James Aspinwall — February 2026
This is the simplest of the five agents. Sum all positions per counterparty. Compare against the CRR large exposure limit — 25% of Tier 1 capital. When the number gets close, explain why. When it breaches, draft the notification.
The detection is arithmetic. The value is in the explanation, the audit trail, and the speed. A human looking at a spreadsheet might catch the breach tomorrow morning. This agent catches it now.
The CRR Large Exposure Framework
The Capital Requirements Regulation (CRR — Regulation 575/2013) Articles 387-403 govern large exposures. The core rule is brutally simple:
Article 395(1): No institution shall have an exposure to a single client or group of connected clients exceeding 25% of its Tier 1 capital.
For G-SIIs (Global Systemically Important Institutions), the limit is 15%.
What Counts as an Exposure
Everything. Loans, credit lines (drawn and undrawn), bonds, derivatives (mark-to-market plus potential future exposure), guarantees issued, securities financing transactions, off-balance sheet commitments. The full definition spans Articles 389-394. After credit risk mitigation (CRM) — collateral, guarantees, netting — the net exposure is what matters for the limit check.
Connected Clients
Article 4(1)(39) CRR defines a “group of connected clients” — entities linked by control relationships or economic interdependence such that if one fails, the others likely face financial difficulty. EBA Guidelines (EBA/GL/2017/15) provide detailed guidance on identifying connections.
This is where it gets interesting for AI. Two entities that appear unrelated may share a common ultimate beneficial owner discovered through corporate registry filings, news reports, or financial statement analysis. The agent that catches that connection before the next COREP filing date earns its keep.
CRR II and CRR III Changes
CRR II (Regulation 2019/876): Changed the denominator from total own funds (Tier 1 + Tier 2) to Tier 1 capital only. This made the limit effectively tighter. Also introduced the 15% G-SII limit, integrated trading book exposures using SA-CCR, and tightened exemptions.
CRR III (Regulation 2024/1623): Introduced the output floor (phased in through 2032), revised credit risk standardized approach, FRTB for market risk, ESG considerations, and crypto-asset treatment. The output floor may indirectly affect large exposure utilization by changing risk-weighted assets and capital allocation.
The Math
Tier 1 Capital: EUR 10,000 million (CET1 + AT1)
Large Exposure Limit: EUR 2,500 million (25% × 10,000)
Counterparty "EuroAuto AG":
Loans: EUR 1,200 million
Undrawn facilities: EUR 600 million (after CCF)
Bonds: EUR 300 million
Derivatives (SA-CCR): EUR 100 million
Gross Exposure: EUR 2,200 million
Less CRM:
Collateral: EUR (200) million
Guarantee (eligible): EUR (150) million
Net Exposure: EUR 1,850 million
Utilization: 74% of limitInput: Portfolio Data
The agent ingests exposure data with these fields per position:
| Field | Purpose |
|---|---|
counterparty_id |
Entity identifier |
counterparty_name |
Display name |
group_id |
Connected client group |
exposure_type |
Loan, bond, derivative, guarantee, etc. |
gross_amount |
Pre-CRM exposure |
crm_type |
Collateral, guarantee, netting |
crm_amount |
CRM reduction |
net_amount |
Post-CRM exposure |
currency |
Denomination |
maturity |
For maturity bucket reporting |
Plus own funds data: CET1, AT1, and T2 amounts.
For the demo: synthetic portfolio with 10-20 counterparties, 3-4 connected client groups, own funds of EUR 10 billion for clean math.
Processing: Monitor and Explain
Stage 1 — Aggregation
Sum net exposures per counterparty and per connected client group. Convert foreign currency exposures to EUR at current rates. Calculate utilization as percentage of Tier 1 capital limit.
Stage 2 — Threshold Monitoring
| Level | Threshold | Action |
|---|---|---|
| Green | < 70% | Normal monitoring |
| Amber / Watch | 70-80% | Enhanced monitoring, monthly review |
| Orange / Warning | 80-90% | Escalate to Head of Credit Risk, weekly review |
| Red / Alert | 90-100% | Escalate to CRO and Risk Committee, daily monitoring, freeze new approvals without CRO sign-off |
| Breach | > 100% | Immediate board notification, BaFin notification without delay (Article 396 CRR) |
These thresholds are not prescribed by CRR — they come from MaRisk and industry best practice. MaRisk AT 4.3.2 requires clear escalation procedures for limit approaches and breaches, documented and approved by the board.
