Introduction

Chair’s introduction

JOSÉ MANUEL CAMPA

JOSÉ MANUEL CAMPA

Another challenging year reinforced the urgency to act collectively in a more decisive and timely manner. In 2022, we operated in a rather challenging and uncertain environment with many disruptive factors to grapple with. First and foremost, we were confronted with the Russian invasion of Ukraine, which not only fuelled unprecedented humanitarian needs around the globe, but it was also a major blow to the global economy, hurting growth and raising prices. We also had to deal with the lingering effects of the Covid-19 pandemic, the inflationary pressures and increasing supply chain concerns, the interest rate volatility, and the fallout from Brexit. The war also rekindled and even galvanised the debate on several long-standing European Union (EU) initiatives, including the EU climate strategy, and the digital finance strategy, and reinforced the collective urgency to act more decisively and more quickly. We cannot afford to wait until it is too late.

The Russian war against Ukraine has dented the economic recovery and heightened uncertainty. Besides the heavy human toll and subsequent humanitarian crisis, the ongoing war in Ukraine had and is still having significant economic knock-on effects throughout Europe ranging from direct costs from sanctions and trade disruptions, rising inflation due to higher energy and commodity prices. In addition, the mounting uncertainty about the end of the war and its aftermath has deteriorated consumers and investors’ confidence. As I write this foreword, we are witnessing the effects of such a confidence crisis rippling throughout the global financial system. The recent bank failures in the US and in Switzerland indeed unfolded at times of heightened uncertainty, geopolitical risks and major societal transformation in response to the energy crisis and climate change.

More attention is needed to measure, monitor and actively manage interest rate risk, in the new high interest rate environment. While a low-interest-rate environment dominated the last decade, we are now confronted with a gradual increase in rates, which has impacted valuation of financial assets and expectations of potential deterioration of credit quality and made bank deposits more sensitive and susceptible to be moved at short notice. Inflation in the euro area has reached heights not witnessed since the 1970s and it is important to remember how it directly affects banks’ balance sheets through multiple channels. It is crucial that all banks, regardless of their size or complexity, properly manage this new environment. From our side, we already published technical standards on the management of interest rate risk in the banking book and increased our scrutiny of the way banks are managing such risk by launching a quantitative impact study late last year. We will also be publishing the results of our 2023 EU-wide stress test at the end of July. Given the rather uncertain economic environment, this exercise will be crucial to assess the robustness of the EU banking sector.

A full, faithful, and timely implementation of the Basel 3 framework is crucial to ensure resilience in the banking sector. A faithful and timely implementation of the EU banking package matters now more than ever. In the past few days, as I already recalled, we have been reminded that strong rules lead to strong banks, and strong banks are better able to serve firms, citizens and the economy at large. More than a decade of regulatory work has put us in a better position, with EU banks holding more and better capital and liquidity positions. The regulatory framework and the Single Rulebook we have developed so far has provided a consistent and robust regulatory framework across EU Member States and added a layer of resilience to the banking sector. That is precisely why I have been, and I am, particularly vocal on the need to speed up a full and faithful implementation of the internationally agreed Basel standards to all banks operating in the EU to further ensures resilience of the financial sector. However, for a successful implementation of these rules, given the interconnectedness of the global financial system, it is crucial that we achieve an international level-playing field through better convergence and transparency of this implementation in all other jurisdictions.

A positive attitude towards the application of innovative technologies is needed but institutions should innovate in a responsible manner, carefully weighing the inherent risks and opportunities. Another important area where we have initiated significant work is related to the digital transformation of the EU banking and payments sector. Here I firmly believe that financial institutions should have a culture that encourages a positive attitude towards the application of innovative technologies, but they should also foresee all possible safeguards to mitigate any associated risk. And for that, I see a crucial need for balanced regulation to facilitate the use of technologies that show a positive impact, whether based on process efficiency, risk management, consumer choice and experience when accessing financial services. Much of our focus this year will be on activities related to the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets (MiCA) Regulation. With the DORA-related activities, we aim at making sure that the financial sector in the EU is able to stay resilient through a severe operational disruption. With the MiCA-related activities, we aim at protecting investors and preserving financial stability, while allowing innovation and fostering the attractiveness of the crypto-asset sector. Finally, I would like to mention our important contribution to the future regulation of the European payments industry with the review of the Payment Services Directive (PSD3). I think this review will be a great opportunity to ensure further harmonisation on the payments market and avoid regulatory arbitrage and unlevel playing field.

Our key objective is to contribute to developing a sound regulatory and supervisory framework to support the transition towards a more sustainable economy, while ensuring that the banking sector remains resilient. Financial institutions and capital markets are seen as an important facilitator of the change needed to tackle climate change and encourage sustainability in all its aspects. Banks and other financial institutions have a key role to play in facilitating the transition to a greener and more sustainable economy, while managing financial risks stemming from environmental, social and governance (ESG) factors. We have been actively supporting the integration of ESG aspects in the EU banking sector, with a focus on risks, and the broader objective of contributing to the stability, resilience and orderly functioning of the financial system. ESG is indeed one of our priorities, and ESG aspects will be increasingly embedded across our products and activities. At the end of last year, we published our roadmap outlining the objectives and timeline for delivering our mandates and tasks in this area. There are many ongoing projects on how to best incorporate ESG risks in the regulatory framework focusing on five key areas, such as risk management, disclosures, supervisory practices, climate stress testing and possible adjustments to the prudential framework, as well as work to avoid greenwashing. Moreover, we are also pushing our agenda to develop not only the environmental component of ESG, but also its social and governance aspects, which are key to a sustainable future.

Executive Director’s interview

2022 was another challenging year for the European Banking Authority (EBA) and for the global economy, more generally. Can you tell us how you managed to deliver on your priorities?

2022 was indeed another intense year. Global challenges have forced us to adjust our core activities while we were already evolving our way of working to create a more sustainable, efficient, and innovative environment. Around this time last year, when we were just recovering from the COVID-induced economic crisis, like everybody else, we were taken aback by the war in Ukraine. It is still raging on and takes a very heavy humanitarian and financial toll across Europe and globally. The economic outlook remains fragile, downside risks predominate, and high uncertainty lingers.

