1. Bank regulation
1.1 PRUDENTIAL REGULATION
a) General
(i) International
BCBS: Work programme and strategic priorities for 2025/26
Status: Final
The BCBS has published its work programme and strategic priorities for 2025/2026, which include: (i) Basel III implementation; (ii) risk assessment and safeguarding resilience, including an investigation into banks' interconnection with non-bank financial intermediation and ongoing work responding to the 2023 banking turmoil; (iii) digitalisation of finance and AI-related issues; and (iv) actions relating to bank liquidity drawing on the lessons from the 2023 banking turmoil.
Date of publication: 05/02/2025
b) Solvency/Own funds issues
(i) EU
Status: Consultation
Deadline for the submission of comments: 26/05/2025
The EBA has launched a consultation on draft ITS on amending Commission Implementing Regulation (EU) 2016/2070 with regard to the benchmarking of internal models in advance of the 2026 benchmarking exercise. Article 78 of Directive 2013/36 (CRD VI) requires competent authorities to conduct an annual assessment of the quality of the approaches used for the calculation of own funds requirements. To assist competent authorities in this assessment, the EBA calculates and distributes benchmark values to competent authorities that allow a comparison of individual institutions' risk parameters. These benchmark values are based on data submitted by institutions as laid out in Commission Implementing Regulation (EU) 2016/2070, which specifies the benchmarking portfolios, templates and definitions to be used as part of the annual benchmarking exercises for the 2026 benchmarking exercise.
To view the full article click here.
For market risk, changes to the templates and instructions for the Alternative Internal Model Approach (AIMA) framework are recommended, reflecting the changes introduced through a fundamental review of the trading book (FRTB). Given the complexity of the AIMA FRTB implementation, the initial application of the data submission has been reduced to a smaller subset of the instruments and portfolios than was required for the previous IMA framework. Granular data collection is limited to Expected Shortfall and Stress Scenario Risk Measures, while Default Risk Charge will be considered for future developments. Additionally, though no substantial change was introduced in the FRTB Alternative Standardised Approach (ASA) data collection, with the proposed changes to Article 78 of the CRD (which will enter into force at the beginning of 2026), the 2026 benchmarking exercise will see an increase in the number of institutions within the scope of the ASA data collection, and the EBA benchmarking definition will align with the breakdown of Credit Risk IRB templates adopted in the revised ITS on supervisory reporting.
Alongside the consultation, the EBA also published a press release reinforcing the benchmarking exercise and linking the four annexes to the ITS.
Date of publication: 25/02/2025
EBA: Heatmap following the scrutiny on the IRRBB standards implementation in the EU
Status: Final
The EBA has published a report on the implementation of the first phase of the short/medium-term objectives in its interest rate risk in the banking book (IRRBB) heatmap. In the report, the EBA sets out a number of observations and recommendations, including in relation to: (i) the materiality of non-maturity (NMD) behavioural assumptions and the complexity of their modelling. This includes a non-restrictive list of risk factors impacting NMD repricing behaviour and a toolkit to support supervisors in their analysis of NMD modelling; (ii) the complementary dimensions of the supervisory outlier test (SOT) on the Net Interest Income (NII) metric. The report discusses the additional dimensions that supervisors could consider for institutions considered outliers; (iii) the expected approach in the SOT on NII to model and project commercial margins of NMD, which are subject to behavioural optionality; and (iv) hedging strategies.
