting Framework—powered by the new Data Point Model 2.0 (DPM 2.0)—transforms how EU banks and investment firms handle supervisory and prudential data. It aligns reports with CRR III / CRD VI, DORA and MiCA, while laying the groundwork for machine-readable, future-proof regulatory reporting across the Single Market.
Why Framework 4.0 Matters
The European Banking Authority (EBA) has released Reporting Framework 4.0 to keep pace with:
- Basel III finalisation (EU “Banking Package”: CRR III & CRD VI)
- Digital Operational Resilience Act (DORA)
- Markets in Crypto-Assets (MiCA) for asset-referenced tokens (ARTs) and e-money tokens (EMTs)
Together, these mandates require richer, more precise data. Framework 4.0 provides the templates, definitions and validation rules that make this possible, underpinned by DPM 2.0 for semantic clarity and efficient XBRL processing.
Source
[1]
The EBA releases a first draft of the technical package for its 4.0 reporting framework | European Banking Authority
1.What Is the EBA Reporting Framework 4.0?
- Scope: A set of Implementing Technical Standards (ITS) that tells EU banks, investment firms and crypto-token issuers how to file prudential and supervisory data.
- Go-live: Applies to reference dates in H1 2025 onward.
- Key upgrade: Migration from legacy DPM 1.0 to the new DPM 2.0 semantic glossary, running in parallel during the transition period.
Headline Changes You Need to Know
| Aspect | UK – Voluntary Requirement (VREQ) | UK – Own-Initiative Requirement (OIREQ) | EU Supervisory Measures (e.g., CRD Art. 104) |
|---|---|---|---|
| Nature & Initiation | Voluntary; firm consent required after regulatory prompting. | Mandatory; unilateral regulatory action without firm consent. | Generally mandatory; regulatory action without requiring firm consent (though voluntary compliance often precedes formal action). |
| Legal Basis | FSMA Section 55J/K; firm application. | FSMA Sections 55L (FCA) and 55M (PRA); supervisory notice. | CRD Art. 104, MiFID II Art. 69; formal supervisory decision under EU/national law. |
| Process & Publicity | Documented formally; publicly listed on FCA register. | Formal administrative notice; publicly disclosed supervisory notice. | Typically non-public unless sanctions or significant market implications arise. |
| Appeal Rights | Not applicable as voluntary; limited scope for challenge. | Firm may appeal via Upper Tribunal. | Appeals through administrative or judicial reviews available at national and EU levels. |
| Typical Uses | Remedial action with cooperative firms; preventive intervention. | Immediate risk mitigation; consumer protection; prudential intervention. | Prudential controls, risk mitigation, capital add-ons, restrictions, and urgent corrective actions. |
| Area | What’s New in v4.0 | Why It Matters for Regulatory Reporting |
|---|---|---|
| Crypto-Asset Reports (ARTs & EMTs) | New templates/XBRL taxonomy for reserves, issuance, redemption & governance metrics | Brings stablecoin disclosure under MiCA into the core reporting framework |
| COREP updates (CRR III / CRD VI) | Revised credit-, market-, operational-risk cells; output-floor monitoring at 72.5% | Ensures Basel III final rules flow into quarterly COREP submissions |
| Investment Firms (Class 2) | Consistency tweaks to own-funds & concentration-risk data | Aligns Investment Firms Regulation returns with banking rules |
| Digital Operational Resilience (DORA) | Standardised “registers of information” for ICT providers, incidents & testing | Enables supervisors to compare operational-resilience data EU-wide |
| DPM 2.0 Foundation | Dynamic hierarchies, stronger validation syntax, granular version control | Future-proofs machine-readable reporting and reduces mis-interpretation |
DPM 2.0: The Engine Behind the New Reporting Framework
- Semantic data dictionary: Each data point is uniquely labelled, making cross-template reconciliation simpler.
- Dynamic hierarchies: Facilitate drill-downs (e.g., from aggregate RWAs to exposure-class rows) without extra templates.
- Enhanced validations: Rule language supports complex arithmetic and conditional checks, driving cleaner submissions.