Despite the unexpected circumstances, we managed to execute 95% of the tasks in our 2022 work programme, which is quite an achievement! The motivation, commitment and agility of our staff, the more efficient and streamlined business and operational processes we have put in place in recent years, the new internal mobility policy, are among the key drivers of our ability to deliver to the highest standard on both our planned and unforeseen activities. The latter made up a good 14% of our work.

FRANÇOIS-LOUIS MICHAUD

FRANÇOIS-LOUIS MICHAUD

Let me just single out the progress made in 2022 on one of our key priorities: making the most of banking and financial data. Data plays a crucial role in our activities. We need it to produce an evidence-based rulebook, to perform impact assessments and risk analyses, and to develop a harmonised and proportionate supervisory reporting system for banks and other financial entities. Since our creation, we have been using and receiving a wealth of data, and we came to realise that we needed not only to continue doing this in the most efficient manner, but that we also had a responsibility for making these data available as much as possible to our stakeholders. In order to be a trusted source of data and analytics services – a data hub – we were very busy in 2022 rolling out the multi-year comprehensive data strategy adopted in 2021. This will allow us not only to achieve our mandates more effectively, to enhance our capability to monitor the status of the financial system. It will also facilitate the sharing and use of banking and financial data with and for the entire community. Last year, we expanded the scope of our unique European Centralised Infrastructure for Supervisory Data (EUCLID) platform to investment firms. I am pleased to note that our work in this area is a key building block in the Commission’s data strategy for the whole financial sector and will lead to further synergies and increased consistency benefitting institutions, authorities, and financial entities.

Sustainability has always been at the heart of your actions and work. Can you tell us how you have been contributing to that objective and how the organisation is changing in that respect?

Our commitment to sustainability is indeed at the heart of what we do. Our ESG goals and policies span from our core work to our everyday operations. Supporting the transition to a more resilient and sustainable European banking sector is a key objective for the entire EBA. The banking sector should also play an important role, as a catalyst, in this transition. To that end, the authority has raised its game in this area. It is investigating ESG risks, informing risk assessment and policy making, participating in international discussions on this agenda, and ultimately incorporating such risks into the Rulebook from various angles, including risk management, supervision, and reporting. At the end of last year, we published a comprehensive roadmap outlining the objectives and timeline for delivering our ESG mandates and tasks for the years to come. ESG considerations are now systematically embedded in our products and activities, and we believe we have started providing a significant contribution in this area.

On the organisation front, 2022 has been a breakthrough year for the establishment of our Eco-Management and Audit Scheme (EMAS). We achieved the environmental objectives and targets that we had committed to in our single programming document for 2022. The effectiveness of our EMAS was checked and complimented by independent external auditors, who concluded that environmental matters and concerns are fully taken into account by the EBA at its premises management, in its activities, including its missions. Throughout the year, we have communicated a lot internally to raise awareness within staff and stakeholders. In March 2022, exactly two years since the beginning of EMAS implementation, an internal survey showed that EBA staff does value the management of environmental aspects in our organisation and is very motivated to improve our environmental performance further. This is very encouraging.

Another area where I am particularly happy with the progress made is gender equality. This is also critical to sustainability. Since I started my mandate, with a small internal team, we have been discreetly but consistently very active fostering equal chances for men and women in our organisation as well as through our policy and convergence work for the banking and financial sector. As I often mention, it is indeed the responsibility of a public sector organisation to represent the society it is embedded in. Our systematic and ambitious action over the past two years has allowed us to ensure that gender equality is observed in all our processes. Our workforce is equally distributed between men and women at all levels of the organisation, and we could also swiftly rebalance the situation in our management team. Change is possible in this regard, and one does not have to force the distribution as there is talent. More broadly, we are committed to creating equal opportunities for all staff members. In all this, we work closely with other European agencies to raise awareness, share good practices, and create a positive environment.

Technological innovations are changing the way we live and work. Can you tell us about the innovation projects at the EBA as well as the new ways of working within your organisation?

Staying at the forefront of technological innovation is essential. In particular, new information and communications technologies (ICT) allow us to remain faithful to the inspiration that led to the creation of the European supervisory authorities (ESAs) – that is, we aim to have maximum impact in everything we do, in a most cost-efficient manner.

In 2022, we were massively engaged in further rolling out and enriching our collaboration tools and techniques. This has already significantly transformed our organisation, and we will continue innovating. Our staff can now work seamlessly from anywhere, at any time, using any type of device, in a paper-less mode. It has transformed the way we communicate and collaborate both internally and with our external stakeholders, making us more efficient and effective. We also embarked on a project to evolve our workspaces in the wake of our move to hybrid work last year: it should fully support those tasks that colleagues and teams will need or chose to do at the premises.

Another key objective is our cloudification program. It is expected to be finalised in 2023 and will enable us to take full advantage of the scalability, agility, security, and cost-effectiveness of cloud-based technologies. I am confident that this move will help us deliver better services, while also reducing our environmental footprint.

One word on security and data protection. In 2022 we have also continued raising our setup to the highest standards, including multi-factor authentication, data encryption, and customized access controls to ensure that only authorised users can access sensitive information.

What are the operational priorities for the years to come?

We are very fortunate to have a solid list of new frontiers to reach. Life is never boring at the EBA. We will of course continue our work in the traditional areas of prudential regulation, to bring it to the next level, both from a content and from a format perspective. The banking package will in this regard mobilise our policy teams, as will the ESG roadmap. Risk identification tools and techniques, especially in the area of stress-testing will also remain front and centre, not only for the “traditional” EBA stress-test, which we expect to refine further, but also expanding to the area of climate.

On top of this, we are now working at full steam preparing for the application of DORA in 2025, and MiCA, which we also expect to be applicable over the same horizon. This means not only developing a brand new chapter of our Single Rulebook, but also setting oversight and supervisory functions at the EBA, in close liaison with a number of other European and national authorities. This is a new and fascinating task. At the same time, we will be helping our European partners to set up a fully integrated anti-money laundering (AML) authority in the EU, drawing on EBA’s recent experience. This is also very exciting.

Current economic conditions also mean that banks and financial entities will keep navigating difficult waters in 2023 and beyond. With our members, we are of course fully mobilised to monitor the situation, inform policy discussions, and prepare any necessary responses.

