Pillar 3 Disclosure Requirements for Luxembourg Banks – A Practical Guide

ByOfficer

Last updated: March 2026

COREP and FINREP go to the supervisor. Pillar 3 goes to the public. That distinction is what makes Pillar 3 different from every other regulatory reporting obligation a Luxembourg bank carries. When your joint supervisory team or CSSF case officer reads your COREP submission, the audience is one. When your Pillar 3 report is published on your website, the audience is your counterparties, your investors, your rating agency analysts, your competitors, and anyone else with a browser and a reason to look. Getting it wrong has a different kind of consequence: not a formal enforcement outcome, but a reputational one that compounds over time.

The operational reality is more acute than that framing suggests. Receive a supervisory letter noting that your Pillar 3 report is missing the leverage ratio template, that the own funds figures don’t reconcile with your COREP C 01.00 submission, and that your ESG qualitative tables are incomplete, and what happens is: a follow-up review, a remediation deadline, and a governance note in your next SREP assessment. Supervisors have become significantly more attentive to Pillar 3 quality since 2022, and ECB Supervisory Board member Patrick Montagner’s March 2026 piece for Eurofi Magazine on physical climate risks and banking supervision is a signal of how intensively the climate risk dimension of prudential oversight is being pursued, which flows directly into Pillar 3 ESG disclosure expectations.

This guide covers what Pillar 3 requires, who must comply in Luxembourg, which templates the EBA ITS mandates, the disclosure frequency rules, the ESG requirements under Article 449a, and the mistakes that consistently attract supervisory attention.

Related reading: COREP Reporting Explained – the supervisory reporting framework that underpins most of the quantitative data in your Pillar 3 report.

What Pillar 3 Is and Why It Exists

The Basel III framework organises banking regulation around three pillars. Pillar 1 sets minimum capital requirements through standardised rules. Pillar 2 is the supervisory review process (the SREP), through which competent authorities assess whether an institution’s capital and governance are adequate beyond the Pillar 1 floor. Pillar 3 is market discipline: the obligation to disclose enough information publicly that market participants, counterparties, and investors can form their own view of an institution’s risk profile and capitalisation.

The theory is that if banks have to disclose their capital ratios, risk exposures, and risk management approaches transparently, market pressure will reinforce supervisory pressure. In practice, Pillar 3 reports have become a substantial disclosure exercise. A large institution’s full Pillar 3 report easily runs to 200 pages and covers everything from key capital metrics to climate transition risk exposures sector by sector.

In the EU, Pillar 3 is implemented through Part Eight of Regulation (EU) No 575/2013 (the Capital Requirements Regulation, CRR), as substantially amended by Regulation (EU) 2019/876 (CRR2). The EBA has published implementing technical standards that specify the exact templates, tables, and formats institutions must use.

Legal Basis

The primary legal basis for Pillar 3 disclosures in the EU is Part Eight of the CRR, covering Articles 431 to 455. These articles set out the general disclosure obligations, the specific categories of information to be disclosed, and the conditions under which information can be withheld as proprietary or immaterial.

CRR2 rewrote much of Part Eight to align EU requirements more closely with the revised Basel III Pillar 3 framework published by the BCBS between 2015 and 2018. The key CRR2 changes introduced: a formalised tiering of disclosure obligations by institution size and complexity; quarterly disclosure requirements for key metrics at large institutions; and the mandate for the EBA to develop ITS on ESG disclosures (which became Article 449a).

The EBA implemented Part Eight through Commission Implementing Regulation (EU) 2021/637, which contains the standardised templates and tables for the main body of Pillar 3 disclosures. The ESG-specific disclosure templates were subsequently added via Commission Implementing Regulation (EU) 2022/2453, implementing Article 449a. Both regulations are directly applicable across all EU member states, including Luxembourg.

Who Must Disclose

Not every credit institution in Luxembourg faces the same Pillar 3 obligations. The CRR establishes a proportionality framework tied primarily to institution size and listing status.

