Sustainability data is no longer sitting safely at the edge of banking compliance. A March 2026 briefing argues that ESG metrics are increasingly being treated as risk data, pulling sustainability teams into the heart of enterprise risk architecture.
That shift matters because regulators now expect banks to demonstrate that ESG data is accurate, complete, timely and usable in decision-making. In practice, that means RDARR and BCBS239 are becoming sustainability issues.
Risk Data Is Becoming ESG Infrastructure
For years, many sustainability teams have focused on disclosure frameworks, climate targets, taxonomy alignment and assurance readiness. A March 2026 EY note makes a sharper argument: sustainability teams in banks now need to pay close attention to Risk Data Aggregation and Risk Reporting, or RDARR, and to BCBS239, the Basel framework that sets principles for risk data and reporting discipline.
The reason is straightforward. ESG information is increasingly being pulled into core risk management, board reporting and supervisory scrutiny. Once that happens, sustainability data is no longer a side stream for annual reporting teams.
It becomes part of the bank’s risk-grade data infrastructure, subject to stronger governance, controls, timeliness requirements and board accountability.
For African and emerging-market institutions, the message is especially relevant. As banks face rising pressure to improve climate-risk disclosure, taxonomy reporting, Pillar 3 ESG metrics and broader sustainability governance, the quality of ESG data will increasingly shape credibility with regulators, investors and boards.
When ESG Data Enters Risk Systems
BCBS239 sets out 11 principles for banks and three for supervisory authorities, organised around governance and IT infrastructure, risk data aggregation capabilities, and risk reporting practices.
The EY briefing notes that the European Central Bank has made remediation of deficiencies in risk data aggregation and reporting a supervisory priority and has indicated it will use enforcement mechanisms where progress is unsatisfactory.
It also says the ECB issued updated RDARR guidance in 2024 with more prescriptive expectations.
That matters for sustainability teams because RDARR is not a narrow technical programme. It refers to the processes and capabilities banks need to collect, aggregate and report risk data efficiently, especially in periods of stress.
The note states that regulators now expect those capabilities to extend to ESG data too.
The attention point here is not merely the compliance burden. It is institutional repositioning. ESG data is moving from narrative reporting into prudential relevance.
Why Supervisors Are Raising Expectations
The ECB briefing moves from principle to plumbing on page three, where it maps supervisory concerns directly onto ESG data.
Board accountabilities under BCBS239, it says, should explicitly cover ESG data, with scope extending to all material ESG-related reports, models and indicators across the group, including CSRD, Taxonomy, Pillar 3 ESG and climate- and nature‑risk metrics.
That framing is significant. Sustainability data is no longer judged only on disclosure readiness, but on whether it can credibly support risk use‑cases across the bank.
The note calls for named data owners and stewards, glossaries and metadata for critical ESG elements, lineage and controls, and governance over end‑user tools such as sustainability spreadsheets.
It also pushes for integrated architecture: systems that ingest external ESG sources, maintain attribute-level lineage and enforce ESG data standards, backed by a group-wide data‑quality rules covering coverage, estimation, timeliness and consistency with financial data.
Timeliness expectations must cover both BAU reporting and crisis‑driven supervisory requests. For banks in climate‑vulnerable African markets, that last point underlines how quickly sustainability data can become core risk data.
What Better ESG Data Could Unlock
The document is not only a warning. It is also a practical opportunity statement. On page four, EY argues that BCBS239 principles can help improve ESG data quality by forcing clearer data dictionaries, stronger controls, and stronger ownership and stewardship. That, it says, can move sustainability teams closer to audit-ready, high-integrity ESG data.
This is where the desire case becomes tangible. If sustainability teams plug into the bank’s risk-grade data infrastructure, they gain more than regulatory cover. They gain executive trust.
The note says engagement with shared enterprise tooling and common standards reduces duplication, reduces long-term costs, and improves credibility with senior leadership.
That can materially change the standing of sustainability teams inside financial institutions. Instead of being seen as owners of reporting templates or policy language, they become contributors to enterprise-grade decision infrastructure.
In banks where funding, capital allocation, climate stress-testing and risk appetite are converging, that is a strategic shift.
For African institutions, the upside is even broader. Stronger ESG data governance could help banks move faster on climate risk integration, sustainable finance targets, taxonomy readiness and investor-grade disclosure.
It reduces the familiar friction between finance, risk and sustainability teams by creating common data standards rather than parallel reporting universes.
What Sustainability Teams Should Do Now
The action section of the briefing is blunt. Sustainability teams should be embedded in data governance forums.
- They should identify and prioritise critical ESG risk data elements.
- They should map ESG data flows and assess control gaps.
- They should integrate sustainability data into RDARR tools, processes and roadmaps.
These are not cosmetic steps. They are operating model changes.
- They require sustainability leaders to work more closely with chief data officers, risk functions, finance teams, architecture leads and internal control functions.
- They also require a cultural change: ESG metrics need to be treated with the same seriousness as financial risk data when they influence board reporting or supervisory judgment.
For banks across Africa and other emerging markets, the practical lesson is clear. The institutions that build ESG data into enterprise risk systems early will be better placed to handle future supervisory pressure, assurance demands and climate-related shocks.
Those who keep ESG data in fragmented spreadsheets and disconnected reporting silos may find that what once looked like a sustainability reporting challenge has become a broader governance weakness.
Path Forward – Through Risk-Grade ESG Data
The EY note advocates a simple but consequential shift: treat sustainability data as enterprise risk data where it supports material reporting, models and decisions.
That means stronger governance, clearer ownership, better architecture and faster reporting discipline.
The path forward for banks is to stop building ESG data systems in parallel. Instead, they need to bring sustainability teams into RDARR programmes now, so climate and ESG information becomes more accurate, more defensible and more usable when boards and supervisors need it most.