- Dual delivery for 2025: Framework 4.0 packages definitions in both DPM 1.0 and 2.0 to smooth migration; exclusive DPM 2.0 adoption is expected by end-2025.
What Compliance & Reporting Teams Should Do Now
- Map new templates to existing data warehouses; flag gaps for MiCA and DORA metrics.
- Update COREP/FINREP tooling to capture CRR III output-floor, revised SA risk weights and FRTB tweaks.
- Pilot DPM 2.0 ingestion, validating semantic integrity against parallel DPM 1.0 extracts.
- Educate stakeholders, from finance to ICT risk, on the expanded remit of the EBA Reporting Framework.
- Engage vendors early if internal XBRL engines lack DPM 2.0 support.
2. DPM 2.0 vs DPM 1.0: What’s Changed and Why It Matters for EU Regulatory Reporting
The Data Point Model (DPM) is the backbone of the EBA Reporting Framework: it defines every data element that appears in COREP, FINREP and other supervisory submissions. DPM 1.0, introduced in 2013, enabled the first wave of XBRL-based regulatory reporting but now struggles with today’s data volumes and cross-sector requirements. In response, the EBA and EIOPA launched the multi-year “DPM Refit” project, delivering DPM 2.0—the cornerstone of Reporting Framework 4.0. DPM 2.0 resolves legacy constraints, supports integrated reporting, and prepares all filers for machine-readable, multi-format data exchange.
2.1 Key Design Enhancements at a Glance
| Aspect | DPM 1.0 (Legacy) | DPM 2.0 (Next-Gen) |
|---|---|---|
| Data glossary | Static domains and hierarchies; new members created from scratch each time | Dynamic semantic glossary with reusable Categories, Properties, Items. Elements can be extended, versioned and reused across multiple reports, reducing duplication |
| Template management | Fixed, monolithic tables; versioning meant new template IDs | Versionable headers and modular templates. Structures can evolve (e.g., add crypto-asset columns) without losing identity, streamlining maintenance |
| Validation rules | Dispersed XBRL formulas, partly manual | Unified DPM-XL language. All calculations and checks live in one machine-readable layer, enabling automated, transparent rule execution |
| Data-model scope | Banking-only, separate models for each authority | Unified meta-model usable by banking, insurance and statistical agencies, fostering cross-sector consistency and reducing duplicate data calls |
| Submission formats | XBRL-XML only — cumbersome for large files | Native xBRL-CSV (mandated by end-2025) plus SDMX compatibility. Smaller files, faster processing, future-proof architecture |
Why it matters: By moving to a semantic, version-controlled structure and lighter data-transfer format, DPM 2.0 boosts data quality, lowers processing costs and sets a common language for every EU reporting framework—not just banking.
2.2 Practical Benefits for Reporting Teams
- Consistent definitions – A single “Total Assets” item can feed multiple templates, slashing reconciliation effort.
- Easier change management – Adding new regulatory metrics (e.g., crypto-asset exposures) is a template version-update, not a wholesale rebuild.
- Stronger automated controls – DPM-XL lets supervisors run complex cross-template checks, catching errors before submission.
- Format flexibility – xBRL-CSV files are orders of magnitude smaller than XML, accelerating uploads and validations.
3. Timeline & Transition Milestones to the New Reporting Framework
| Milestone | Date | What to Do |
|---|---|---|
| Migration plan published | Jun 2024 | Review EBA documentation; assess impact on data warehouses & XBRL engines |
| Draft technical package v4.0 | Oct 2024 | Begin system changes; provide feedback to EBA/vendors |
| Final Framework 4.0 + dual DPM dictionaries | Dec 2024 | Lock requirements; confirm internal test plans & vendor deliverables |
| Dual-run go-live (XML or xBRL-CSV) | H1 2025 | File Q1 2025 returns using DPM 1.0 (XML) or DPM 2.0 (CSV) while validating both |
| Hard cut-over to DPM 2.0 & xBRL-CSV | 31 Dec 2025 | Ensure all production systems output xBRL-CSV & reference only the DPM 2.0 semantic glossary |
3.1 Implementation Tips
- Map old to new glossary items early to spot data gaps.