The new organisation put in place in 2021 has already served us very well, and together with our ICT modernisation, will continue to help us address all these challenges. We are fortunate at the EBA to have a very talented and motivated team, and we will keep up our efforts to best support and develop them!

2022 key figures

 

Types and number of institutions under the EBA scope

  How many Data from Reporting areas (up to EBA DPM v3.2)

All EU/EEA credit institutions

>4400

Q4 2020

COREP (solvency, large exposures, liquidity, leverage ratio, fundamental review of the trading book, supervisory benchmarking of internal models, asset encumbrance), FINREP (IFRS9, national GAAP, Covid-19), Funding Plans, Resolution (Planning, MREL Decisions, MREL/TLAC), Global Systemically Important Institutions, Remunerations (High-Earners, Benchmarking)

All EU/EEA banking groups

>500

Q4 2020

Largest credit institutions or banking groups

>160

Q1 2014*

All EU/EEA investment firms

>2300

Q3 2021

Investment Firms (CLASS2, CLASS3, GroupTest), COREP (solvency, large exposures, liquidity, leverage ratio, fundamental review of the trading book, supervisory benchmarking of internal models, asset encumbrance), FINREP (IFRS9, national GAAP, Covid-19), Resolution** (Planning, MREL Decisions, MREL/TLAC)

All EU/EEA Investment firms’ groups

>200

H2 2021

All EU/EEA payment institutions

>2400

H1 2019

Payments, Resolution** (Planning, MREL Decisions, MREL/TLAC)

All EU/EEA e-money institutions

>300

H1 2019

Payments

 

Work programme execution and overview of main deliverables

Work programme execution Tasks as set out in WP 2022 254
Execution rate 94%
Tasks including additional work 297
Execution rate 95%
Deliverables Reports 58
RTS/ ITS 26
Guidelines 20
Opinions 7
Advice 6
Peer reviews 3
Stress test 1
Other 5
Ongoing tasks 171

 

Breakdown of deliverables

General context

As the world began to recover from the COVID-19 health and economic crisis in the start of 2022, the Russian aggression against Ukraine presented yet another significant humanitarian and financial challenge for Europe and the rest of the world.

The invasion of Ukraine led the EBA to consider challenges and uncertainties arising from that conflict for areas within the EBA’s remit and to address these within the above priorities. This heightened the focus on assessing the risks that derive for banks and the financial sector. Here focus was on the likely adverse financial consequences of the Covid pandemic and the Russian war against Ukraine in the form of higher interest rates due to inflationary pressures and heightened uncertainty due to higher energy prices. The conflict also led the EBA to help with the enforcement of sanctions imposed on Russia but also to help people directly affected by the conflict by providing guidance on how to best facilitate their access to the financial system.

Notwithstanding the challenges presented by geopolitical and economic events during 2022, the EBA continued to adapt its operations and processes to establish a more effective and sustainable workplace.

During 2022 the EBA continued its efforts to strengthen the prudential framework including with respect to supervision and resolution, enhancing the EU-wide stress test, leveraging its platform for banking and financial data (EUCLID), deepening analysis and information-sharing on digital resilience, financial innovation, anti-money laundering and terrorism financing.

The EBA has shown resilience and adaptability not only by adjusting its workload and priorities but also by aligning its organisation with the upcoming challenges to be faced by the EU financial sector - in particular with regards to sustainable finance and financial innovation. New mandates from the Digital Operational Resilience Act (DORA), Markets in Crypto-Assets Regulation (MiCA) and the implementation of the ESG roadmap published by the EBA in December 2022 illustrate the broadened scope of the EBA’s activities as they align with an ever-changing financial sector.

List of figures

 
Figure 1: CET1 (fully loaded) ratio 18
Figure 2: Funding plan expectations 19
Figure 3: Outstanding loan growth by segment 21
Figure 4: Main drivers of operational risk as seen by banks 23
Figure 5: Tasks and responsibilities of the stress-test exercise 25
Figure 6: EU banks’ exposures towards commodity derivatives 29
Figure 7: Actions in light of COVID-19 36
Figure 8: EBA market survey responses to “Envisaged timeframe to enter
the sustainable securitisation market” 38
Figure 9: USSPs 2020-2022 and the key priorities in the ESEP 2022 39
Figure 10: Key topics incorporated into CAs’ supervisory priorities in 2022 40
Figure 11: Development of the number of high earners 42
Figure 12: Distribution of high earners by payment bracket of EUR 1 million
and Member State 42
Figure 13: scope of entities for whish the EBA collects data 46
Figure 14: ESG disclosure in the EU financial institutions 53
Figure 16: Fraud rate for remote card payments reported by issuers and acquirers,
with and without SCA 56
Figure 17: Fraud rate when payments are executed domestically, inside the European Economic Area (EEA) and outside EEA in H2 2020 56
Figure 15: why is SupTech important? 60
Figure 18: Types of entities concerned by the material weaknesses reported up to
31 December 2022 65
Figure 19: Distribution of material weaknesses submitted up to 31 December 2022
by category 65
Figure 20: key objectives of the EBA’s roadmap on sustainable finance 71
Figure 21: Supervisory disclosure process 91