Large Institutions

Article 433a of the CRR applies to institutions that meet the definition of “large institution” under Article 4(1)(146) CRR2. An institution qualifies if it meets any one of the following four criteria: (a) it is a G-SII as identified under Article 131 of the Capital Requirements Directive (CRD); (b) it is an O-SII as identified under Article 131 of the CRD; (c) it is one of the three largest institutions by total assets in its Member State of establishment; or (d) its total assets on an individual basis amount to EUR 30 billion or more. Luxembourg has a number of institutions in this category, including the local subsidiaries and branches of major European banking groups that book significant balance sheet here.

Large institutions face the most comprehensive disclosure requirements, including quarterly publication of key metrics and leverage ratios, semi-annual publication of most other templates, and annual qualitative disclosures.

Small and Non-Complex Institutions

Article 433b applies to small and non-complex institutions (SNCIs) as defined in Article 4(1)(145) of the CRR. The SNCI definition requires, among other conditions: total assets below EUR 5 billion on average over the four preceding years; no use of internal models for calculating capital requirements (no approval under the relevant CRR model articles); no G-SII or O-SII designation; and not being one of the three largest institutions in the Member State. The full SNCI definition in Article 4(1)(145) contains additional conditions; institutions should verify against the legal text rather than relying on a summary list. SNCIs benefit from substantially reduced disclosure obligations: they disclose annually and are exempt from a significant portion of the templates required of large institutions.

Luxembourg has many SNCIs, particularly among private banks and smaller investment firm-adjacent credit institutions. In practice, the SNCI categorisation simplifies the disclosure burden considerably, but I’ve seen institutions incorrectly assume they qualify when their balance sheet has grown past the threshold. The EUR 5 billion test is on a four-year rolling average, so a growth period can take you out of SNCI status with a delay.

Other Institutions

Article 433c covers institutions that are neither large nor SNCIs. These disclose semi-annually or annually depending on the specific template, with a scope that sits between the two extremes above. Non-listed large institutions get a slight reduction: they disclose certain quantitative templates on an annual rather than semi-annual basis.

Which Category Are You? A Three-Question Check

If you are trying to locate your institution in this framework, work through these three questions in order:

Question 1: Are you a large institution? Check any of the four Article 4(1)(146) criteria: G-SII designation; O-SII designation; one of the three largest credit institutions by total assets in Luxembourg; or total assets on an individual basis of EUR 30 billion or more. If yes, you are subject to Article 433a with quarterly and semi-annual obligations.

Question 2: If not large, do you meet the SNCI criteria under Article 4(1)(145)? The key threshold tests are: total assets below EUR 5 billion averaged over the preceding four years; no internal model approvals for capital; no G-SII or O-SII designation; and not one of the three largest credit institutions in the Member State. If you satisfy all the conditions in Article 4(1)(145), you are an SNCI subject to Article 433b with annual-only obligations and a reduced template scope.

Question 3: If neither large nor SNCI, you fall under Article 433c. Your obligations are broader than an SNCI but less frequent than a large institution, with most templates published semi-annually or annually depending on whether you are listed.

One practical caveat: the three-largest test in Luxembourg can shift as the banking sector consolidates or as institutions grow. It is worth confirming your category at each annual reporting cycle rather than assuming continuity.

What Gets Disclosed: The Template Framework

The EBA ITS (Commission Implementing Regulation (EU) 2021/637) specifies a set of standardised templates and tables, each covering a distinct disclosure topic. The distinction between templates and tables matters: templates use a fixed format where the structure is prescribed and cannot be changed; tables are qualitative and can use flexible format so long as the required information is covered.

How the Templates Connect

The templates in the EBA ITS are not a flat list; they form a layered structure where each level depends on the one above it being accurate. Understanding that hierarchy is the fastest way to understand where reconciliation problems originate.

EU KM1 sits at the top: the headline capital and liquidity metrics that users and supervisors read first. Everything below EU KM1 must reconcile to it. EU CC1 and EU CC2 are the capital decomposition layer: they break down the CET1, AT1, and Tier 2 totals in EU KM1 into their components and reconcile them to the audited balance sheet. EU OV1 is the risk layer: it breaks the total capital requirement in EU KM1 into its risk-type components (credit, market, operational, CVA). The EU CR1 and CQ series then provide depth on the largest component, credit risk, showing asset quality, impairments, and NPE ratios that explain the credit risk RWA in EU OV1. EU LR1 and EU LR2 decompose the leverage ratio, and EU LIQ1 and EU NSFR1 decompose the LCR and NSFR visible in EU KM1.