The EBA intends to continue assessing the impact of the IRRBB regulatory package and interacting closely with interested stakeholders. As medium/long-term objectives of the heatmap, the EBA will monitor the five-year cap on the weighted average repricing maturity of NMD and credit spread risk arising from banking book-related aspects, primarily regarding the perimeter of its application. Date of publication: 06/02/2025
Status: Adopted by the EC
The EC has adopted a Delegated Regulation which amends the RTS laid down in the Commission Delegated Regulations (EU) 2022/2059, (EU) 2022/2060 and (EU) 2023/1577 as regards the technical details of: back-testing and profit and loss attribution requirements, the criteria for assessing the modellability of risk factors, and the treatment of foreign-exchange risk and commodity risk in the non-trading book under Articles 325, 325be and 325bg of the CRR. The amendments are to align the RTS with the amendments introduced by CRR III. In particular: (i) In relation to the technical details of back-testing and profit and loss attribution requirements, the technical standards remove the aggregation formula for computing the total own funds requirements for market risk for an institution using the alternative internal model approach as this formula has now been introduced in the CRR; (ii) in relation to the criteria for assessing the modellability of risk factors, the technical standards ensure that institutions are able to identify how far they rely on a third-party vendor for the purpose of assessing the modellability of a risk factor; and (iii) in relation to the treatment of foreign-exchange risk and commodity risk in the non-trading book, the technical standards ensure that translation risk is duly captured by institutions in light of the provisions introduced in Article 325b of the CRR.
The Delegated Regulation is now subject to scrutiny by the European Parliament and the Council and, assuming no objections, shall enter into force 20 days following its publication in the OJ.
Date of publication: 03/02/2025
ECB/ESRB: Joint report on the use of countercyclical capital buffers
Status: Final
The ECB and ESRB have published a joint report on the use of the positive neutral countercyclical capital buffer (PN CCyB) in the EEA. This approach has gained traction among EEA countries in recent years as a way of increasing resilience over the financial cycle and enhancing financial stability. The report addresses areas of commonality in the approaches adopted by EEA countries, including: (i) broad agreement on what a positive neutral approach means and what it is useful for; (ii) in most jurisdictions, there is no expectation that the PN CCyB will yield higher CCyB requirements at the peak of the cycle when cyclical systemic risks become elevated; (iii) there is broad consistency in the conditions that would guide authorities' decisions to release the CCyB; (iv) in most jurisdictions, the introduction of a PN CCyB does not need to be offset by a reduction in other capital requirements; and (v) clear and transparent communication is a key element in the introduction and use of a PN CCyB.
The report also addresses areas of challenge in implementing PN CCyB, including: (a) potential overlaps with the objective of the Systemic Risk Buffer (SyRB) which is concerning for the majority of authorities that have not adopted a PN CCyB approach; (b) a lack of clarity in EU legislation as an obstacle to adopting a framework for the use of a PN CCyB rate; and (c) the need to promote a more consistent implementation of the CCyB in the EU, including reaching a shared understanding of the objectives of a PN CCyB approach.
Date of publication: 31/01/2025
c) Securitisation
(i) EU
EC: Call for evidence on a review of the securitisation framework
Status: Consultation
Deadline for the submission of comments: 19/03/2025
The EC has published a call for evidence on a review of the securitisation framework. The initiative is meant to be a holistic review of the securitisation framework, including non-prudential elements (like transparency, due diligence, etc.) and prudential requirements (both for banks and insurers).
Date of publication: 19/02/2025
Status: Consultation
Deadline for the submission of comments: 31/03/2025
ESMA has launched a consultation on the revision of the disclosure framework for private securitisation under Article 7 of the Securitisation Regulation. The consultation proposes a simplified disclosure template for private securitisations designed to improve proportionality in information-sharing processes while ensuring that supervisory authorities retain access to the essential data for effective oversight. The new template introduces aggregate-level reporting and streamlined requirements for transaction-specific data, reflecting the operational realities of private securitisations.
The proposal of the simplified template follows ESMA's previous consultation, where industry stakeholders called for short-term solutions to address key challenges and advocated for a simplified template for private securitisations. A summary of these responses was published in the December 2024 feedback statement. It adds to the recently announced ESMA initiative on simplification and burden reduction actions, while also preserving the main objectives of financial stability, orderly markets and investor protection.
