ARTICLE
29 October 2024

EBA Publishes Its Annual Work Programme 2025 And Sets Out The Path To 2027

PL
PwC Legal Germany

Contributor

In today’s rapidly evolving marketplace, our clients are increasingly concerned with business collaborations, restructuring, mergers and acquisitions, financing and questions of social responsibility. They need legal security when dealing with such complex issues. That is why we work closely with PwC’s tax, human resources and finance experts and draw on the resources of our legal network in more than 100 countries to deliver comprehensive advice. Whether a global player, a public body or a wealthy individual, each client can rely on a personal account manager to address his or her specific legal needs. This dedication helps us ensure our client’s long-term business success. PwC Legal. More than 220 lawyers at 18 locations. Integrated legal advice for the real world.
Every year, usually during the fourth quarter, EU-level authorities such as the European Banking Authority (EBA) publish their Annual Work Programmes (AWPs)...
European Union Finance and Banking

QuickTake

Every year, usually during the fourth quarter, EU-level authorities such as the European Banking Authority (EBA) publish their Annual Work Programmes (AWPs) setting out their priorities and resourcing for the coming calendar year. Some authorities, such as ESMA also publish a multi-year priority plan in what is known as a Single Programming Document (SPD). Both the AWPs and SPDs are of relevance to national competent authorities (NCAs) and more importantly the relevant firms within the scope of ESMA's and

NCA's regulatory and supervisory mandate. On 2 October 2024, EBA published its AWP outlining the key priorities and initiatives for 2025 and, as a SPD, the path through to 2027.1 As in previous years, EBA's AWP is structured to address the evolving market context, legislative and regulatory changes as well as technological advancements impacting the financial services sector and those financial market participants within its mandate. The EBA, in its role as regulator is the gatekeeper of certain parts of the Single Rulebook for financial services within its mandate and tasked with regulatory and supervisory convergence amongst NCAs and across markets. Accordingly, the EBA shapes how NCAs (both in and outside of the EU's Banking Union) apply the legislative and regulatory requirements as well as expectations in the supervision of financial market participants within EBA's regulatory mandate.

The EBA's AWP 2025 is structured around policy and convergence work, risk assessment and data activities, governance, coordination and support tasks. This comprehensive approach ensures that the EBA can adapt to new EU priorities and economic or geopolitical developments while operating with slightly increased resources. This includes specifically the EBA taking on new mandates (i) in the context of the EU's Regulation for a Digital Operational Resilience Act (DORA),2 where it will be overseeing designated critical third-party service providers (CTPPs) jointly with its sister European Supervisory Authorities (ESAs), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA); and (ii) overseeing significant crypto-asset providers; as well as (iii) transitioning anti-money laundering (AML) and countering the financing of terrorism (CFT) powers and mandates to the new EU AML authority (AMLA). Overall, the list of activities and deliverables for 2025, which are set out in Chapter 2 of the AWP are, when compared to priorities for 2024, more comprehensive.

This Client Alert discusses the relevant issues and key legal and regulatory considerations for relevant market participants as well as the key differences between EBA's 2024 and 2025 publications. This Client Alert should be read together with other thematic deep dives on reforms and developments as well as our standalone analysis of all relevant 2025 work programmes from the European Commission, the ESAs as well as those of the Banking Union authorities (ECB-SSM and SRB). Readers may also find benefit in consulting excellent publications from PwC's Risk Network as well as PwC Legal's "Navigating 2025", a comprehensive playbook providing a more granular annual outlook from PwC Legal's EU RegCORE on the forthcoming regulatory policymaking agenda, the supervisory cycle and assessment of commonalities and trends across plans for 2025 and beyond.

Key takeaways from EBA's 2025 AWP

As in previous years the EBA uses its 2025 AWP to outline its strategic priorities and communicate a comprehensive roadmap and resourcing plan for EBA's activities and publications. Primarily these publications take the form of Guidelines, Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS) that it is mandated to publish along with other rulemaking instruments and statements (Q&As, Opinions and Supervisory Briefings) setting out EBA's supervisory expectations including as addressed to NCAs and market participants.