The reconciliation dependency runs in both directions: downward through the template hierarchy, and horizontally across to COREP. If EU CC1 does not tie to COREP C 01.00, the error will be visible in EU KM1 and every template that depends on it. Building Pillar 3 production around the same data extracts that feed COREP is not optional; it is the only approach that keeps the hierarchy consistent.

Key Metrics and Overview

Template EU KM1 is the starting point of every Pillar 3 report. It discloses the institution’s core prudential metrics in a single table: CET1 ratio, Tier 1 ratio, total capital ratio, leverage ratio, NSFR, and LCR. Large institutions publish EU KM1 quarterly. This template is where supervisors look first, and it is where inconsistencies with COREP are most visible.

Template EU OV1 provides an overview of risk-weighted exposure amounts by risk type. It is semi-annual for large institutions and shows the total RWA split across credit risk, market risk, operational risk, CVA, and other categories, alongside the minimum capital requirement for each.

Own Funds and Capital Requirements

Table EU OVA covers the institution’s overall risk management approach qualitatively. It describes governance, risk appetite, risk culture, and the relationship between the internal capital adequacy assessment process (ICAAP) and the regulatory capital framework.

Templates in the own funds section (Articles 437 and 437a) cover the composition of regulatory capital. Institutions must disclose the full breakdown of CET1, Additional Tier 1, and Tier 2 capital using the standardised EU CC1 template, alongside a reconciliation of own funds to the balance sheet using template EU CC2.

The Pillar 2 capital requirements are disclosed in accordance with Article 438(b). Where a competent authority has approved disclosure of the Pillar 2 Requirement (P2R) and Pillar 2 Guidance (P2G), these appear in the capital metrics. The ECB has progressively moved toward greater transparency on P2R, and most significant institutions now publish their P2R level. CSSF-supervised less significant institutions follow CSSF guidance on this point, which in practice has aligned with the ECB’s approach.

For institutions subject to resolution planning, Article 437a of the CRR adds a further layer: disclosure of own funds and eligible liabilities in the context of MREL and, for G-SIBs, TLAC. This is implemented through template EU KM2, which discloses the institution’s MREL and TLAC metrics alongside its standard capital ratios. EU KM2 sits within the Pillar 3 framework and must reconcile with the resolution authority’s MREL requirement. Institutions that have published their binding MREL target will need to show their current position against it in EU KM2 on a quarterly basis for large institutions. The interaction between the MREL requirement, eligible liabilities structure, and Pillar 3 capital disclosures requires coordination between the treasury, finance, and resolution planning functions that many institutions underestimate. For more detail on the reporting side of MREL, see MREL Reporting Requirements.

Credit Risk

The credit risk disclosure section is the largest part of most Pillar 3 reports. It covers:

  • Table EU CRA: general qualitative information on credit risk management.
  • Table EU CRB: additional qualitative information on the credit quality of assets, including forbearance and non-performing exposure policies.
  • Template EU CR1: credit quality of assets by exposure class and instrument type, showing gross carrying amounts, accumulated impairments, and net carrying amounts.
  • Templates EU CQ1 to EU CQ7: detailed templates on non-performing exposures, forborne exposures, collateral and financial guarantees, ageing of past-due exposures, and credit quality changes.

This section is where institutions using the Internal Ratings-Based (IRB) approach have significantly more to disclose than those on the Standardised Approach. IRB institutions must publish the EU CR6 template (IRB credit risk exposures by exposure class and PD range) and several associated tables covering model governance and back-testing results.

Leverage Ratio

Templates EU LR1 and EU LR2 cover the leverage ratio. Large institutions publish these quarterly, making the leverage ratio one of the few disclosure items with a quarterly obligation at the institutional level rather than just at the group level. The leverage ratio is a straightforward metric operationally (Tier 1 capital divided by total exposure measure), but the disclosure templates include a detailed breakdown of the exposure measure that takes real effort to produce accurately.