Abbreviations

 
AIartificial intelligenceGCCgroup of connected clients
AISPaccount information service providerGDPgross domestic product
AML/CFTanti-money laundering and countering the financing of terrorismGLguidelines
AMLAAnti-Money Laundering AuthorityHDPshigh-default portfolios
ARTsasset-referenced tokensIFDInvestment Firms Directive
BCBSBasel Committee on Banking SupervisionIPUintermediate EU parent undertaking
BMBasel III MonitoringIRRBBinterest rate risk in the banking book
BRRDBank Recovery and Resolution DirectiveITinformation technology
CAscompetent authoritiesITSimplementing technical standards
CASPscrypto-asset service providers JBRCJoint Bank Reporting Committee
CfACall for AdviceLCULegal and Compliance Unit
CRDCapital Requirements DirectiveMCDMortgage Credit Directive
CRRCapital Requirements RegulationMiCAMarkets in Crypto-Assets
CSVcomma separated valuesMLmachine learning
CTRConsumer Trends ReportML/TFmoney laundering/terrorist financing
CVAcredit valuation adjustmentMRELminimum requirement for own funds and eligible liabilities
DeFidecentralised financeMSmystery shopping
DGSDeposit Guarantee SchemesNCAs national competent authorities
DORADigital Operational Resilience ActNFCInet fees and commissions income
DPMdata point modelNIInet interest income
DPDiscussion PaperNPES non-performing exposures
EBAEuropean Banking AuthorityNPLnon-performing loan
ECEuropean CommissionNSFRnet stable funding ratio
ECBEuropean Central BankPSPs/IPSPspayment service providers / intermediary payment service providers
ECJEuropean Court of JusticeQ&Aquestion and answer
ECSPREuropean Crowdfunding Service ProvidersQISquantitative impact study
EFRAGEuropean Financial Reporting Advisory GroupRARrisk assessment report
EIOPAEuropean Insurance and Occupational Pensions Authority RegTechregulatory technology
EMASEco-Management and Audit SchemeRoEReturn on Equity
EMTselectronic money tokensRTSregulatory technical standards
ERMenterprise risk managementSCsubcommittee
ESAPEuropean single access point SCA&CSCstrong customer authentication and secure communication
ESAsEuropean supervisory authorities SMEsmall and medium-sized enterprises
ESGenvironmental, social and governanceSNCIsmall and non-complex institutions
ESMAEuropean Securities and Markets Authority SRBSingle Resolution Board
ESRBEuropean Systemic Risk BoardSREPSupervisory Review and Evaluation Process
EU/EEAEuropean Union / European Economic AreaSTSsimple, transparent and standardised
EUCLIDEuropean Centralised Infrastructure for Supervisory Data SupTechsupervisory technology
EuReCaEBA’s central database on anti-money laundering and countering the financing of terrorismTLACtotal loss-absorbing capacity
FRTBfundamental review of the trading bookTFRTransfer of Funds Regulation
FSBFinancial Stability BoardTPPsthird-party providers
FXforeign exchange XBRLeXtensible Business Reporting Language
GBPBritish pound sterling 

ACHIEVEMENTS IN 2022

Evaluating the robustness of EU banks

Analysing risks and vulnerabilities

One of the key EBA mandates is assessing risks and vulnerabilities in the EU banking sector to ensure the stability, transparency and orderly functioning of the sector.

A vast amount of information needs to be monitored and examined on a regular basis, as the EBA evaluates potential risks arising from EU banking activities. In doing this, the EBA examines quantitative and qualitative information, including supervisory data reported by banks and closely monitors market developments, such as banks’ debt issuances, their equity offerings, pricing and growth of loans and deposits and credit standards.

Several aspects are considered when evaluating banks’ resilience. These include the assessment of banks’ robustness in terms of solvency, liquidity and funding, credit risk, profitability, as well as the viability of banks’ business models. Other risks are also significant. These include market and interest-rate risks, operational risks, as well as ESG considerations. The EBA’s assessment of risks and vulnerabilities in the EU banking sector is discussed regularly at the EBA’s Board of Supervisors.

In 2022 EU banks maintained high capital ratios and average CET1 stood at 15.3%

The annual risk assessment report, which was published in December 2022, brought together these discussions, the analyses performed and the overall assessment of the EU banking sector.

Despite the difficult macroeconomic environment and the challenging conditions during 2022, EU banks maintained high capital ratios while re-starting the distribution of dividends and running share buyback programmes. EU banks reported an average fully loaded Common Equity Tier 1 (CET1) ratio of 15.3% in December 2022, slightly lower than a year earlier (15.8% in December 2021). The capital headroom above regulatory requirements (i.e. overall capital requirements and Pillar 2 Guidance) was almost 500 basis points. The average leverage ratio for EU banks is comfortably above the minimum regulatory requirement (5.5% in December 2022).

In the last few years, European banks have increased their available liquidity to historically high levels. European banks have reported strong liquidity positions above regulatory minimums. Even banks at the lowest end of the distribution have maintained ratios above regulatory requirements, with the lowest quartile at 158% for the liquidity coverage ratio (LCR) and 123% for the net stable funding ratio (NSFR) in December 2022. Yet, this should not lead to complacency. Some banks have recently seen large withdrawals due to a lack of confidence.

Figure 1: CET1 (fully loaded) ratio

Central banks have tightened their monetary policies at an unprecedented level in response to the rising and persistent inflation across Europe. This has resulted in an increase in banks’ funding costs, albeit from a very low historical base. As monetary tightening policies are deployed, banks will also need to repay substantial amounts of central bank loans by 2024. At the same time, banks also need to meet minimum requirements for own funds and eligible liabilities (MREL). This can increase banks’ funding costs. Banks may be able to rely on existing liquidity buffers – including central bank deposits – to pay back central bank loans. Some banks however may need to issue additional debt or attract new deposits, while volatile markets may continue to challenge banks’ ability to obtain market funding.

 

Banks’ funding plans reveal intention to increase market-based funding

To further analyse funding and liquidity risks, the EBA publishes a Funding Plans Report annually. In 2022, 159 banks submitted their funding plans for a forecast period from 2022 to 2024. The report highlighted strong deposit growth and an increase in public sector sources of funding in 2021. Banks’ funding plans revealed intentions to increase market-based funding over the forecast period, while the gap between planned debt issuances and maturing targeted longer-term refinancing operations (TLTRO) in the coming two years remains significant. The report also estimated that the shift in economic and monetary developments will reduce banks’ liquidity coverage ratios (LCRs) and net stable funding ratios (NSFR) going forward.

Figure 2: Funding plan expectations

In 2022 asset encumbrance ratio decreased to 25.8 %

In addition to the Funding Plans Report, the EBA published the asset encumbrance report, which also looks into liquidity risks. The report shows that banks continued to make extensive use of central bank funding in 2021. As a result, the overall encumbrance ratio rose by 2.2 percentage points in 2021 to 29.1%. More than 50% of their central bank eligible assets and collateral were encumbered. Increasing encumbrance ratios might lead to adverse feedback loops of higher encumbrance and higher funding costs.