Date of publication: 13/02/2025
d) Liquidity
(i) EU
EC: Call for evidence on amending NSFR treatment of SFTs under CRR
Status: Consultation
Deadline for the submission of comments: 10/03/2025
The EC has published a call for evidence on targeted amendments to the Capital Requirements Regulation (CRR) to adjust the prudential treatment of securities financing transactions (SFTs) under the net stable funding ratio (NSFR). Under Article 510(8) of the CRR, until 28 June 2025, EU credit institutions can apply lower required stable funding (RSF) factors for SFTs and unsecured transactions with a residual maturity of less than six months than those set out under the Basel standards. Under Article 510(7) of the CRR, the EC has the power to adopt a legislative proposal to amend the CRR provisions on the treatment of these instruments under the NSFR. The targeted amendments therefore aim to make the current transitory prudential treatment for SFTs and unsecured transactions with a residual maturity of less than six months permanent for financial customers, for the purposes of the NSFR (i.e., to extend the current treatment beyond 28 June 2025, and permanently). The EC is proposing to make this treatment permanent on the basis that the higher RSF factors which would otherwise apply would make these instruments more costly in the EU and would consequently harm the demand for collateral and the liquidity in the collateral markets. The EC is also responding to concerns that the decisions of the U.S. and the U.K. to maintain lower RSF factors than under the Basel standards for these instruments on a permanent basis may lead to a loss of competitiveness for EU banks.
Date of publication: 10/02/2025
ESRB: Monitoring framework for systemic liquidity risk
Status: Final
The ESRB has published a report setting out a framework for monitoring systemic liquidity risks. The report was prompted by liquidity events in recent years, including the 'dash for cash' during the Covid-19 pandemic, liquidity stress faced by GBP funds pursuing liability-driven investment strategies in 2022, and the banking stress in the US and Switzerland in 2023. The ESRB notes that entities outside the traditional banking system were at the epicentre of events in some cases and markets other than sovereign bonds were impacted, highlighting the need to pay attention to liquidity stress beyond banks and asset classes outside sovereign bonds.
The report sets out four main steps for operationalising the liquidity risk surveillance framework: (i) identify the key entities and markets in scope – according to the ESRB, key entities may include investment funds, banks, insurance corporations and pension funds, while key markets may include government bond markets which are key for the overall EU financial system and derivatives markets, which are of systemic importance; (ii) select surveillance indicators for funding and market liquidity risks; (iii) select indicators for contagion and amplification risks and interactions between funding and market liquidity; and (iv) synthesise the information into practical heat maps and a set of composite liquidity risk indices. The ESRB observes that sound expert judgement must still be exercised when interpreting the proposed surveillance indicators.
Date of publication: 03/02/2025
e) Risk management/SREP/Pillar 2/Outsourcing/NPL
(i) EU
ECB: Clarification on ICAAPs and ILAAPs and respective package submissions
Status: Final
The ECB has published a report clarifying the internal capital adequacy assessment process (ICAAP) and the internal liquidity adequacy assessment process (ILAAP), as well as the respective package submissions. The ECB reminds banks of its main supervisory expectations on sound and effective capital and liquidity management in line with the ECB Guides on ICAAP and ILAAP published in November 2018. The ECB also outlines some clarifications on the governance around the submissions and key content areas which should be reflected in ICAAP and ILAAP packages. The report notes that it remains the responsibility of the banks to determine and apply the most appropriate approach to ensure sound capital and liquidity adequacy assessment processes tailored to their own specificities. Therefore, the ECB's clarifications focus on sound practices instead of setting additional expectations or requirements, and should be considered by banks to refine or improve their capital and liquidity management practices. Regarding the technical details around ICAAP and ILAAP package submissions, the note "Technical implementation of the EBA Guidelines on ICAAP information collected for SREP purposes" that was sent to banks in February 2017 remains applicable and is included in the annex to the report.