Liquidity

Template EU LIQ1 covers the Liquidity Coverage Ratio (LCR) and template EU NSFR1 covers the Net Stable Funding Ratio (NSFR). These are semi-annual for large institutions. In practice, most institutions in Luxembourg produce these quarterly for internal management purposes, so the semi-annual external disclosure is not the binding constraint. The challenge is translating the internal management numbers into the ITS format, which is more granular than many internal dashboards.

Remuneration

Article 450 requires disclosure of remuneration policy and practices, including the aggregate remuneration of identified staff (material risk-takers) by business area, and the number of individuals earning above EUR 1 million. Article 450a, introduced by CRR2, requires large institutions to disclose the gender pay gap: specifically, the ratio of remuneration between male and female staff. Both sections are consistently scrutinised by journalists, civil society organisations, and trade unions, so institutions in Luxembourg typically give them extra review time regardless of the regulatory obligation. The remuneration data feeds into the EU REM1 to EU REM5 templates.

Disclosure Frequencies at a Glance

The frequency rules under CRR Articles 433, 433a, 433b, and 433c can be confusing because they vary by institution type and by template. The following summarises the main frequencies for large institutions:

  • Quarterly: EU KM1 (key metrics), EU LR1 and EU LR2 (leverage ratio), EU CCYB1 (countercyclical buffer).
  • Semi-annual: most quantitative templates including EU OV1 (RWA overview), EU CR1 (credit quality), EU LIQ1 (LCR), EU NSFR1 (NSFR), and the ESG templates under Article 449a.
  • Annual: qualitative tables (EU OVA, EU CRA, EU CRB, remuneration policy), and most IRB model disclosure tables.

For SNCIs, the entire Pillar 3 report is annual with a reduced template set. For non-listed large institutions, some semi-annual templates shift to annual. The disclosure must be published concurrently with the corresponding financial report. If an institution publishes quarterly accounts, the quarterly Pillar 3 templates should appear at the same time.

Format and Publication Requirements

Article 434 of the CRR requires that all Pillar 3 disclosures be published in a single medium or location, which must be easy to identify and accessible to users of the information. In practice, this means a dedicated section on the institution’s website or a standalone Pillar 3 report document, with a clear landing page that links all the templates. Institutions are not permitted to scatter their Pillar 3 data across the annual report, investor presentations, and random CSSF filings and call it compliant.

Article 434a requires institutions to have a board-approved disclosure policy that governs how Pillar 3 information is produced, reviewed, and published. This policy must be described in the annual Pillar 3 report or cross-referenced to where it can be found. One or more senior officers, ideally at board level, must attest in writing that the disclosures have been prepared in accordance with the internal control processes set out in the policy.

I have seen this board attestation requirement treated as a formality in some smaller institutions. It is not. If a supervisory review identifies inaccurate Pillar 3 data, the existence (or absence) of a board-approved policy and formal attestation process is one of the first things the supervisor will check.

The EBA’s Pillar 3 Data Hub (P3DH) is the mandatory centralised channel for publishing and disseminating Pillar 3 data across the EU. Institutions submit their Pillar 3 data to the P3DH in XBRL-CSV format; the hub then makes the data available publicly in a structured, machine-readable form. The P3DH is live and the XBRL-CSV submission obligation is in effect. This is not a future-state proposal. Institutions that are still producing Pillar 3 reports solely as PDF narrative documents need to ensure they are also meeting the P3DH submission requirement with properly structured data. The workflow implication is practical: the data must flow from source systems through an XBRL tagging process, not from a document editor. Institutions whose COREP and FINREP production already runs through an XBRL pipeline are better positioned to extend that infrastructure to Pillar 3; those running a separate manual Pillar 3 process need to close that gap now.