The increasing encumbrance levels reported since the outset of the pandemic have now reversed to their pre-pandemic average levels. According to data at the end of 2022, the asset encumbrance ratio decreased during 2022 to 25.8%. The trend reversal is attributed to the decrease in encumbered assets and collateral received by 7.3% or EUR 640 billion. At the same time total assets and collateral received increased by 4.6% or EUR 1.4 trillion.

Funding risk and EU banks’ reliance on foreign currencies for funding was also one of the key risks identified in the Risk Dashboard in 2022

Given the rising liquidity and funding risks and the importance of these metrics in analysing the resilience of the EU banking sector, during 2022, the EBA expanded the coverage of liquidity ratios in its quarterly EBA Risk Dashboard to provide further information on liquidity metrics, by providing the amount and composition of liquid funds (LCR numerator) as well as for available stable funding (NSFR numerator).

The funding risk and EU banks’ reliance on foreign currencies for funding was one of the key risks identified in a report in 2022. The report on EU dependence on non-EU banks and EU banks’ dependence on funding in foreign currencies shows that a considerable number of EU banks report foreign currency LCR levels below 100% and/or a currency mismatch between buffers and outflows. Many EU banks fund at least some of their assets in a currency different from the one in which the assets are denominated, thus creating a risk of currency mismatch in the overall LCR. Among the significant (foreign) currencies, the US dollar (USD) and the pound sterling (GBP) are those that show the lowest LCR levels for EU banks. Differences were also found when analysing the components of the banks’ LCR in USD relative to the overall LCR. The liquidity buffer in USD relies mainly on Level 1 securities as opposed to cash and central bank reserves, which is the case for the overall LCR. ‘“Other outflows” followed by outflows from “non-operational deposits” are the main component of USD outflows.

 

Key risks identified in 2022 risk dashboards

In addition to the solvency and liquidity risks, the quarterly EBA Risk Dashboard also reports trends in asset developments and quality. Overall, EU banks expanded their loan exposures during 2022, but with some differences among segments. While loans to non-financial corporates increased by almost 8% (driven mainly by large corporates), loans to households increased by almost 4% (driven mainly by mortgage loans). In addition, most of the increase took place during the first half of the year. Increasing interest rates, the persistence of inflationary pressures and heightened uncertainty due to the energy crisis during the second half of the year not only limited borrowers’ demand for loans, but resulted in banks significantly tightening their credit standards. This requires monitoring due to the role of banks as lenders in the economy.

Part of the increase in loans to non-financial corporations (NFCs) was due to the increase in banks’ exposures to the energy sector. The increased price volatility of oil and gas markets created unprecedented liquidity needs for energy-related firms in autumn 2022. Banks have been actively engaging with energy companies to provide a wide range of services to manage volatility in derivative energy markets. As a result, banks have substantially increased their overall exposures to the sector, both in terms of loans as well as derivatives. These exposures are concentrated in a small number of banks (please see interview box on this).

The asset quality of EU banks improved in 2022, yet credit risk needs to be closely monitored. The non-performing loan (NPL) ratio continued on a downward trend and its dispersion across banks tightened significantly. Although new NPL inflows remained significant, overall, banks managed to decrease NPL exposures as a solution and outright sales of NPLs (or securitisations) played a significant role. During 2022, the share of stage 2 loans stood at its highest level since implementation as banks recognised an increasing volume of loans in this stage. Banks also substantially increased provisions for performing loans. Nonetheless, the overall cost of risk has fallen below pre-pandemic lows presumably because of current substantial NPL outflows and the release or the reallocation of unused COVID-19 provisioning overlays.

The worsening macroeconomic environment due to the increase in inflation rates, the abrupt increase in interest rates, the consequences of the Russian invasion of Ukraine such as the energy crisis and the heightened geopolitical uncertainty, have amplified downside risks for economic growth and exposed vulnerabilities in several portfolios.

This mix of developments primarily affects vulnerable households that need to allocate an increasing share of their budgets to food, energy and debt repayments. Against this backdrop, debt servicing capacity, especially for highly indebted households and non-financial corporates, could be impaired. In the aftermath of the pandemic, non-financial corporates were the main driver behind the increase in the share of stage 2 loans. However, this changed in the second half of 2022, when banks started increasing the allocation of household loans (both mortgages and consumer credit) in stage 2. In addition, EU banks reported a marginal increase in the volumes of NPLs for consumer credit. These exposures are particularly sensitive to economic growth and especially unemployment rates and they are usually the first to react in economic downturns.

Bank exposures to SMEs remained significant in the current macroeconomic environment. SMEs have not only been challenged by rising interest payments, but also by higher energy costs. The access to capital markets has also been difficult for larger companies which have in response sought funding from banks. This raises the risk of crowding out SMEs as banks tighten their credit standards and limit the expansion of their balance sheets.

The abrupt increase in borrowing costs has also affected real estate markets. EU banks are highly exposed to residential real estate, with EU banks reporting more than EUR 4.2 trillion outstanding loans as of December 2022. The abrupt increase in borrowing costs has also affected real estate markets. EU banks are highly exposed in residential real estate, with EU banks reporting more than EUR 4.2 trillion outstanding loans as of December 2022. This is their biggest portfolio which makes up around 25% of total loans to households and NFCs. To explore the risks of the EU banking sector to residential real estate exposures, the EBA published a thematic note in October 2022. The note identifies that during the pandemic and its aftermath, the demand for housing accelerated rapidly, also propelled by historically low interest rates and the liquidity accumulated during the pandemic, which helped borrowers to meet down payments for mortgage loans. Although exposures to mortgage loans increased rapidly in the post-pandemic period, rising interest rates, heightened uncertainty and the slowdown in economic growth curbed the demand for loans. At the same time, banks started tightening their credit standards. As a result, the growth in outstanding mortgage loans halted during the second half of 2022, while there have already been some indications that house prices began to correct themselves in some areas of the EU. This could impair consumer confidence and their overall expenditure, dampening economic activity further. Although an increasing share of mortgage borrowers have a fixed-rate loan – at least for a predefined period of their loan – those with variable rates will be challenged by higher interest-rate payments. In this regard, their repayment capacity may be impaired, given also the unprecedented inflationary pressures in the cost of living. As a result, banks may be challenged not only with increasing default rates, but as housing prices correct, the collateral valuation is lowered. To some extent banks have taken precautionary measures against such a downturn, as loan-to-value ratios are lower compared to previous years (partly due to rising valuations). This was also a result of stricter credit standards, partly due to guidelines on loan origination and partly because of macroprudential borrower-based measures applied in various jurisdictions.