The 2025 AWP emphasises flexibility to adapt to new EU priorities and economic or geopolitical developments. However, for 2025 and certainly through to 2027 the AWP's over 50 pages of detail focuses on the following key areas summarised below as it relates to the market but also to EBA's own operational priorities:

  1. EBA's expectations towards NCAs and financial market participants
    Implementation of the Basel Framework
    The AWP 2025 prioritises the timely and faithful implementation of the Basel III reforms in the EU. This includes introducing more risk-sensitive approaches for determining capital requirements and addressing shortcomings in credit, market and operational risk. The EBA expects that financial services firms will need to adjust their internal models and capital structures to comply with these new requirements. The introduction of an 'output floor' will serve as a backstop for the use of internal models, ensuring a more standardised approach across institutions.
    One of the core elements of the Basel III reforms is the introduction of more risk-sensitive approaches for calculating capital requirements. This involves refining the methodologies used to assess credit, market and operational risks, thereby ensuring that capital allocations more accurately reflect the underlying risk profiles of financial institutions. The 2025 AWP's focus on these reforms underscores the necessity for financial services firms to reassess and potentially adjust their internal models. These adjustments are crucial for aligning with the new regulatory standards, which aim to mitigate systemic risks and enhance financial stability across the EU banking sector.
    The AWP 2025 also highlights the need to address specific shortcomings in the current frameworks for credit, market and operational risks. For credit risk, this includes refining the standardised approach (SA) and internal ratings-based (IRB) approach to ensure they are more reflective of actual risk exposures. In terms of market risk, the reforms will incorporate more sophisticated measures to capture the complexities of trading activities and market fluctuations. Operational risk management will also see enhancements, particularly through the adoption of the Standardised Measurement Approach (SMA), which aims to provide a more consistent and transparent framework for assessing operational risks.
    Enhancing the EU's Single Rulebook
    The EBA aims to complete updates to the Single Rulebook in banking by developing regulatory standards, guidelines and reports. This will involve over 140 mandates, many of which are due by the end of 2025. The EBA expects that firms stay abreast of these developments and ensure compliance with new regulatory requirements as they are introduced.
    Monitoring financial stability
    Given the heightened geopolitical tensions, persistent inflation and market volatility, the EBA will increase its efforts in financial stability assessment and monitoring. The 2025 AWP indicates a robust approach to financial stability, with a clear mandate to enhance risk-based and forward-looking financial stability for a sustainable economy. This involves regular analyses of key risk metrics and tools, including the refinement of stress-testing methodologies. The EBA recognises that the risks to the European financial sector are multifaceted, arising from economic, geopolitical and structural developments. Consequently, financial services firms should prepare for more rigorous and comprehensive assessments of their stability and resilience.
    One of the critical components of the EBA's strategy is the implementation of more stringent stress tests. The 2025 EU-wide stress test exercise will be a cornerstone of this effort, incorporating lessons learned from previous exercises and introducing new methodologies. The EBA plans to expand top-down elements in its stress test framework, which will require additional resources and a more detailed analysis of institutions' financial health. Firms can expect these stress tests to scrutinise their ability to withstand adverse economic conditions, including scenarios involving high inflation and market volatility.
    A notable aspect of the EBA's enhanced monitoring efforts is the increased focus on Environmental, Social and Governance (ESG) sustainability and climate-related risks. The EBA's work programme includes developing a framework for monitoring ESG risks across the EU banking sector. This framework will encompass transition and physical risks associated with climate change, as well as market developments related to sustainable products. The EBA's commitment to integrating ESG considerations into its regulatory framework is evident in its ongoing work on ESG risk management guidelines and climate stress tests.
    Data infrastructure development
    The EBA will enhance its data infrastructure to support regulatory reporting and risk assessment. The implementation of the EBA's Data Strategy will improve how regulatory data is acquired, compiled, used and disseminated. The strategy includes the development of advanced technical capabilities for data processing and analysis, leveraging the European Centralised Infrastructure of Data (EUCLID). EUCLID serves as a centralised platform for collecting and processing micro and aggregated data from all financial institutions, thereby enhancing the quality and accessibility of regulatory data. This platform will be instrumental in supporting the EBA's analytical capabilities and ensuring that high-quality data is available to both internal and external stakeholders.