ESG Disclosures Under Article 449a

Article 449a was introduced by CRR2 and requires large institutions to publicly disclose information on environmental, social and governance (ESG) risks. The EBA developed the detailed templates through Commission Implementing Regulation (EU) 2022/2453, which added Annex XXXIX to the Pillar 3 ITS. These disclosures apply to large institutions and are published semi-annually.

The ESG disclosure package consists of qualitative tables and quantitative templates:

Qualitative ESG Tables (Tables 1, 2, and 3)

Table 1 covers general qualitative information on ESG risks: how the institution identifies, measures, monitors, and manages ESG risks across its business model, governance, and risk management framework. Table 2 is specific to climate-related transition risks and Table 3 covers physical risks. These tables require institutions to describe their approach in plain language, backed by references to internal policies, board-level governance, and the metrics used.

In my experience, the qualitative tables take longer to produce than the quantitative templates. Getting three or four internal stakeholders (risk management, sustainability, finance, compliance) to agree on the right level of detail is the actual bottleneck. Generic boilerplate about “monitoring climate risks” no longer satisfies supervisors.

Quantitative ESG Templates

Annex XXXIX contains ten quantitative templates in total. The most operationally significant are:

Template 1 addresses transition risk exposure in the banking book: credit quality of exposures by sector, emissions profile, and residual maturity. This template requires institutions to map their loan book counterparties to NACE economic activity codes and to information about their carbon intensity or emissions where available. Data availability is the main challenge here, particularly for SME borrowers who do not report emissions data.

Template 4 covers transition risk concentration: exposures to the top 20 carbon-intensive firms in the institution’s banking book. This is more tractable operationally because it focuses on a small set of large counterparties where emissions data is more likely to exist.

Template 5 covers physical risk: banking book exposures to counterparties whose assets are located in regions subject to identified physical climate hazards (flood risk, heat stress, drought, and so on). This requires geographical mapping of collateral and exposure, which most institutions do not maintain in a form that readily feeds the template. The data sourcing problem here is significant and ongoing.

Template 8 is the Green Asset Ratio (GAR): the proportion of the institution’s assets that qualify as environmentally sustainable under the EU Taxonomy Regulation. The GAR has been the most controversial of the ESG templates because it requires Taxonomy-aligned data from corporate borrowers who are themselves still building their CSRD reporting infrastructure. The result is that GAR values across the European banking sector have generally been low, not necessarily because banks aren’t financing green activities, but because the data chain from borrower to bank to template is incomplete.

Template 10 covers climate change mitigating actions that fall outside the EU Taxonomy: actions the institution is financing or supporting that reduce emissions or climate risk but are not yet Taxonomy-eligible. This is a catch-all for activity that doesn’t fit the strict Taxonomy criteria.

The remaining templates in Annex XXXIX cover additional transition risk metrics and other ESG exposure breakdowns. Institutions should work from the full Annex XXXIX in Commission Implementing Regulation (EU) 2022/2453 rather than from any summary, as the complete template set is more granular than a practitioner overview can capture.

CRR3 and Step 2 ESG Requirements

The Annex XXXIX ESG templates are described in the EBA frequency tables as “Step 1” disclosures. Step 2, which will be defined under the CRR3 implementation process, is currently marked as N/A pending further regulatory development. CRR3 (Regulation (EU) 2024/1623) entered into force on 9 July 2024 and applies from 1 January 2025, with a phase-in for some elements. The CRR3 Pillar 3 requirements, including the revised ESG disclosure scope, are being developed by the EBA through a new ITS mandate.

From EBA discussion papers and the CRR3 mandate text, the expected direction of Step 2 includes the following areas, none of which are final and all of which should be tracked through EBA consultation papers as they are issued:

  • Social and governance risk disclosures: Step 1 is almost entirely climate-focused. Step 2 is expected to bring S and G risks into scope with comparable template structures, reflecting the full ESG mandate of Article 449a.
  • Financed emissions granularity: the Step 1 transition risk templates use NACE sector and carbon intensity proxies. Step 2 is expected to require more granular financed emissions data, aligned where possible with GHG Protocol Scope 3 Category 15 (investments) standards.
  • Nature-related and biodiversity risk: the EBA is monitoring nature-related financial risks as a disclosure area, but this is not currently part of the confirmed Step 2 scope. Institutions tracking TNFD and CSRD developments should note that EBA attention to biodiversity is increasing; whether it enters Pillar 3 through a subsequent mandate rather than Step 2 is not yet determined.
  • Physical risk granularity: expanded hazard types beyond the Step 1 scope, potentially including water stress, sea-level rise, and wildfire, are under discussion.