Figure 3: Outstanding loan growth by segment

Another area of concern has been commercial real estate exposures. Although EU banks’ exposure to this segment is smaller (around EUR 1.4 trillion as of December 2022), it has grown significantly during 2022 (around 9% YoY growth in outstanding volumes). This sector displays procyclical behaviour and has therefore concentrated significant investment in previous years, benefiting from the low-rate environment. The pandemic particularly impacted the sector. In fact, it was one of the segments that made extensive use of COVID-19-related support measures, such as moratoria on loan repayments. Pockets of risks could be exacerbated for the segment as higher interest rates add pressure to these corporates while they tackle rising energy costs and subdued demand due to the post-pandemic impact of lower office demand. Commercial real estate exposures have one of the highest NPL ratios (3.7% at end 2022), as banks still struggle to clean up legacy assets from previous crises. This could deteriorate because of the rise in construction and financing costs and lower demand due to changes in work practices with the increase in working from home.

Banks have raised their provisions against future credit losses due to an increasing credit risk. Thus, the cost of risks has marginally increased during the second half of 2022. However, it remains lower than pandemic levels (43 basis points as of December 2022). The strong profitability tailwinds due to strong lending growth of previous years and higher net interest margins (NIM) helped increase banks’ return on equity (RoE) year on year (YoY) and absorb the increase in provisioning needs. Banks reported the highest level of RoE during 2022 for many years. In December 2022, EU banks’ RoE was reported at 8% (7.3% in December 2021). This creates a first line of defence against rising risks for EU banks. The expected macroeconomic deterioration will likely result in slower lending growth and rising impairments, and higher inflation may increase operating costs. Lower GDP growth and rising rates could also result in lower fee income from asset management and payment services. Finally, banks that are more reliant on wholesale funding may face more rapid increases in funding costs.

As the recent banking crisis has proved, other sources of risks cannot be overlooked. The EBA has been monitoring these either through supervisory data, where available, as well as using qualitative surveys such as the Risk Assessment Questionnaire (RAQ), which surveys banks and bank sector analysts twice per year on a variety of risks, not only in risks such as business model viability, profitability, asset quality and funding risks but also it includes conduct risk, ESG considerations, Fintech and questions for anti-money laundering.

Operational risk has become increasingly relevant in the past years. With the pandemic, digitalisation and the use of ICT by banks and their customers further accelerated and became indispensable. Digital transformation continued unabatedly even after many containment measures related to the pandemic were relaxed. In response to ICT risk, the incoming DORA aims to provide a framework for the mitigation of ICT risks and to enhance operational resilience of financial entities across sectors. According to the Autumn 2022 RAQ, a large majority of retail banking and corporate banking customers are now primarily using digital channels for their daily banking activities.

Reliance of banks on digital and remote solutions to perform their daily operations, to deliver their services to customers, and to conduct business has resulted in an enhanced exposure and vulnerability to increasingly sophisticated cyber-attacks and to fraud. Scope and relevance of operational risk further broadened along with technological advances and underlines the importance of ensuring operational resilience.

Moreover, banks are facing increased operational challenges since geopolitical tensions are playing an increasing role in the technological and digital space, with impacts felt across geographies. The Russian war of aggression against Ukraine has led to further heightened cyber risks, including threats to information security and business continuity.

Exposure to reputational and operational challenges, including business conduct and organisational change, for example, have neither diminished with the pandemic. To RAQ respondents, conduct and legal risk is the second most relevant driver of operational risk. The Russian war of aggression and sanctions implemented at an EU and global level in response may give rise to further legal and / or reputational risks. Against this backdrop, an enhanced monitoring of sanctions compliance by banks and supervisors is essential.

Figure 4: Main drivers of operational risk as seen by banks

First mandatory QIS exercise

In March 2021, the EBA published a decision to change the Basel III monitoring exercise from voluntary to mandatory with effect from December 2021. Since December 2021, the EBA has required EU banks to regularly assess the potential impact of implementing Basel III banking supervision principles. This allows the EBA to monitor the convergence of a consistent sample of banks over time and to submit its proposals to the European Commission (EC) on items of EU regulation that better address the specificities of the EU banking system and ensure its safe and smooth functioning.

The conduct of the mandatory Basel III monitoring (BM) exercise analyses (i) the impact of the final Basel III rules on European credit institutions’ capital and leverage ratios and (ii) the associated shortfalls that would result from a lack of convergence with the fully implemented Basel III framework. In September 2022, the EBA published its first report on the mandatory Basel III monitoring exercise using data as of December 2021. The report contains a breakdown of the impact on the total minimum required capital arising from credit risk, operational risk, leverage ratio reforms and the output floor.

The first round of the mandatory BM exercise resulted, on average, in the submission of better-quality data, even from the credit institutions that participated in the exercise for the first time. Except for being more reliable, the data provided enables the EBA to analyse a more representative sample amounting to more than 150 banks, i.e. it increased by roughly 50% in relation to the previous reporting dates. In addition, the participants were more informed about the content of reporting, as the EBA held regular seminars and workshops, as well as bilateral explanatory sessions, with the relevant competent authorities (CAs) and the participating banks.

The main factors driving the impact of the Basel III framework results are the implementation of the output floor and the credit risk reform, at 6.3% and 4.4% respectively. The new leverage ratio is partially counterbalancing the impact of the Basel III risk-based reforms by 3.3%.

The accumulation of data from a wider sample enabled the EBA to provide national competent authorities and the Basel Committee on Banking Supervision (BCBS) with more in-depth feedback on issues relevant to data quality issues and the challenges that the analysis in the BM report had to confront. Based on the impact observed from the analysis, the EBA can now provide input to assist the BCBS with the development of supervisory standards. In addition, the EBA continues collaborating closely with the BCBS to develop methodologies that more accurately evaluate the impact of the proposed BCBS supervisory standards and ensure there is alignment between the EBA and the BCBS.