    As part of this strategic enhancement, firms will be required to adapt to new reporting frameworks. The EBA's focus on integrated reporting aims to create a more consistent and streamlined system for collecting statistical, resolution and prudential data. This integration is expected to reduce reporting costs and improve efficiency for all stakeholders involved. The Joint Bank Reporting Committee (JBRC), established in collaboration with the ECB and the SRB and NCAs, will play a crucial role in harmonising reporting concepts and definitions. This harmonisation will facilitate a more seamless data reporting process across different regulatory domains.
    A critical aspect of the EBA's Data Strategy is the emphasis on data accuracy and timeliness. Firms will need to ensure that their data reporting processes are robust and capable of meeting the stringent requirements set forth by the EBA. This includes adhering to updated validation rules, maintaining high standards of data quality and ensuring timely submission of required data. The EBA will continue to maintain a high-quality supervisory reporting framework, including a data point model based on the DPM standard 2.0, which will support these objectives.
    Oversight activities for DORA and MiCAR
    As discussed above starting in 2025, the EBA will take up new responsibilities for overseeing ICT third-party service providers under DORA and supervising crypto-asset issuers under MiCAR. The regulation of crypto-assets is a critical component of the EBA's innovation agenda. MiCAR will see the EBA taking on new supervisory responsibilities. These include the oversight of significant asset-referenced tokens (ARTs) and e-money tokens (EMTs).
    The EBA will also monitor market developments in decentralised finance (DeFi) and crypto-asset staking and lending. The authority's role extends to providing non-binding opinions on the regulatory classification of crypto-assets and exercising intervention powers where necessary.
    The EBA's comprehensive regulatory approach aims to mitigate the risks associated with crypto-assets while fostering a secure and transparent market environment. The EBA expects that financial services firms involved in these areas will need to comply with new oversight frameworks, including reporting requirements and operational risk management standards.
    Innovation and consumer protection
    The EBA will focus on fostering innovation while ensuring consumer protection. This includes monitoring financial innovation, such as crypto-assets, artificial intelligence (AI) and machine learning applications as well as digital identities management. The EBA recognises that innovations such as crypto-assets, AI and machine learning have the potential to transform the financial sector. However, these advancements also pose significant risks that need to be managed to protect consumers and maintain financial stability. The EBA's strategy includes continuous engagement with industry stakeholders, competent authorities and international organisations to identify emerging risks and opportunities. This engagement is facilitated through platforms such as the EBA FinTech Knowledge Hub and the European Forum of Innovation Facilitators (EFIF), which promote knowledge sharing and regulatory convergence.
    AI and machine learning applications are increasingly being integrated into financial services, offering enhanced efficiency and new capabilities. However, these technologies also introduce complexities related to data privacy, algorithmic bias and systemic risks. The EBA's work programme indicates a commitment to monitoring these developments closely. The authority will assess the implications of use cases in the financial sector and provide guidance on regulatory expectations. This includes ensuring that applications are used responsibly and ethically, with adequate safeguards to protect consumers from potential harms.
    The management of digital identities is another area where the EBA is focusing its efforts. As financial services become more digitised, the need for secure and reliable digital identity solutions becomes paramount. The EBA will monitor developments in this space to ensure that digital identity management systems are robust and can effectively prevent fraud and identity theft. This involves setting standards for digital identity verification processes and ensuring that financial institutions implement these standards effectively.
    Transition to a New AML/CFT Framework
    With the establishment of the new EU AML authority (AMLA) in 2025, the EBA will prepare for the transfer of its AML/CFT-related powers. Throughout 2025, the EBA will focus on ensuring that this transfer is seamless and does not disrupt ongoing efforts to combat financial crime. This involves the meticulous preparation and transfer of data, knowledge and specific powers to AMLA. The EBA will also provide technical advice to the European Commission, particularly in response to calls for advice on key aspects of the new AML/CFT framework. Additionally, the EBA will support NCAs in their preparatory work, ensuring that they are well-equipped to operate under the new regulatory regime and the new operational arrangements necessary for effective cooperation between prudential and AML/CFT and other supervisors and regulators. This includes establishing gateways for information exchange and ensuring that financial crime risks are tackled comprehensively through prudential regulation and supervision. The 2025 AWP signals that financial institutions will need to align their AML/CFT practices with new regulatory expectations and ensure seamless cooperation with AMLA.