Date of publication: 10/02/2025
(ii) International
BCBS: Amendments to principles for the management of credit risk
Status: Consultation
Deadline for the submission of comments: 21/03/2025
The BCBS has launched a consultation on updating the principles for the management of credit risk. The principles, first issued in October 2000, provide guidelines for banking supervisory authorities to evaluate banks' credit risk management processes in four key areas, namely: (i) establishing a suitable credit risk environment; (ii) operating under a sound credit-granting process; (iii) maintaining an appropriate credit administration, measurement and monitoring process; and (iv) ensuring adequate controls over credit risk. The BCBS mandated a review of the principles in 2023 to determine whether they remain fit for purpose, given the developments in global financial market-related credit risks and trends and changes in the supervisory and regulatory landscape over the past 25 years. The review confirmed the ongoing relevance of the credit risk principles but identified certain parts that either have become obsolete, superseded and redundant or are not fully aligned with the current Basel Framework and the BCBS' guidance. Therefore, the BCBS proposes a limited set of technical amendments to align the principles with the current Basel Framework and the latest Guidelines. A comparison against the 2000 version has been published alongside the consultation.
Date of publication: 05/02/2025
f) Cyber security
(i) EU
Publication of two DORA technical standards
Status: Published in the OJ
Date of entry into force: 12/03/2025
Date of application: 12/03/2025
Two delegated acts have been published in the OJ in respect of DORA. Both acts relate to ICT-related incident management, one of the key pillars of the DORA legislation, and are mandated by Article 20 of DORA, which seeks to harmonise reporting content and templates in relation to ICT-related incidents and cyber threats.
- Commission Delegated Regulation (EU) 2025/301 supplementing DORA with regard to RTS specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats
- Commission Implementing Regulation (EU) 2025/302 laying down ITS for the application of DORA with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat
Date of publication: 20/02/2025
ESAs: Roadmap to the designation of CTPPs
Status: Final
The ESAs have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under DORA. The roadmap of key dates between now and the end of the year sets out four milestones: (i) by 30 April, the ESAs will collect the registers of information that financial entities submitted to the competent authorities; (ii) by the end of July, the ESAs will perform criticality assessments required under DORA and notify third-party service providers if they are classified as critical; (iii) in the first half of September, there will be a hearing period where ICT third-party service providers may object to the assessment, providing a reasoned statement and supporting information; and (iv) by the end of the year, the ESAs will have designated and published the list of CTPPs and started the oversight engagement.
Alongside the roadmap, the EBA published a press release confirming that ICT third-party service providers not designated as critical may voluntarily request to be designated as critical once the list of CTPPs is published, with details of how to make such a request to be provided soon. The ESAs also plan to organise a workshop with ICT third-party providers in Q2 this year, with details to be published in due course. Date of publication: 18/02/2025
Status: Adopted by the EC
The EC has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS, specifying the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT). Article 26(11) of DORA mandates the European Supervisory Authorities (ESAs), in agreement with the European Central Bank (ECB), to develop joint draft RTS in accordance with the ECB's European framework for threat intelligence-based ethical red teaming (TIBER-EU framework) to specify further the following: (i) the criteria for identifying financial entities required to perform TLPT; (ii) the requirements regarding test scope, testing methodology and results of TLPT; (iii) the requirements and standards governing the use of internal testers; and (iv) the rules on supervisory measures and other cooperation needed for the implementation of TLPT and mutual recognition of testing. The Delegated Regulation will enter into force on the twentieth day following its publication in the Official Journal of the EU. The ECB has also published an updated version of the TIBOR-EU framework that aligns with the DORA RTS on TLPT.
Date of publication: 13/02/2025
EBA: Final report on Guidelines amending Guidelines on ICT and security risk management
Status: Final
The EBA has published a final report on amending Guidelines in respect of Guideline EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of DORA, which introduced harmonised requirements for ICT, risk management framework (RMF), incident reporting and third-party risk management and testing for certain financial entities. The entities subject to DORA and the related RTS on RMF overlap with those subject to the Guidelines. Therefore, to ensure transparency and legal certainty, the EBA reviewed the Guidelines and concluded that the entities subject to the Guidelines should be identified, and the scope of the Guidelines should be reduced to cover certain institutions providing payment services which are not in the scope of DORA. Guidelines on relationship management of payment services where this is not covered by the DORA requirements were also recommended.
The amending Guidelines will be translated into the official EU languages and will apply within two months after issuance (at the latest).
Date of publication: 11/02/2025
To view the full article click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.