COREP Reporting Explained: A Practical Guide to Prudential Reporting

ByOfficer

Last updated: March 2026

What Is COREP and Why It Matters

COREP stands for Common Reporting. It’s the standardized format through which EU banks and other regulated entities submit their prudential information – capital adequacy, risk exposure, asset quality, and liquidity data – to supervisory authorities.

If you work in banking compliance, finance, or risk management anywhere in the EU, you’ve either filed COREP reports or you will. COREP is not optional – it’s a core regulatory obligation with teeth. Regulators need consistent, timely data on capital adequacy and risk from thousands of institutions to monitor systemic risk, stress-test the financial system, and enforce prudential standards. Miss a deadline, submit incorrect data, or fail to report when required, and you’re looking at enforcement action. Supervisors treat data quality as a core pillar of their oversight.

This practical guide walks you through what COREP is, who has to file, what gets reported, when deadlines occur, and the operational realities of managing a reporting program. I’m writing this from the perspective of someone who has filed these reports from the institution side, managed data flows, dealt with validation failures, and navigated supervisory queries. The goal is to give you the working knowledge you need to understand your obligations and spot common pitfalls before they become problems.

The Legal Basis for COREP Reporting

Regulation and Legal Authority

COREP sits within the Capital Requirements Regulation (CRR) and Capital Requirements Directive framework. The core legal obligation comes from CRR Article 430, which requires institutions to report information to their competent authority on a regular basis. The European Banking Authority (EBA) publishes the technical standards that define the templates, fields, validation rules, and submission format.

In your jurisdiction, your national competent authority (NCA) enforces these requirements. In Luxembourg, that’s the Commission de Surveillance du Secteur Financier (CSSF). The CSSF publishes guidance specific to Luxembourg institutions, sets local deadlines, and operates the submission portal.

The framework has evolved significantly. The original CRR (Regulation (EU) No 575/2013) has been amended by CRR2 (Regulation (EU) 2019/876, largely applicable from June 2021) and most recently by CRR3 (Regulation (EU) 2024/1623, applicable from 1 January 2025). CRR3 introduces substantial changes including the output floor, revised credit risk standardized approach, the new standardized measurement approach (SMA) for operational risk (replacing the previous AMA, BIA, and TSA approaches), and FRTB for market risk. These changes flow through to COREP templates.

The EBA updates reporting templates periodically to reflect legislative changes. The current reporting framework is version 4.2, which applies from Q4 2025 and includes new and amended templates for operational risk (C 16.01 through C 16.04), among other changes. Be alert to ongoing changes around ESG reporting integration, enhanced liquidity templates, and leverage ratio refinements.

Reporting Standards and Format

From reference date 31 March 2026 onward, COREP reports must be submitted in xBRL-CSV format, replacing the previous XBRL format. xBRL-CSV is a structured, machine-readable format designed for regulatory reporting. Your finance or compliance team typically doesn’t write these files by hand – you use reporting software that takes your underlying data and translates it into a valid submission that your NCA’s system can ingest. The software also validates your submission against the EBA’s technical specifications before you send it.

The validation rules are strict. A field might be required if certain conditions are met (e.g., if you’re a large institution reporting on IRB models, you must populate template C 08.01). If validation fails, your file will be rejected and you’ll have to resubmit. This happens in the last week before a deadline more often than anyone would like to admit.

If your institution has not yet tested the xBRL-CSV submission pipeline, do so before your next live filing. The format transition introduces its own category of potential errors.

Who Has to Report?

Scope of Reporting Entities

COREP applies to all credit institutions authorized under the CRD framework. This includes traditional banks, as well as certain investment firms that remain subject to CRR requirements. Note that since the introduction of the Investment Firms Regulation (IFR, Regulation (EU) 2019/2033) and the Investment Firms Directive (IFD), most investment firms are no longer subject to CRR/COREP – they report under the IFR framework instead. Only the largest “Class 1” investment firms (those exceeding EUR 15 billion in total assets or that are systemic) remain within the CRR perimeter.