    Payment services and depositor protection
    The EBA will start delivering mandates under the revised Deposit Guarantee Schemes Directive (DGSD), Payment Services Regulation (PSR) and the related Directive (PSD3) and other related regulations such as the Regulation known as Financial Information Data Access Act (FIDAR). The EBA expects that firms should prepare for changes in payment security, fraud prevention, depositor protection and consumer awareness requirements.
    Under the revised DGSD, the EBA will focus on delivering an estimated 11 mandates aimed at enhancing depositor protection. These mandates include the development of methodologies for the least cost test, the creation of information sheets for consumers and the facilitation of fund transfers between Deposit Guarantee Schemes (DGSs). The EBA will also publish annual data on covered deposits and the financial means available to DGSs. These measures are designed to bolster the resilience and transparency of DGSs, ensuring that depositors are adequately protected in the event of a bank failure. Firms should anticipate stricter compliance requirements and enhanced reporting obligations to align with these new standards.
    The PSR and the revised PSD3 introduces approximately 12 mandates that the EBA will start delivering, focusing on various aspects of payment services. These include authorisation processes, safeguarding measures, calculation of own funds, passporting procedures, governance and control mechanisms and the establishment of central registers. One of the critical areas under PSD3 is payment security and fraud prevention. The EBA will develop guidelines and standards to enhance the security of payment transactions and mitigate fraud risks. The EBA expects that firms implement robust security protocols and fraud detection systems to comply with these new requirements. Additionally, there will be an emphasis on consumer awareness, necessitating firms to provide clear and comprehensive information to consumers regarding their payment services.
    FIDAR is another significant regulation under which the EBA will deliver an estimated five mandates. These mandates focus on the use of consumer data, authorisation of financial information service providers, functioning of financial data sharing schemes, establishment of a central register and settlement of disagreements between NCAs. The EBA sets out that firms will need to ensure that their data handling practices are compliant with these new regulations, particularly concerning consumer data privacy and security.
    In addition to the specific mandates under DGSD and PSD3, the EBA will in delivery of its 2025 AWP continue to focus on consumer protection across the financial services sector. This includes monitoring financial innovation, identifying areas where further regulatory or supervisory response may be needed and fostering a consistent and high level of consumer protection. The EBA will publish its biennial Consumer Trends Report and follow up on identified issues. Firms should expect increased scrutiny on their consumer protection practices and may need to enhance their transparency and communication efforts to meet these heightened standards.
    Capital, loss absorbency and accounting framework
    The EBA will continue monitoring Common Equity Tier 1 (CET1) issuances and maintaining a public list of CET1 instruments. Firms will need to ensure compliance with updated capital requirements and loss absorbency standards. The EBA's work programme underscores the importance of compliance with updated capital requirements as part of the broader implementation of the EU Banking Package, specifically CRR III and CRD VI. These reforms are designed to align EU regulations with the final Basel III standards, introducing more risk-sensitive approaches for determining capital requirements for credit, market and operational risks. The updated framework includes an 'output floor' to serve as a backstop for internal models used by banks, ensuring that capital requirements do not fall below a certain level. Certain financial institutions may need to adapt their internal processes and systems to comply with these enhanced requirements. This includes recalibrating their risk models, updating their reporting frameworks and ensuring that their capital planning processes are robust enough to meet the new standards. The EBA sets out that it will provide guidance and support through ITS, RTS and Guidelines to facilitate this transition.
    Liquidity, leverage and interest rate risk
    The EBA will monitor the implementation of regulatory provisions on liquidity, leverage risk and interest rate risk. Financial institutions should be prepared for ongoing scrutiny of their liquidity coverage ratios (LCR), net stable funding ratios (NSFR) and interest rate risk management practices.