On 1 December 2022, the EBA published the revised sample of banks that would participate in the December 2022 mandatory BM exercise. The resulting sample of banks closely follow the composition of the EU banking sector in a way that takes into account both the risk-weighted-assets coverage (more than 80% overall) and the number of institutions in each jurisdiction.

BANK CLASSIFICATION:
Systemic importance / Business model
Universal Retail-oriented
Global Systemically Important Institutions (G-SII) 8 0
Other Important Institutions (O-SII) 82 5
Other 12 16
TOTAL 102 21

To address the principle of proportionality at data submission level, the EBA limits the mandatory fields to those considered necessary for the overall assessment of the Basel III impact and to those that appear to have the highest impact in previous (voluntary) submissions.

EBA stress test activities

Preparing for the 2023 EU-wide stress test

Given the uncertain macroeconomic environment and rising probability of risks materialising for the EU banking sector, the need for stress testing the solvency of banks is even more important. The EU-wide stress test is part of the supervisory toolkit used by CAs to assess the resilience of EU banks to severe shocks, identify residual areas of uncertainties, as well as feed into the supervisory decision-making process to determine appropriate mitigation actions. The stress test also allows CAs to assess if the capital banks have accumulated in recent years, is sufficient to cover losses and support the economy in stressed times. Moreover, the exercise fosters market discipline through the publication of consistent and granular data on a bank-by-bank level, as it shows how balance sheets are affected by common shocks.

The stress-test exercise requires a substantial amount of preparatory work which concluded during 2022 with the publication of the stress-test methodology and templates. Part of the preparatory work consisted of a discussion with the industry (including a workshop and public consultation) where stakeholders were able to discuss their questions on the exercise. By leveraging the discussion with the industry, the methodology was published in November and templates were published in mid-December 2022, allowing time for banks to familiarise themselves with templates and the methodology.

Along with the enhanced sample of banks included in this year’s exercise (70 vs 50 in the previous stress-test exercise), the methodology has also undergone some significant enhancements compared to the one used for past stress-test exercises. These enhancements include the incorporation of lessons learnt from the previous exercise, introducing top-down items for net fee and commission income (NFCI), more detailed sectoral analysis, and an increased sample with larger coverage. The changes are part of the medium-term plan of revising the stress-test framework. The EU-wide stress test remains a predominantly bottom-up exercise with a gradual implementation of top-down items.

Figure 5: Tasks and responsibilities of the stress-test exercise

COVID-19, the war in Ukraine and subsequent consequences created the need for a more targeted sectoral analysis. As part of the more detailed sectoral analysis for credit risk, for the first time, banks will have to provide a breakdown of their exposures to firms and the related impairment by sector of economic activity. The main purpose of the breakdown by sector is to ensure that the results of the stress test reflect banks’ exposures to different sectors, thereby increasing the credibility and realism of the exercise. Furthermore, the reference rate pass-through on sight deposits from households and non-financial corporations (NFCs) has been recalibrated to increase the realism of the exercise.

Further developing and implementing top-down stress-test capacity

Following the EBA decision to move to a hybrid framework in a step-by-step approach, the EBA worked together with the European Central Bank (ECB) and the CAs to design the top-down models. In 2022 the focus was on reviewing and validating existing top-down models for projecting the net interest income (NII) and NFCI in the stress test. It was decided to postpone the implementation of the NII top-down model, while the NFCI model was deemed ready for implementation in the 2023 EU-wide stress test.

The initial NFCI model was developed by the ECB and has been validated by the EBA and National Competent Authorities to ensure its suitability for the purposes of the EU-wide stress test. To reduce model risk, the raw model projections are subject to a model overlay. The overlay takes the form of a “corridor” with a maximum and minimum permissible decrease of cumulative NFCI (cap and floor).

Using this type of model applies a different philosophy for completing the stress-test submissions. During previous stress tests, banks had to use their internal models to project the NFCI amounts over the 3-year horizon for both the baseline and the adverse macroeconomic scenarios subject to some methodological constraints. The 2023 methodology departs from this approach as the NFCI top-down model is used to communicate projections to participating banks.

Introducing top-down items for the projections of NFCI is part of the EBA work on the future changes to the EU-wide stress test. This methodological change aims to reduce banks’ reporting and computational burden during the exercise, minimising the quality assurance for this area and ensuring a level playing field across banks.

The EBA will continue working to improve the current framework and maximise the information value of the results. In addition, and considering the experience gained during the 2023 EU-wide stress test on top-down models (i.e. NFCI), the EBA will further investigate the role of top-down aspects in the EU-wide stress test. More efforts should be made to implement additional aspects for future stress tests and further expand the top-down approach to some other risk areas, such as NII or credit risk.

Work on climate risk stress-testing

Climate risk stress testing is one of the EBA’s top priorities and the EBA is planning to address the new mandates from the Renewed Sustainable Finance Strategy of the EC in the short term. The mandates include running a regular climate change stress-test exercise and developing guidelines for banks and supervisors to assess the impact of ESG risks under adverse conditions. Furthermore, the ESAs, with the support of the ECB and the European Systemic Risk Board (ESRB), have been invited by the European Commission to cooperate on a one-off system-wide climate risk stress test to assess the resilience of the financial sector in line with the Commission’s Fit-for-55 package.

In 2022, the EBA discussed the strategy on climate risk stress testing with the EBA Board of Supervisors. One of the conclusions was to separate, at least in the short term, the climate risk stress test from the EU-wide stress test and perform the climate stress test in a pragmatic way, relying as much as possible on existing synergies.

Furthermore, in 2022 the EBA started internal work on the mandates for the one-off exercise and coordinated with the ESAs, the ECB, the ESRB and the EC on the precise planning of the necessary tasks to perform the exercise. This exercise will require close coordination among all parties.

Moreover, in 2022 the EBA worked on the preparation of a workshop on climate risk stress test to discuss possible practical solutions for adapting or changing the current stress-testing framework to accurately assess the effects of climate-related risks on the banking sector. The insights from the workshop will be key inputs for shaping the EBA regular climate risk stress-test framework in the 2023.