- Parallel-run DPM 1.0 and DPM 2.0 during 2025 to evidence consistency.
- Upgrade validation engines for DPM-XL support to avoid late-cycle errors.
- Train SME and IT staff on xBRL-CSV packaging and the new taxonomy architecture.
4 Implications of Reporting Framework 4.0 & DPM 2.0 for Financial Institutions
The newest EBA Reporting Framework release is more than a technical refresh—it reshapes every layer of the regulatory reporting value chain, from core systems to people and processes. The sections below explain what banks, investment firms and other EU-regulated entities should expect and how to respond.
4.1 System & IT Upgrades: From XBRL-XML to xBRL-CSV
| Action Item | Why It Matters for the Reporting Framework | Key Considerations |
|---|---|---|
| Upgrade reporting engines for DPM 2.0 | DPM 2.0 introduces a new taxonomy architecture with JSON metadata and a revised folder structure. | Verify your vendor roadmap or plan in-house patches; confirm support for semantic-glossary lookup. |
| Implement xBRL-CSV generation | CSV-based filings are mandatory by 31 Dec 2025; they handle large data volumes far more efficiently than XML. | Build or buy modules that create and validate xBRL-CSV instance files; update mapping tables accordingly. |
| Parallel-run in 2025 | Regulators will accept either DPM 1.0/XML or DPM 2.0/CSV during the transition year. | Use the overlap to flush out format or mapping defects well before the hard cut-over. |
Tip: Early movers on DPM 2.0 gain a full reporting cycle to debug integrations—reducing go-live risk and boosting credibility with supervisors.
4.2 Data Governance & Quality Assurance
- Expanded data universe: New templates span crypto-asset reserves, ICT third-party registers, specialised lending splits and the CRR III Business Indicator for operational risk.
- Stricter machine-readable checks: DPM-XL consolidates all validation rules, so inconsistencies surface instantly.
- Recommended response:
- Gap-analyse every new metric—map source systems, owners and calculation logic.
- Document lineage in your data dictionary; leverage the DPM 2.0 semantic glossary to clarify definitions.
- Automate reconciliations (e.g., crypto vs. balance-sheet totals) to pass tougher rule sets on the first try.
4.3 People, Processes & Project Governance
| Challenge | Mitigation |
|---|---|
| New technical skills (semantic taxonomy, xBRL-CSV packaging) | Run targeted training for finance, risk and IT teams; share “cheat sheets” that decode the new folder hierarchy and file naming. |
| Reporting-cycle pressure in Q1–Q2 2025 | Extend planning calendars; schedule dry-runs one month early to leave time for fixes. |
| Cross-department complexity | Form a DPM 2.0 steering group linking data, risk, finance, IT and compliance for end-to-end oversight. |
4.4 Strategic Upside: Automation & Analytics
- Higher automation potential: DPM-XL’s clear rule syntax enables straight-through validations, freeing staff from manual spreadsheet checks.
- Richer insight pool: Output-floor splits and revised credit-risk factors can feed internal capital analytics; ICT outage data can enhance operational-resilience dashboards.
- Competitive edge: Firms that industrialise these datasets will mirror regulators’ own analytics and gain faster risk-signal detection.
4.5 Compliance Risk & Regulator Expectations
- Mandatory adoption: Elements of Framework 4.0 become binding with CRR III in early 2025; full DPM 2.0 and xBRL-CSV are compulsory after 31 Dec 2025.
- Supervisory tolerance is low: The transition window is a grace period, not a postponement. Late movers risk data-submission failures, findings or penalties.
- Best practice: File at least one quarterly return in DPM 2.0/CSV during 2025. Early alignment shows proactive governance and reduces operational risk.
4.6 Key Take-aways for Compliance Teams
- Budget 2024–2025 as a major compliance programme, include vendor upgrades, training and parallel-run resources.
- Use DPM 2.0’s semantic clarity to tighten data ownership and lineage documentation.
- Leverage automation gains to redeploy staff toward analytics and issue remediation.
- Report early in the new format to demonstrate readiness and avoid year-end bottlenecks.