    The EBA will continue to update the ITS on reporting requirements to reflect changes in Level 1 texts and provide necessary guidance to supervisors. This includes monitoring national practices on liquidity, national options and discretions, as well as the concrete implementation of LCR rules and definitions. The EBA expects that financial institutions should be prepared for detailed assessments of their liquidity management practices, including the monitoring of interdependent assets and liabilities under both LCR and NSFR frameworks.
    Interest rate risk in the banking book (IRRBB) remains a significant area of focus for the EBA. The authority will continue to monitor the implementation of existing regulatory products related to IRRBB and follow up on its scrutiny plans concerning the impact of the new interest rate environment on IRRBB management and modelling assumptions. This includes reflecting on lessons learned from recent market turmoil and international developments. The EBA's heatmap on IRRBB, published at the end of 2023, outlines short, medium and long-term actions that institutions need to implement. These actions aim to enhance the measurement and management of interest rate risk, ensuring that banks are better equipped to handle fluctuations in interest rates. Financial institutions should expect ongoing evaluations of their IRRBB frameworks, with potential updates to regulatory products and additional supervisory guidance as necessary.
    The leverage ratio is another critical metric under the EBA's purview, aimed at assessing the risk of excessive leverage within financial institutions. The EBA will continue to monitor the consistent implementation of leverage ratio requirements, including notifications and follow-up actions. This involves regular updates to technical standards on reporting and disclosure where necessary.
    Credit risk management
    The EBA's work on credit risk will focus on developing technical standards for calculating capital requirements under both SA and IRB approaches. The EBA will also monitor and promote the consistent application of credit risk standards, ensuring that institutions adhere to the revised guidelines under the SA. For the IRB approach, the EBA's focus will be on developing technical standards that specify methodologies for estimating probability of default (PD), loss given default (LGD) and exposure at default (EAD). This includes guidelines on proportionate diversification methods for retail exposures and methodologies for estimating IRB credit conversion factors (CCFs). The EBA will also monitor the implementation of the IRB roadmap, which aims to ensure that internal models used by banks are robust and reliable. Firms using the IRB approach will need to review and possibly recalibrate their internal models to meet these new standards, ensuring that their risk assessments are accurate and compliant with regulatory expectations. Firms may need to adjust their credit risk models and practices accordingly.
    The EBA has emphasised the importance of proportionality in its regulatory approach, particularly in relation to small and medium-sized banks. The Advisory Committee on Proportionality (ACP) has recommended that the EBA's regulatory products reflect proportionality by setting different scopes, aiming for less complex regulation and using straightforward language. This consideration is crucial for ensuring that smaller institutions are not unduly burdened by compliance requirements. The EBA plans to engage in industry consultations through roundtables and dialogues to gather feedback and ensure that the regulatory framework is practical and effective.
    In addition to the developing of technical standards, the EBA will continue its monitoring efforts through benchmarking exercises of internal models. This includes preparing annual benchmarking reports on IRB models and updating reporting frameworks to reflect changes in regulatory requirements. The EBA will also support supervisors in monitoring the implementation of these standards, providing guidance where necessary to ensure consistent application across the EU.
    Market risk, operational risk and investment firms
    The EBA will develop technical standards for market risk, credit valuation adjustment (CVA), counterparty credit risk (CCR) and operational risk.
    The EBA's work on market risk will include: (i) regular updates to the list of diversified stock indices; (ii) monitoring and promoting consistent application of market risk requirements; (iii) supporting the implementation of the Basel III market risk framework in the EU; and (iv) delivering Basel III-related mandates concerning Fundamental Review of the Trading Book (FRTB), CVA, CCR and securities financing transactions (SFTs).
    The EBA's work on CVA risk will focus on: (i) developing RTS on CVA for SFT; (ii) preparing RTS on data inputs and assessment methodologies for CVA; (iii) monitoring and promoting consistent application of CVA requirements.
    The EBA's activities on CCR will include: (i) developing RTS on the calculation and aggregation of crypto exposure values (ii) preparing RTS on structural foreign exchange (FX) and other technical elements for regulatory CVA; (iii)) supporting Q&A on CCR to ensure clarity and consistency in application.