The framework distinguishes between consolidated, solo, and individual level reporting:

  • Solo level: Each individual licensed entity reports on its own balance sheet and capital position.
  • Consolidated level: Groups with a consolidated authorization or significant investments in financial subsidiaries report on a group-wide basis.
  • Sub-consolidated level: Within a group, some entities also report on a sub-consolidated basis depending on regulatory requirements.

Your institution’s reporting scope depends on your legal structure, where you’re licensed, and whether you’re a standalone entity or part of a group. Most institutions in a group structure file COREP at both solo and consolidated levels.

Proportionality and Thresholds

CRR introduces the concept of “small and non-complex institutions” (SNCIs), defined primarily as institutions with total assets of EUR 5 billion or less (among other criteria under CRR Article 4(1)(145)). SNCIs benefit from simplified reporting – fewer templates, reduced frequency for certain reports, and simpler calculation methods in some areas.

Some templates are conditional. If you don’t have IRB models approved by your supervisor, you don’t report the IRB credit risk templates (C 08.01, C 08.02). If you’re not significant on a consolidated basis, your group may not report certain detailed breakdowns. Conditional reporting requires you to understand your own institution’s risk model approval and reporting scope.

Branches of third-country banks operating in the EU typically have reporting obligations determined by national law and the treatment of the branch under the local supervisory framework.

What Gets Reported: Key Templates and Data

Own Funds and Capital Requirements

Templates C 01.00 (Own Funds) and C 02.00 (Capital Requirements) are fundamental. C 01.00 breaks down your regulatory capital into Common Equity Tier 1 (CET1), Additional Tier 1 (AT1), and Tier 2, with detailed lines showing what’s included, what’s deducted, and what’s transitional. If you’re using remaining transitional rules, you report both the transitional and fully loaded positions (C 05.01/05.02).

C 02.00 shows your capital requirements for credit risk, market risk, and operational risk by approach. Under CRR3, the operational risk approach has changed significantly: the Advanced Measurement Approach (AMA), Basic Indicator Approach (BIA), and standardized approaches have been replaced by a single Standardized Measurement Approach (SMA) for all institutions. If you’re a large bank using IRB for credit risk and the new FRTB approaches for market risk, this template becomes complex. Smaller banks using standardized approaches have simpler submissions.

Capital Ratios and Solvency

Template C 03.00 (Capital Ratios) is one supervisors look at most closely. It shows your CET1 ratio, Tier 1 ratio, and Total Capital ratio as of the reporting date. These ratios determine whether you’re above regulatory minimums. If your CET1 ratio is below your combined requirement (minimum CET1 of 4.5% plus capital conservation buffer of 2.5%, plus any applicable countercyclical buffer, systemic risk buffer, and Pillar 2 requirements), your supervisor will want to know why and what your remediation plan is.

Template C 04.00 (Memorandum Items) captures additional information including total risk exposure amount, total assets, and other supplementary data points.

Credit Risk and Asset Quality Templates

Templates C 07.00 (standardized approach) and C 08.01/C 08.02 (IRB approach) break down credit risk exposure by counterparty type (central governments, institutions, corporates, retail, equity, etc.) and by geography. You’re showing where your credit risk is concentrated – essential for supervisors assessing systemic risk.

IRB templates are complex and require detailed inputs on probability of default (PD), loss given default (LGD), exposure at default (EAD), and model parameters. IRB data is notoriously error-prone because the underlying model assumptions must be consistently fed into your reporting system. A small error in how you classify an exposure or apply a rating can cause large validation failures.

Geographic breakdowns (C 09.01 to C 09.04) show credit risk by country of counterparty residence. This is particularly important for institutions with significant exposures to specific regions. Your supervisor uses this data to stress-test your capital position under country-specific scenarios.

Large Exposures and Concentration Risk

Templates C 26.00 to C 29.00 deal with large exposures – lending concentration that exceeds 10% of eligible capital to a single counterparty or group of connected clients. You list each large exposure, the counterparty identifier, exposure amount, and the ratio to your capital. The large exposure limit is 25% of Tier 1 capital (tightened from 25% of eligible capital under CRR2/CRR3 for most exposure types).