By tackling system, data and process changes in parallel—and exploiting the strategic benefits of a next-generation reporting framework—institutions can turn a mandatory overhaul into a catalyst for smarter, faster regulatory reporting.
5 Global Alignment & Future Outlook of the EBA Reporting Framework 4.0
The latest EBA Reporting Framework release, underpinned by DPM 2.0, isn’t just a European milestone; it is part of a worldwide push toward integrated, machine-readable regulatory reporting. Below we explain how Framework 4.0 aligns with global reforms, what cross-border benefits it unlocks and where the roadmap leads next.
5.1 Basel III Convergence Across Jurisdictions
- Output floor & risk-weight changes: The CRR III / CRD VI updates embedded in Framework 4.0 mirror Basel Committee reforms that the United States, United Kingdom, Canada and APAC regulators plan to implement through 2025-26.
- Comparable data points: Because the Reporting Framework captures Basel final-rule metrics in a granular, DPM-structured form, multinational banks can expect a higher degree of consistency in what supervisors demand—and can reuse mapping logic for multiple regions.
- Catalyst for other models: The openly published DPM 2.0 definitions give overseas authorities a proven blueprint, reducing the need to “reinvent the wheel” when they modernise their own data-point models.
5.2 Cross-Sector & Cross-Border Harmonisation
| Benefit | How Framework 4.0 Delivers | Strategic Impact |
|---|---|---|
| Bank–insurance consistency | Joint EBA–EIOPA design of DPM 2.0 introduces a unified metamodel that standardises terms such as financial asset across COREP, FINREP and Solvency II-style returns. | Fewer reconciliation headaches for groups with banking and insurance arms. |
| EU integrated reporting (IReF, BIRD) | Semantic glossary can extend to statistical, reference and transactional datasets. | Supports ECB’s drive to streamline supervisory, statistical and resolution data submissions. |
| Global supervisory data-sharing | Standardised validations (DPM-XL) make cross-jurisdiction analytics easier, enhancing systemic-risk oversight. | Lowers compliance friction for internationally active banks. |
5.3 Digital & Operational-Resilience Reporting Sets a Global Benchmark
- Crypto-asset templates: By mandating structured data on asset-referenced tokens (ARTs) and e-money tokens (EMTs), the EBA Reporting Framework 4.0 races ahead of many peers. Other jurisdictions now evaluating crypto-prudential rules can adopt similar template logic.
- DORA registers: The inclusion of ICT-provider inventories and incident logs anticipates worldwide moves on operational resilience. Banks that build these datasets early gain a head-start on future cross-border disclosures.
5.4 Looking Forward; CRR IV, Sustainability & SupTech
| Horizon | Likely Additions to the Reporting Framework | Why DPM 2.0 Is Future-Proof |
|---|---|---|
| CRR IV / Basel End-game | Next phases of CRR III implementation (EBA v4.1, v4.2 …). | Versionable templates let EBA extend risk metrics without breaking existing mappings. |
| Climate & ESG disclosures | Potential integration of ISSB-aligned climate-risk metrics and EU green-asset ratios. | Semantic glossary can introduce new Categories for sustainability data with no redesign. |
| AI-enabled SupTech / RegTech | Regulators deploying data-science tools to mine xBRL-CSV filings; firms adopting workflow automation for submission prep. | Machine-readable DPM-XL rules and lightweight CSV files accelerate analytics pipelines. |
5.5 Conclusion: What This Means for Your Regulatory-Reporting Strategy
The EBA Reporting Framework 4.0 and DPM 2.0 set a global bar for trustworthy, standardised regulatory reporting. By embracing its principles today, semantic data models, unified validations and xBRL-CSV transmission, financial institutions will:
- Ensure seamless compliance with EU mandates and be primed for similar rules abroad.
- Streamline multi-jurisdiction operations, leveraging one data backbone for multiple supervisors.
- Unlock strategic value from granular, high-quality datasets that drive risk analytics, capital optimisation and operational-resilience insights.
Ultimately, proactive adoption positions firms not merely to meet supervisory expectations but to lead in data governance and reporting excellence, wherever the next wave of global regulation lands.
Reduce your
compliance risks