    The EBA will in respect of operational risk will focus on: (i) implement the new Standardised Measurement Approach for operational risk as part of the final Basel III framework; (ii) developing RTS on elements to calculate business indicator components (BIC) and adjustments to loss datasets preparing guidelines on governance arrangements to maintain loss data sets and RTS on exclusion of losses.
    Investment firms should also prepare for new regulatory requirements stemming from the review of the IFR/IFD regime. The EBA's work on this will also include (i) monitoring and promoting consistent application of investment firms' requirements; (ii) preparing supervision practices for investment firms and (iii) developing RTS on waivers for authorisation of investment firms.
  2. EBA's deprioritisation of policy areas
    The EBA's 2025 AWP has outlined a comprehensive work programme for the years 2025 and beyond, detailing its strategic priorities and specific tasks. However, within this extensive plan, certain items have been marked for potential deprioritisation due to resource constraints and the need for flexibility in response to evolving circumstances. The EBA has indicated that tasks marked in the AWP 2025 with a "+" may be subject to review in light of resource redeployment and reprioritisation required to address high regulatory mandates. These tasks may be postponed, cancelled, or undertaken with less intensive resource input.
    This approach reflects the EBA's need to balance its extensive mandate with available resources while maintaining flexibility to adapt to new developments. These potential deprioritised tasks include with respect to:
    1. Policy and convergence work: Several tasks within the policy and convergence work are flagged for potential review and deprioritisation. For instance, in Activity 1 – Capital, loss absorbency and accounting, tasks such as the follow-up on the monitoring of the impact of the interest rate environment on own funds and eligible liabilities aspects and the possible update of the Guidelines on Expected Credit Losses (ECL), are marked with a "+" indicating they may be subject to review. Similarly, in Activity 2 – Liquidity, leverage and interest rate risk, additional reflections on liquidity metrics implementation and related accounting aspects, as well as updates to regulatory products following scrutiny plans, are also flagged.
    2. Credit risk and market risk: In Activity 3 – Credit risk (including large exposures, loan origination, NPL, securitisation), several deliverables such as monitoring reports on capital treatment of STS synthetics, collateralisation practices and the treatment of NPL under the securitisation framework are marked for potential deprioritisation. Likewise, in Activity 4 – Market, investment firms and services and operational risk, tasks related to market infrastructures (CSDR-related mandates) such as RTS for measurement and reporting of credit and liquidity risks and RTS on thresholds for provision of banking-type ancillary services are flagged.
    3. Innovation and FinTech: In Activity 8 – Innovation and FinTech, RegTech and SupTech, tasks like the report on white-labelling and the report on Distributed Ledger Technologies use cases in the banking and payment sector are marked with a "+", indicating they may be postponed or undertaken with less intensive resource input. Additionally, follow-up work on identified priorities in innovative applications such as crypto-assets and AI/ML use cases is also subject to review.
    4. Data Infrastructure and Services: For Activity 15 – Data infrastructure and services, statistical tools, tasks such as providing data-based support for statistical activities related to top-down stress tests and climate risk stress tests are flagged for potential deprioritisation. The same applies to training NCA and EBA users on data and analysis tools.
    5. EBA's Legal and Compliance functions: In Activity 17 – Legal and compliance, follow-up peer reviews on the treatment of mortgage borrowers in arrears are marked with a "+", indicating they may be subject to review. The establishment of a MiCAR enforcement function (independent investigation officer) is also flagged for potential deprioritisation.

Importantly, there have been some changes between the focus, scrutiny and tone of what ESMA focused on in its 2024 AWP compared to what it plans to do in furtherance of its 2025 AWP's objectives relating to its regulatory as well as direct supervision and convergence roles.

To view the full article click here.

Footnotes

1. Available here.

2. DORA aims to enhance digital operational resilience across the financial sector. Supervised firms must focus on effective implementation, fostering cooperation among stakeholders and addressing emerging risks. ESMA will oversee CTPPs to promote convergence and strengthen digital operational resilience. Firms should prepare for new tasks and powers conferred on ESMA related to DORA, including implementing a cyber-incident report system and developing supervisory convergence tools. On 1 October 2024, ESMA and its sister ESAs announced the appointment of Marc Andries as DORA Joint Oversight Director. This role will be responsible for implementing and running the oversight framework for CTPPs at a pan-European scale. Mr. Andries has held senior responsibilities in the areas of ICT project management, oversight and supervision, including at France's NCAs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Finance Law and Banking Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More