Large exposures must be validated carefully. A single client relationship might span multiple legal entities or jurisdictions, and grouping errors are common. Some institutions maintain a separate large exposures register that feeds into their submission; others map from their credit risk system directly. Either way, this is a high-audit-risk area.

Leverage Ratio

Leverage ratio templates (C 43.00 through C 47.00 in the current framework) report the leverage ratio – a non-risk-weighted backstop on your Tier 1 capital. The leverage ratio denominator (total exposure measure) includes all on-balance-sheet assets plus off-balance-sheet items, with specific treatment for derivatives and SFTs.

The leverage ratio has been a binding Pillar 1 minimum requirement since 28 June 2021, when CRR2 took effect. The minimum is 3% for most institutions, with a higher buffer for globally systemically important institutions (G-SIIs). Non-compliance is taken seriously.

The leverage ratio templates require detailed reconciliation. You must show that your total exposure measure maps back to your balance sheet. Missing or mis-classified items (e.g., pension fund assets that should be excluded, cash collateral treated incorrectly, SFT adjustments) create failures.

Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR)

LCR templates (C 72.00 through C 76.00) report your institution’s ability to meet a liquidity stress scenario over 30 days. You’re showing high-quality liquid assets against net cash outflows. These templates break out inflows and outflows by type of counterparty, maturity, and product.

The LCR must be at or above 100% (your liquid assets must cover expected outflows). The detailed requirements are set out in the LCR Delegated Regulation (EU) 2015/61, not in the CRR itself. If your LCR is below 100%, you have a compliance issue and must have a credible plan to restore it.

NSFR templates (C 80.00 through C 84.00) report the Net Stable Funding Ratio – a structural measure of your long-term funding stability. The NSFR became a binding Pillar 1 requirement under CRR2 (from June 2021). You’re showing available stable funding relative to required stable funding. Like the LCR, NSFR must be at or above 100%.

Both liquidity template sets are data-intensive. They depend on accurate classification of assets and liabilities by maturity, type, and haircut assumption. A single misclassification – say, categorizing a term deposit with one-month maturity as on-demand – will cause both the LCR and NSFR to move significantly.

Other Templates

Operational risk (C 16.xx): Under CRR3, the new operational risk templates capture the Business Indicator Component (BIC) and Internal Loss Data Component (ILDC) used in the SMA calculation. Templates C 16.01 through C 16.04 apply from 2025/2026, with enhanced reporting from June 2026.

ESG and Pillar 3 templates: The EBA is progressively expanding ESG data collection. Expect growing requirements for climate risk exposure, concentration in carbon-intensive sectors, and transition risk.

Remuneration templates: Required for larger institutions, covering high earners, variable compensation ratios, and deferral arrangements. These are part of a separate reporting module.

When and How Often: Reporting Frequency and Deadlines

Frequency by Template

Most COREP templates are reported quarterly, with reference dates of March 31, June 30, September 30, and December 31. Some templates are semi-annual or annual – large exposures templates may be semi-annual for SNCIs; certain detailed breakdowns may be annual.

The exact frequency for your institution depends on your classification. Large, systemic banks report most templates quarterly. SNCIs report some templates with reduced frequency.

Submission Deadlines

The EBA ITS specifies remittance dates. For most quarterly COREP templates, the standard remittance date is 12 May, 11 August, 11 November, and 11 February (approximately 42 calendar days after quarter-end) for institutions that are not SNCIs. SNCIs may benefit from extended deadlines for certain templates.

Your NCA may set specific portal submission windows. In Luxembourg under CSSF rules, always confirm the exact deadline with the CSSF’s published reporting calendar. Miss the deadline and your institution is non-compliant. In practice, most institutions submit 3-5 days before the deadline to allow time for resubmission if validation fails.

Multi-Stage Submission Process

Your submission isn’t instantaneous. You prepare data weeks in advance, validate it internally, send it to your NCA’s portal, and the NCA system validates again. If validation fails at the NCA level, they reject your file with an error report. You then fix the data and resubmit. This back-and-forth can extend over days.

