Strengthening IRRBB and CSRBB readiness as the rate cycle enters its next phase

IRRBB and CSRBB practice is maturing, with supervisors continuing to push for higher standards. Banks that can address weaknesses and embrace best practice will not only enhance compliance; they will also strengthen resilience against heightened real-world market volatility.

The last three years have transformed interest rate risk in the banking book (IRRBB) and credit spread risk in the banking book (CSRBB) from a technical risk discipline into a leading supervisory topic. In addition, although bank profitability remains strong, the ECB has recently noted slowing growth in net interest income (NII) with margins starting to compress as the rate cycle turns.

Our previous articles on IRRBB and CSRBB focused on implementing the revised EBA framework and building a credible measurement and limit architecture. Today, the question has shifted: Can banks use these frameworks to protect earnings and capital as the rate cycle enters its next phase?

Supervisors raise the bar beyond model compliance

The 2025 SREP results show that IRRBB and CSRBB are no longer niche supervisory topics. The volatile interest rate environment, and a multi-year campaign of on-site inspections (OSIs) mean they are among the risk areas with the most frequent score changes. Qualitative measures increasingly focus on risk identification, scenario design and limit setting.

At the same time, the ECB’s latest supervisory priorities stress the need for banks to address ongoing weaknesses in risk data aggregation and risk reporting (RDARR). Supervisors are using the new IRRBB Reporting ITS to challenge data quality, consistency and reconciliation, with scope for detailed follow-up questions on data points and assumptions.

This supervisory focus, together with the ECB’s publicly stated concerns about tail risks, make it clear that banks need to go beyond IRRBB and CSRBB compliance and develop forward looking frameworks able to cushion the effects of shocks beyond standard interest rate changes. In this context we have gathered the following key observations and included our recommendations on what banks should do in response.

Banking practice is advancing, but with persistent blind spots

IRRBB use is maturing, but with scope for greater sophistication

Large Significant Institutions’ IRRBB practices are maturing. Non-maturity deposits (NMDs) are almost always modelled with behavioural assumptions, and often segmented by product and customer type. Other areas receiving increased focus include the interest rate sensitivity of prepayment models, and the proper integration of Non-performing exposure (NPE) modelling into risk management frameworks.

Economic value of equity (EVE) is more dominant than earnings-based (NII) metrics in IRRBB steering, and is often more prominent in formal risk appetite statements and limit hierarchies. In contrast, NII frequently takes centre stage in management discussions and performance steering.

Scenario design has improved, although few banks explore climate-related scenarios. Banks typically capture multiple sub-risks like gap risk, basis risk and optionality, and more are weighing behavioural effects like prepayments and early redemptions. Even so, interest rate shocks dominate; relatively few institutions embed multifactor or combined rate-spread scenarios into their regular steering.
CSRBB moves centre stage, though gaps in coverage and governance remain

Most large banks now explicitly classify CSRBB in their risk taxonomy. Measurement, typically via EVE-oriented metrics supported by scenario analysis and Value at Risk (VaR), is normally adopted for the ICAAP.

However, CSRBB coverage is still uneven. Many banks focus on liquid securities, particularly bonds, and are only gradually including loans, structured products and issuances. Furthermore, CSRBB risk appetites remain highly centralised. Limits are typically defined at group level, and rarely cascaded to entities, business units or portfolios - limiting the role of CSRBB in regular granular steering.

Finally, when deriving CSRBB scenarios, banks largely anchor shock magnitudes in internal time-series analysis, with regulatory or benchmark parameters and expert judgement used more as calibration checks than as the main driver.
Resolving operational issues will make IRRBB & CSRBB more valuable

Operational friction is a recurring theme. Many banks rely on vendor solutions for IRRBB and CSRBB metrics - often supplemented with in house tools, necessitating data reconciliation. Some banks can refresh key metrics within a day, but a significant number take several working days from reference dates to final reporting.

So far, the use of advanced analytics and Artificial Intelligence (AI) is limited and experimental, with a focus on areas such as NMD or prepayment modelling. In this context, we understand banks are taking a cautious approach, testing new tools within robust data governance frameworks.

Looking ahead, the ability to resolve these operational snags will determine if IRRBB and CSRBB metrics can help banks to adapt pricing, issuance, hedging and deposit strategies to changing market conditions - or if they will remain primarily a regulatory compliance and reporting tool.

Top priorities for banks’ IRRBB & CSRBB agendas

Supervisors have invested heavily in on-site work relating to IRRBB and CSRBB, with OSIs generating numerous findings – especially around behavioural modelling, the NII view, segregation of duties, and validation. To meet regulatory expectations and improve resilience, banks should aim to:

Refine risk appetite, integrating rate and spread views

Banks should revisit how EVE and NII based metrics affect risk appetites and limit structures across IRRBB and CSRBB. This means clarifying the relative priority given to structural value versus short term earnings; ensuring CSRBB is no longer treated as an add-on; and aligning ICAAP, limit frameworks and management actions with this integrated view. The EBA’s guidance provides a base line, but supervisors increasingly expect banks to go beyond ‘minimum compliance’ to bank-specific, forward-looking calibration.
Enhance data, modelling and reporting

Banks can use IRRBB and CSRBB to test their broader data strategy. Priorities include cutting the time between financial closing and final reporting; reducing manual adjustments; and integrating the various third-party and in-house tools used. For many, this will require a single data pool for rates, spreads, behavioural assumptions and scenarios that can be used across IRRBB, CSRBB, ICAAP and ILAAP. With robust data lineage and model risk management, AI can add granularity to deposit or prepayment models.
Use CSRBB for daily regular steering

Over the next three years, a key differentiator will be whether CSRBB is embedded into the same governance, limit and business processes as IRRBB. That includes completing the CSRBB perimeter for key portfolios, aligning modelling choices with credit and liquidity risk views, and integrating spread risk considerations into product pricing, issuance strategy and funding plans

The 2025 SREP results show that banks’ approaches to IRRBB and CSRBB are directly shaping risk scores and qualitative expectations. At the same time, the macro environment grows ever more complex. Geopolitics, trade tensions and monetary policy are all driving rate and spread dynamics.

Banks face a dual challenge to ensure that IRRBB and CSRBB frameworks are robust enough to withstand this scrutiny, and flexible enough to support strategic steering. Institutions that produce high quality IRRBB and CSRBB metrics, aligned with business decisions and capital planning, can use structural risk management for competitive advantage, not just compliance.