Stage 3 — LLM Explanation
When a threshold is crossed, the LLM generates an audit-trail explanation:
“Exposure to EuroAuto Group has reached 87% of the large exposure limit. Current net exposure: EUR 2,175 million against a limit of EUR 2,500 million (25% of Tier 1 capital of EUR 10,000 million). This is driven by a EUR 120 million drawdown on the revolving credit facility yesterday (facility reference CF-2024-0847). Headroom: EUR 325 million. Under CRR Article 395(1), the limit must not be exceeded. Recommended actions: (1) freeze new approvals to this group without CRO pre-approval, (2) assess whether the EUR 200 million syndication of the term loan can be accelerated, (3) evaluate purchasing EUR 150 million CDS protection to reduce net exposure.”
Stage 4 — Breach Response
If the limit is breached:
Article 396(1) CRR: The institution must report immediately to BaFin — “without delay” (unverzüglich under German law: without culpable hesitation, practically same business day). The notification includes: counterparty identity, exposure amount, limit amount, excess amount, reason for breach, and remediation plan.
The agent drafts the notification. The CRO reviews and approves. The reporting goes through the Bundesbank’s ExtraNet portal.
Remediation options the agent evaluates and presents:
- Sell down loan participations or syndicate
- Purchase credit protection (CDS, guarantees)
- Reduce undrawn facilities
- Obtain additional eligible collateral
- Increase own funds (capital raise — longer-term option)
Alerting Scenarios
Scenario 1: The Creeping Giant
Exposure trending from 60% → 70% → 80% → 85% over 6 months. The agent escalates at each threshold. At 85%, the AI recommends syndication of a EUR 200 million tranche. CRO approves. Exposure drops to 72%. Full audit trail.
Scenario 2: The Market Shock (Passive Breach)
FX movement causes a USD-denominated exposure to exceed the limit when converted to EUR. The agent detects the breach intraday. AI generates breach notification draft and three remediation options: FX hedge, partial sell-down, or additional collateral. CRO reviews and approves the FX hedge. Compliance tracks daily until restored.
Passive breaches — caused by movements in own funds, FX rates, or market values rather than new lending — are treated more leniently than active breaches by BaFin. But they still require notification and remediation.
Scenario 3: Connected Client Discovery
AI analyzes a corporate registry filing and identifies that two previously separate clients share a common ultimate beneficial owner. Combined exposure: 22% (previously 14% and 8% separately). Alert generated for connected client reclassification. System recommends updating the grouping, reviewing credit lines, and flagging for the risk committee.
Scenario 4: Shrinking Denominator
Quarterly results show a loss, reducing Tier 1 capital by EUR 500 million. The agent recalculates all exposure ratios against the new, lower denominator. Three counterparties that were at 21%, 23%, and 24% are now at 23%, 25.3%, and 26.4%. Two passive breaches detected immediately. Prioritized remediation plan generated.
Scenario 5: Pre-Trade Gatekeeper
Trader wants to execute a EUR 50 million bond purchase for Client X. Current exposure: 23.5%. Proposed trade would bring it to 24.8%. Agent flags: “Within limit but enters Red alert zone (>90% utilization after proposed trade occupies 99.2% of remaining headroom). Recommend CRO pre-approval before execution.”
Human-in-the-Loop
CRR Article 395 is a hard regulatory limit. There is no provision for the board to approve ongoing exceedance. The 25% is not a guideline — it is law.
The AI recommends, the human decides:
- Approving exception to internal limits (below 25%): CRO for smaller amounts, board for larger
- Executing remediation strategies: portfolio management team with CRO sign-off
- Submitting regulatory notifications: CRO review and approval required
- Connected client grouping decisions: credit risk officer validates, senior reviewer approves
BaFin’s position on AI in risk management (EBA/GL/2021/05 and BaFin AI Principles 2021): AI can recommend but not decide in supervisory-relevant areas. Explainability is required. Human override must always exist. Audit trail of AI recommendations AND human decisions is mandatory.
Reporting Requirements
COREP Templates (Quarterly)
C 26.00 (LE1): Tier 1 capital, applicable limit percentage, limit amount.
C 27.00 (LE2): Every counterparty/group with exposure exceeding 10% of Tier 1. Fields: LEI, name, country, sector (NACE), counterparty type, group identifier, gross exposure, net exposure, percentage of Tier 1.