The practical implication is that institutions building their ESG data infrastructure for Step 1 should design for extensibility. A system that handles only climate transition and physical risk data today will need to accommodate social risk indicators and more granular emissions accounting under Step 2.

Luxembourg-Specific Implementation

CRR Part Eight is directly applicable in Luxembourg without national transposition. However, two supervisory contexts shape how Pillar 3 disclosure works in practice for Luxembourg institutions.

Significant Institutions Under ECB Supervision

Luxembourg’s significant institutions (SIs), supervised directly by the ECB under the Single Supervisory Mechanism, are subject to ECB Supervisory expectations on Pillar 3 quality. The ECB Banking Supervision publishes periodic reports on the quality of Pillar 3 disclosures across the SI population. These reports identify common deficiencies: missing templates, inadequate qualitative narratives, inconsistencies between Pillar 3 data and COREP/FINREP submissions, and poor coverage of ESG risks.

For Luxembourg SIs, the joint supervisory team (JST) will pick up Pillar 3 quality issues as part of the normal supervisory dialogue. A finding in the Pillar 3 report typically surfaces during the SREP cycle, where governance and internal control quality is assessed. A pattern of repeated Pillar 3 deficiencies can contribute to a downward governance score, which in turn affects the overall SREP assessment and potentially the Pillar 2 Requirement.

Less Significant Institutions Under CSSF Supervision

For less significant institutions (LSIs) in Luxembourg, the CSSF is the competent authority. The CSSF’s Prudential Regulation department reviews Pillar 3 disclosures as part of its off-site supervision activities. The CSSF has generally aligned its expectations with the EBA ITS and with the ECB’s supervisory guidance on Pillar 3 quality for LSIs, published through the ECB’s LSI supervision reports.

Luxembourg’s financial sector includes a large number of LSIs that operate as subsidiaries or branches of foreign groups. In these cases, there is often tension between the head office’s group-level Pillar 3 report and the Luxembourg entity’s solo Pillar 3 obligations. Solo disclosure is required under CRR Article 6 unless a waiver has been granted under Article 7. Waivers are available under specific conditions, including where the head office Pillar 3 report covers the Luxembourg entity in sufficient detail. In practice, groups should verify whether their Luxembourg subsidiary has a standing Article 7 waiver in place before defaulting to group-level disclosure only.

The EBA Pillar 3 Data Hub and Peer Comparability

Pillar 3 data does not just sit on your website. Through the EBA’s Pillar 3 Data Hub (P3DH), institutions submit structured XBRL-CSV data that the EBA publishes centrally, giving counterparties, investors, rating agencies, and analysts a standardised, comparable view across the EU banking sector. Your EU KM1 capital ratios, leverage metrics, and credit quality data appear directly alongside those of every other institution that submits to the hub. This is the current operating reality, not a future initiative.

The practical implication: a figure that looks defensible in isolation can look like an outlier when placed against sector peers. Institutions with anomalous NPE ratios, unusually low GAR values relative to their business model, or capital ratios that shift materially between quarters attract attention from analysts and counterparties before any supervisor acts. For Luxembourg institutions operating in a market where institutional counterparties run structured credit analysis on their banking partners, the P3DH is a standing quality risk that Pillar 3 controls need to account for across every submission cycle, not just at the annual report stage.

Common Errors and Supervisory Findings

Based on EBA and ECB supervisory reports, and on what I see discussed in compliance networks across the Luxembourg banking sector, the following issues appear most frequently in Pillar 3 supervisory reviews:

Reconciliation failures between Pillar 3 templates and COREP/FINREP. The own funds figures in EU CC1 and EU KM1 should tie exactly to the C 01.00 own funds COREP template. The RWA breakdown in EU OV1 should match the COREP C 02.00. When they don’t, the first assumption is data quality error. The second assumption is governance failure. Neither is good.