Some institutions have their supervisors pre-review data informally. The CSSF in Luxembourg, for example, may offer support for pre-validation. Submitting informally a few days before the deadline for the supervisor to flag errors before your official submission is valuable – it reduces the risk of missing the deadline due to a late validation failure.

COREP in Practice: Workflows, Tools, and Team Structure

Data Sources and System Landscape

COREP data comes from multiple systems. Capital and own funds typically feed from your general ledger and financial accounting system. Credit risk exposure and IRB data come from your credit risk or loan origination system. Liquidity data comes from your asset-liability management (ALM) or treasury system. Market risk data comes from your trading or valuation system.

No single system holds all the data. Your institution needs data governance: clear mappings from system outputs to template inputs, reconciliations across systems, and sign-offs. The finance controller and the head of regulatory reporting typically own this governance.

Technology and Reporting Software

Most institutions use specialized regulatory reporting software (from vendors like Axiom/AxiomSL, Wolters Kluwer OneSumX, Regnology, or others). This software ingests data from your underlying systems, applies transformations, validates against EBA specifications, and outputs the required submission format.

The software is only as good as the data you feed it. If your credit risk system has a classification error (a counterparty classified as “Institutional” when it’s actually “Retail”), that error flows straight into your templates and validation fails.

Typical Team Structure

A medium-sized bank might have:

  • Head of Regulatory Reporting: Overall accountability, relationship with the supervisor, sign-off on submissions.
  • Senior Analyst / Template Owner: Owns one or more templates (e.g., the liquidity analyst owns C 72-C 76, the credit risk analyst owns C 07-C 09).
  • Data Engineer / ETL Developer: Builds and maintains the data pipelines and transformations.
  • Validator / QA Analyst: Runs pre-submission validation, checks for reasonableness, flags anomalies.

Smaller institutions might consolidate these roles. In a startup bank with 50 people, the head of compliance might personally handle COREP. Larger institutions have entire departments. The key is clear ownership: someone must be accountable for each template.

Typical Quarterly Workflow

Weeks 1-2 post-quarter-end: Underlying systems close and produce P&L, balance sheet, and risk reports. The reporting team begins reconciling these to previous submissions and prior-month expectations. Are capital ratios where they should be? Does credit risk exposure match what was expected?

Weeks 2-3: Data extraction begins. Credit risk, finance, treasury, and risk teams produce reports for each template. These go through internal review. Outliers are investigated.

Weeks 3-4: Configuration of the reporting software. The team loads the data, runs initial validation. Typically, a significant share of submissions fail validation on the first attempt. Common reasons: missing required fields, inconsistent data types, failed cross-checks, or business logic errors.

Week 4+: Remediation. The team identifies the source of each validation error, fixes the underlying data in the source system or via corrections, and reloads. This cycle repeats until validation passes.

Final days: Final quality assurance. Management review. Submission to the NCA.

The time from quarter-end to submission deadline is compressed. If you start late or encounter major data issues, you’ll be under pressure.

Common Errors and Pitfalls

Data Reconciliation Failures

One of the most common issues is data not reconciling between systems. For example, your credit risk system shows EUR 10 million in exposure to a counterparty, but your financial accounting system shows only EUR 9.5 million. The difference might be due to collateral treatment, accrued interest, or a classification difference. Until it’s reconciled, your templates won’t be reliable.

Reconciliation must be systematic and documented. Your supervisor will find discrepancies in a supervisory review and ask why your reported figures don’t match your accounting records.

IRB Model Parameters

If you’re using IRB for credit risk, your reported capital requirements depend on probability of default (PD), loss given default (LGD), and exposure at default (EAD) estimates.

Common errors:

  • PD not updated: Your model was calibrated years ago, but actual default rates have changed. Using stale PD estimates means your capital requirement is too low or too high.
  • Counterparty classification inconsistency: A borrower is classified as small business in your risk system but as large corporate in your accounting system.
  • Exposure rollup error: You have exposures to a client at multiple business units, and only some are captured in the C 08.02 submission.