C 28.00 (LE3): Breakdown between trading book and non-trading book per large exposure.
C 29.00 (LE4): Individual entities within connected client groups — shows the exposure to each entity and the type of connection (control or economic interdependence).
C 30.00 (LE5): Maturity bucket breakdown (added under CRR II).
Remittance deadline: T+30 working days after quarter-end. Submission via Bundesbank ExtraNet.
Additionally, German banks report all exposures exceeding EUR 1 million to the Bundesbank’s Evidenzzentrale (credit register) under §14 KWG — the Millionenkreditmeldung. The Evidenzzentrale provides feedback showing aggregate banking system exposure to each borrower, which is valuable for discovering connected clients.
Audit Trail
MaRisk AT 6 requires all risk-relevant processes to be documented so that a “knowledgeable third party” can understand the decisions made and why.
For each monitoring cycle, the audit trail captures:
- Every exposure calculation with full breakdown (inputs, methodology, CRM applied)
- Every limit check with timestamp, limit amount, exposure amount, utilization percentage
- Every connected client grouping decision with evidence
- Every alert with threshold, exposure, counterparty, recipients
- Every human decision with who, what, when, and rationale
- Every AI recommendation with input data and model/logic used
- Whether the human accepted or overrode the AI recommendation
- Every CRM recognition with eligibility checks and valuation
Retention: minimum 5 years under MaRisk, 10 years aligned with §257 HGB for financial records. In practice, banks retain large exposure records for 7-10 years given litigation and regulatory inquiry timelines.
Running Under the MCP Orchestrator
MCP Tools:
-
exposure_calculate— aggregates net exposures per counterparty/group against current own funds -
exposure_check_limits— runs threshold checks, returns utilization dashboard -
exposure_explain— generates audit-trail explanation for a specific counterparty -
exposure_breach_report— drafts BaFin notification for a limit breach -
exposure_pretrade_check— evaluates a proposed trade against current headroom
System Prompt Context: Current own funds breakdown (CET1, AT1, T2), CRR limit percentages, internal threshold levels, connected client group definitions, exemptions applied (Article 400), COREP template structure.
Trigger Conditions:
- Continuous: recalculate on every position change or market data update
- Scheduled: daily full portfolio recalculation, quarterly COREP generation
- Event-driven: own funds change, FX rate movement exceeding threshold
- On-demand: pre-trade limit check
Demo Flow
The dashboard shows a gauge for each of the top 10 counterparties. Color-coded: green, amber, orange, red. Time series trending behind each gauge.
EuroAuto AG sits at 74%. A EUR 120 million drawdown hits. The gauge slides to 87%. Orange turns red at 90% — wait, not yet. But the agent fires: “Warning threshold crossed. Exposure at 87% of limit.” Recommended actions appear. The CRO taps “Approve” on the syndication recommendation. A few moments later, the gauge drops to 72%.
Then the FX shock. USD/EUR moves 8% overnight. Three counterparties with USD-denominated exposures recalculate above limit. Two gauges go black — breach. The agent drafts BaFin notifications for both. The CRO reviews, approves the larger one first. The dashboard tracks daily progress until compliance is restored.
Simple arithmetic. But wrapped in explanation, audit trail, and speed — that is what makes it valuable. The detection is trivial. The compliance response is not.
Beyond Monitoring: Execute the Remediation
Currently, the agent calculates exposures, detects threshold breaches, and recommends remediation actions. The next step: a one-click “Execute” button that initiates the recommended action — freeze new approvals to the counterparty group (push to credit approval system), kick off syndication workflow (notify portfolio management, draft term sheet), or stage the BaFin breach notification for CRO sign-off via Bundesbank ExtraNet.
For COREP reporting: the agent does not just track exposures — it pre-populates C 26.00 through C 30.00 templates quarterly, cross-checks against the Evidenzzentrale feedback, and stages the submission for the T+30 working day deadline.
The consulting differentiator: This agent speaks CRR. It knows the difference between a passive breach (FX movement, capital reduction — more lenient treatment) and an active breach (new lending — immediate notification required). It understands connected client groupings under Article 4(1)(39), calculates SA-CCR for derivatives exposure, and applies credit risk mitigation rules for eligible collateral. A spreadsheet can do the arithmetic. This agent does the arithmetic, explains it, and files the paperwork.