Missing or incomplete ESG tables. Many institutions published initial Article 449a disclosures that covered the quantitative templates but provided generic or minimal qualitative tables. Supervisors have signalled clearly that Tables 1, 2, and 3 need substantive content, not boilerplate sustainability language.

Incorrect scope of disclosure. Institutions sometimes publish only consolidated-level Pillar 3 and neglect the solo requirement where no Article 7 waiver is in place. The reverse also happens: solo entities publish an abbreviated report that omits templates they assume are covered at group level.

Frequency errors. Quarterly templates published late or combined into the semi-annual report. The EU KM1 quarterly publication requirement is the one most often missed by institutions that treat Pillar 3 as an annual report exercise rather than a continuous disclosure obligation.

No board attestation or no evidence of board review. Article 434a requires the board-approved policy and senior officer attestation. Both need to be demonstrable. An email from the CFO is not equivalent to a board minute and a formal policy document.

Stale data extracts used in the Pillar 3 report that do not match the COREP or FINREP submission versions. This is more common than it sounds. The COREP submission goes through a validation and resubmission cycle with the supervisor; the version used in the Pillar 3 report was often pulled from source systems before that cycle completed. The result is that the published Pillar 3 figures reflect a data state that the institution itself has since superseded. The practical mitigation is a version-lock process: the Pillar 3 data extract must be drawn from the same system snapshot and at the same point in the production calendar as the final accepted COREP/FINREP submission. Where a COREP resubmission occurs after Pillar 3 publication, institutions should have a documented policy for whether and when a corrected Pillar 3 disclosure is required. Treating these as independent production processes with independent timelines is the root cause; treating them as one process with one locked data version is the fix.

Frequently Asked Questions

Does Pillar 3 disclosure replace COREP and FINREP reporting?

No. Pillar 3 is public disclosure to the market. COREP and FINREP are supervisory reporting to the competent authority via the XBRL submission process. They use different formats and serve different audiences, but the underlying numbers must be consistent. An institution’s Pillar 3 report is not a substitute for COREP or FINREP submissions, and supervisors review both.

Where exactly must the Pillar 3 report be published?

Article 434 requires a single medium or location that is easily identifiable. In practice, the standard is a dedicated section of the institution’s public website titled “Pillar 3 disclosures” or “Regulatory disclosures,” with a landing page linking each year’s report and the quarterly and semi-annual updates. Some institutions publish a combined annual report and Pillar 3 document; this is acceptable provided the Pillar 3 section is clearly demarcated and the template index is present.

Are Pillar 3 disclosures subject to audit?

CRR Article 431 requires that quantitative disclosures be subject to the same internal verification and control processes as information in the management discussion and analysis (MD&A) section of the financial report. This means internal audit oversight and sign-off by senior management. External audit of Pillar 3 data is not explicitly required under CRR, but some institutions in Luxembourg voluntarily submit their Pillar 3 reports to external review, particularly those listed on regulated markets where investor scrutiny is higher.

Can an institution withhold Pillar 3 information as proprietary?

Article 432 allows institutions to omit specific items of information if that information is either immaterial, proprietary, or confidential. Proprietary means that sharing the information publicly would undermine the institution’s competitive position. Confidential means the institution has entered into confidentiality obligations with a third party. In both cases, the institution must state in its Pillar 3 report that the information has been omitted and explain why, and disclose more general information about the subject matter where possible. The ability to omit on proprietary grounds does not extend to entire templates.

What are the Article 449a ESG disclosure obligations for SNCIs?

Article 449a applies to large institutions as defined in Article 4(1)(146) CRR. SNCIs are not required to publish the full Article 449a ESG template set. However, Article 449a(2) requires all institutions that are not large to include in their Pillar 3 report a brief description of their ESG risks. This is a qualitative narrative, not a quantitative template exercise.

How does the Green Asset Ratio work in practice?