Liquidity Template Errors

LCR and NSFR templates are complex. Common errors include:

  • Wrong maturity assumption: A deposit with a stated maturity of 6 months classified as on-demand because the depositor can withdraw early in practice.
  • Haircut applied incorrectly: High-quality liquid assets have regulatory haircuts (e.g., 0% for cash and central bank reserves, 15% for Level 2A assets). If you apply the wrong haircut, your liquid asset position is wrong.
  • Off-balance-sheet items omitted: Credit lines, derivatives payables, and other contingent liabilities must be included in the net outflow calculation. Omitting them makes your LCR appear better than it actually is.

Audit Trails and Documentation

Your supervisor can ask at any moment: “Why is this number 50 basis points lower than last quarter?” You need to be able to answer in seconds. That requires audit trails – a record of which system the number came from, when it was extracted, whether it was adjusted, and why.

Many institutions fail at this. Data lives in spreadsheets, adjustments are made informally, and six months later nobody remembers why. Institutions that do this well have a centralized repository that logs every figure, its source, and any adjustments. It’s dry work, but it matters.

Recent Changes and Future Outlook

CRR3 Impact on Templates

CRR3 (Regulation (EU) 2024/1623), applicable from 1 January 2025, has introduced significant changes:

  • Operational risk overhaul: The AMA, BIA, and standardized approaches for operational risk have been replaced by the single Standardized Measurement Approach (SMA). New templates C 16.01-C 16.04 capture the Business Indicator, its components, and internal loss data.
  • Output floor: A floor on the benefit institutions can derive from using internal models, phasing in from 50% in 2025 to 72.5% by 2030.
  • Revised credit risk standardized approach: More granular risk weight buckets and revised treatment of certain exposure classes.
  • FRTB for market risk: The Fundamental Review of the Trading Book introduces new standardized and internal model approaches for market risk capital, with revised templates.
  • Proportionality: SNCIs benefit from simplified requirements in several areas.
  • Leverage ratio refinements: Adjusted treatment for certain derivative and central clearing arrangements.

ESG Reporting Expansion

The EBA is expanding ESG data collection in reporting templates. Expect growing requirements for climate risk exposure, concentration in carbon-intensive sectors, and transition risk. These are still evolving, but the trajectory is clear – supervisors want to understand environmental risk exposure at a granular level.

Supervisory Focus Areas

Based on recent supervisory guidance, expect heightened focus on:

  • Interest rate risk: More detailed reporting of repricing gaps and duration mismatches.
  • Climate and nature risk: Concentration in carbon-intensive sectors, transition risk, and nature-related financial risk.
  • Credit quality deterioration: Given the macroeconomic environment, supervisors are paying close attention to asset quality trends.

We’ll be publishing detailed template-by-template guides soon – bookmark this page or check back for deep dives into individual templates like C 01.00, C 02.00, and C 03.00.

Coming Soon: Template-by-Template Deep Dives

We’re building detailed, template-level guides for each reporting framework covered on RegReportingDesk. Whether you need a field-by-field walkthrough of specific templates, field mappings, or validation rule analysis, these guides are on the way. Bookmark this page and check back soon.

Frequently Asked Questions

What is COREP reporting?

COREP (Common Reporting) is the standardized submission of prudential data – capital, risk, liquidity, and asset quality information – by EU credit institutions to their supervisory authorities. It enables regulators to monitor systemic risk and ensure institutions maintain adequate capital.

Who must file COREP reports?

All credit institutions authorized under the CRD framework must file COREP. This includes banks and the largest “Class 1” investment firms (those exceeding EUR 15 billion in assets or that are systemic). Most investment firms are now subject to the IFR reporting framework instead. Small and non-complex institutions (SNCIs, generally below EUR 5 billion in total assets) benefit from simplified reporting.

How often do institutions report?

Most templates are reported quarterly (March 31, June 30, September 30, December 31). Some templates are semi-annual or annual depending on your institution’s classification. SNCIs may report certain templates with reduced frequency.

What is the reporting deadline?

The standard EBA remittance date is approximately 42 calendar days after quarter-end (12 May, 11 August, 11 November, 11 February). Your NCA may set specific portal deadlines. In Luxembourg, always confirm with the CSSF’s published reporting calendar.