The GAR measures the proportion of the institution’s relevant banking book exposures that are aligned with the EU Taxonomy Regulation (Regulation (EU) 2020/852). The numerator is exposures to Taxonomy-aligned economic activities; the denominator is total covered assets. The main practical challenge is obtaining Taxonomy alignment data from corporate counterparties. Until CSRD reporting is fully bedded in, institutions are largely relying on estimates, third-party data providers, or a best-efforts process for the numerator. The EBA has acknowledged this data constraint in its guidance.

When will CRR3 change Pillar 3 requirements?

CRR3 (Regulation (EU) 2024/1623) entered into force on 9 July 2024 and applies from 1 January 2025. Most Pillar 3 changes under CRR3 are subject to new ITS mandates being developed by the EBA. The ESG disclosure scope will be reviewed under what the EBA calls “Step 2” of the ESG ITS process. Institutions should monitor EBA consultation papers for advance notice. The core structure of Pillar 3 (Part Eight, Articles 431-455) remains in place under CRR3; the changes are primarily in scope refinements and new disclosure areas rather than a wholesale restructure.

Is there a CSSF portal for submitting Pillar 3 reports?

No, not to the CSSF. The distinction to keep clear is this: COREP and FINREP are submitted to the CSSF via the CSSF eDesk (or equivalent supervisory reporting infrastructure). Pillar 3 structured data is submitted separately to the EBA via the Pillar 3 Data Hub (P3DH) in XBRL-CSV format, which then handles centralised publication. Institutions also publish their Pillar 3 report on their own website to meet the Article 434 single-location requirement. The CSSF may request copies of Pillar 3 reports during supervisory reviews or inspections, but there is no CSSF-specific Pillar 3 submission portal equivalent to the eDesk used for prudential reporting.

Key Takeaways

  • Pillar 3 is the public disclosure leg of the Basel framework, implemented through CRR Part Eight (Articles 431-455) as amended by CRR2, with templates specified in Commission Implementing Regulation (EU) 2021/637.
  • Disclosure obligations are tiered: large institutions face quarterly and semi-annual requirements; SNCIs disclose annually with a reduced template set; a middle category faces semi-annual or annual obligations depending on the template.
  • The EBA ITS templates and tables cover capital metrics (EU KM1), own funds composition (EU CC1, EU CC2), RWA overview (EU OV1), credit risk quality (EU CR1 and CQ series), leverage ratio (EU LR1, EU LR2), and liquidity (EU LIQ1, EU NSFR1).
  • Article 449a and Commission Implementing Regulation (EU) 2022/2453 require large institutions to publish semi-annual ESG disclosure templates covering transition risk, physical risk, and the Green Asset Ratio. The data quality challenge for these templates is real and acknowledged by the EBA.
  • All disclosures must be published in a single, easily identifiable location (the institution’s website). A board-approved disclosure policy and senior officer attestation are required under Article 434a.
  • In Luxembourg, significant institutions are supervised by the ECB/JST, which includes Pillar 3 quality in its SREP assessment. LSIs are supervised by the CSSF, whose expectations align with EBA and ECB guidance.
  • The most common supervisory findings are: reconciliation failures between Pillar 3 and COREP/FINREP data; incomplete ESG qualitative tables; incorrect scope (missing solo disclosure where no Article 7 waiver is in place); and quarterly templates published late or omitted.
  • CRR3 will bring further Pillar 3 scope changes, particularly on ESG disclosures. EBA consultation papers are the advance warning system worth monitoring.

Related Articles

  • COREP Reporting Explained – the supervisory reporting framework covering capital adequacy returns, whose data must reconcile with your Pillar 3 own funds and RWA disclosures.
  • FINREP Reporting Explained – financial reporting templates submitted to the supervisor; the balance sheet and P&L data here underpins the credit quality and asset quality sections of Pillar 3.
  • MREL Reporting Requirements – minimum requirement for own funds and eligible liabilities; MREL and TLAC disclosures under Article 437a CRR are part of the Pillar 3 own funds section for institutions subject to resolution planning.
  • COREP Reporting Errors – common data quality issues in COREP submissions that often cascade into Pillar 3 reconciliation problems.

Sources and References

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Similar Posts