What happens if my report fails validation?

If your file fails the NCA’s validation, it will be rejected with an error report. You must identify and fix the underlying data errors and resubmit. Common causes are missing required fields, inconsistent data types, or cross-template inconsistencies.

What format are COREP reports submitted in?

From reference date 31 March 2026, submissions must use xBRL-CSV format (replacing the previous XBRL format). Your reporting software should handle the format conversion, but test your submission pipeline before your first live filing in the new format.

What is the relationship between COREP and FINREP?

COREP focuses on prudential data (capital, risk, liquidity). FINREP focuses on financial reporting (balance sheet, income statement, asset quality). Both are quarterly but different in scope. Some data elements appear in both but with different definitions or granularity.

Key Takeaways

  • COREP is mandatory for all authorized credit institutions in the EU. Non-compliance carries enforcement risk and supervisory scrutiny. Treat data quality as a strategic priority.
  • COREP involves multiple templates across capital, credit risk, liquidity, and operational data. You’re coordinating data from multiple systems, often on tight quarterly deadlines.
  • Deadlines are firm: approximately 42 calendar days from quarter-end to submission is standard. Planning, data governance, and early validation are essential.
  • CRR3 introduces significant changes from 2025. The operational risk SMA, output floor, revised credit risk approach, and FRTB all affect templates and calculations. Ensure your systems reflect the current framework version (4.2).
  • The xBRL-CSV format transition is live from March 2026. Test your submission pipeline before your first filing in the new format.
  • Data quality is critical. Errors in classification, calculation, or reconciliation will cause validation failures. Invest in data governance, system integration, and quality assurance.
  • Scope matters. Understand whether you report at solo, consolidated, or both levels, and which templates are conditional for your institution.
  • Supervisory engagement helps. Most NCAs offer guidance or pre-review support. A call to the CSSF (or your NCA) to clarify a template interpretation can save weeks of rework.
  • Keep documentation and audit trails. You need to be able to explain every number, its source, and any adjustments.

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Sources and References

Similar Posts

  • MiCAR Reporting Obligations for CASPs: Complete Implementation Guide

    Last updated: March 2026 Introduction MiCAR (Markets in Crypto-Assets Regulation) creates the first comprehensive regulatory framework requiring crypto-asset service providers to implement authorization, prudential reporting, transaction monitoring, and incident notification systems. The Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114) represents the first unified rulebook for crypto-asset activities across the entire European Union. For reporting teams…

  • PSD2 Reporting Requirements for Payment Institutions: Complete Practitioner Guide

    Last updated: March 2026 Introduction PSD2 reporting is not optional – payment institutions face multiple overlapping reporting obligations including statistical, prudential, fraud, incident, and complaint reporting, each with distinct deadlines, data sources, and regulatory recipients. Payment Services Directive 2 (Directive (EU) 2015/2366) fundamentally reshaped how payment institutions, e-money institutions (EMIs), account information service providers (AISPs),…

  • FINREP Reporting Explained: What You Actually Need to Know

    Last updated: March 2026 What Is FINREP and Why It Matters FINREP stands for Financial Reporting. It’s the European regulatory framework for collecting standardized financial data from banks and certain investment firms. If you work in prudential reporting at a European bank, FINREP is not optional – it’s a statutory obligation enforced by your national…

  • CESOP: What Payment Service Providers Need to Report

    Last updated: March 2026 Introduction CESOP reporting is a mandatory quarterly obligation for European payment service providers handling cross-border transactions above the 25-payment threshold – missing the deadline or submitting inaccurate data can result in supervisory action and penalties. If you work in payments or compliance at a European financial institution, CESOP likely sits on…

  • Large Exposures Reporting for Luxembourg Banks – COREP LE Templates and Connected Clients

    Last updated: March 2026 Your institution has three loan facilities to three different Luxembourg companies. Different names, different sectors, different NACE codes. Each facility is well below the 25% large exposure limit. Then a supervisor asks you to explain why all three companies share the same ultimate beneficial owner, depend on the same revenue source,…