Finally, the EBA is planning to review its Guidelines on institutional stress testing to provide guidance for institutions on how to test their resilience to climate change and the long-term negative impacts of ESG factors. This work will be carried out in accordance with the mandate proposed by the EC in its revision of the Capital Requirements Directive (CRD), draft Article 87a(5)(d). Nevertheless, the timeline for the publication of the consultation paper and final guidelines will depend on the outcome of the legislative process.

The EBA’s response to the Russian invasion of Ukraine

The Russian invasion of Ukraine has taken a heavy toll on the Ukrainian state, society and economy. Following the restrictive measures against Russia and rising energy prices and inflation, the conflict has transformed the macroeconomic landscape creating several challenges for European citizens, the economy and the financial sector. In this context, the EBA has rapidly assessed the potential implications for the banking sector by evaluating the readiness of the regulatory framework to deal with the specific features of the conflict and the relevant disruptions visible in the markets and by deploying the tools available to ensure a coordinated response among prudential supervisors.

 

Impact of the Russian invasion of Ukraine on the EU banking sector

At the outset of 2022, the European economy was recovering from the effects of the pandemic. However, the Russian invasion of Ukraine posed a new challenge. Tensions in the supply chain due to the pandemic were exacerbated by the war, the subsequent energy crisis and the abrupt inflationary pressures. To tackle inflation, central banks across the world have responded with faster-than-expected interest-rate rises accompanied by monetary tightening of their balance sheets. What was expected to be a rather short-term inflation spike has proven to be more persistent.

At the outset of the Russian invasion, the EBA had to assess its impact on the EU banking sector. According to the assessment done in March 2022, first round effects did not pose a material threat to the financial stability of the EU’s market. Such risks were idiosyncratic and were attributed to the direct exposures of EU banks to Russian and Ukrainian counterparties. As of Q4 2021, banks in the EU and the European Economic Area (EEA) reported exposures (loans, advances and debt securities) of EUR 76 billion and EUR 11 billion to Russian and Ukrainian counterparties, respectively. These exposures are mainly driven by subsidiaries of individual institutions. As European banks exited the Russian market or wound down their operations and exposures, by the end of 2022, their exposures amounted to EUR 49 billion. Austrian, French and Italian banks reported the highest volume of exposures to Russian counterparts.

More important from a financial stability perspective were the second-round effects. The heightened uncertainty about the outcome of the war in Ukraine and the potentially large impact on the wider EU and global economy of this conflict remain uncertain even one year after the start of the war. The supply shock of the war and the disruption in production lines have had a twofold impact. First, the unprecedented high inflation for the Eurozone and many other European countries, as well as the energy crisis that followed in autumn 2022. Economic growth in the EU slowed down substantially towards the end of 2022 yet avoided recessionary pressures. Besides the macroeconomic impact and the possible repercussions on banks’ balance sheets, through the deterioration in asset quality and heightened liquidity risks, EU banks were expected to be affected through other sources of risks, such as increased operational risks, including cyber and conduct risks.

The initial assessment of risks stemming from the conflict in Ukraine was published in a special feature within the quarterly EBA Risk Dashboard in April 2022. To provide market participants with further transparency, the EBA continued reporting at a country level and on a quarterly basis through the EBA’s risk dashboard on the evolution of both on- and off-balance sheet exposures to Russia and Ukraine.

Volatility in energy derivatives market
Achilleas Nicolaou, Bank sector analyst

Achilleas Nicolaou
Bank sector analyst

Andrea Romero, Policy expert

Andrea Romero
Policy expert

On 13 September, the European Commission sent two letters to the EBA and the European Securities and Markets Authority (ESMA) on possible responses to excessive volatility in energy derivatives markets and unprecedented increasing level of margin requests.

Q1: What triggered the Commission request for an urgent response?

Achilleas: The Russian invasion of Ukraine (please see 1.1 on impact of Russian war on EU banks) prompted a significant increase in all major commodity prices, which skyrocketed for EU energy prices. The use of energy derivatives is essential for energy companies when planning their operations. Trading in EU energy derivatives, normally conducted on regulated markets and centrally cleared, involves the posting of margin (highly liquid collateral) as a performance guarantee. Margin calls at CCPs have risen in line with the sharp rise in energy prices and energy companies needed access to collateral to meet these calls, resulting in fast-growing liquidity problems. Some Member States quickly reacted providing public guarantees to energy firms, while also calling for amendments to the requirements for margin calls to ease stress situation for the energy sector.

Q2: What did the Commission request the EBA to focus on?

Andrea: The Commission asked the EBA to reflect on the role played by banks, assessing their provision of collateral transformation services, whether the provision of guarantees to be posted as collateral by non-financial counterparties could be facilitated and whether other measures would be possible to minimise the liquidity challenges faced by energy companies. In addition, the EBA was asked to cooperate on ESMA’s work on temporary amendments to Commission Delegated Regulation (EU) No 153/2013, to facilitate the provision of collateral by energy firms.

Q3: What was the role played by banks until that point?

Achilleas: Banks have always played a key role for energy firms, not only providing to them clearing services for derivative products, but they also extent short-term credit supporting energy firms to meet their collateral obligations.

Credit towards energy firms has been on the rise since the early signs of the energy crisis. Banks have always been providing significant support to energy firms by facilitating the posting of collateral towards CCPs, including by means of collateral transformation services. During the spike in energy prices, higher usage of existing credit lines was offered to banks’ clients, as well as an expansion of various forms of collateral transformation. Although support from banks to energy firms was growing to meet demand for credit, we saw that as only a handful of banks are active in these markets, their internal risk limits started to constrain banks’ capacity to further support energy firms to their needs.

Q4: Which elements have been considered to bolster banks’ capacity to assist energy firms?

Andrea: Let me start by saying that the increase in the level and volatility of energy prices was driven by the significant disruptions to the EU energy supply markets, therefore reflecting a significant increase in real economic risk. The prudential framework is exactly in place to protect banks from excessive risk undertaking and in turn the overall financial stability, including from possible spill-over effects from the energy to the banking sector. Therefore, its soundness and risk-sensitiveness should not be eroded, also considering that most of the binding constraints for banks to further assist energy firms arose from existing internal risk management limits.

However, the EBA flagged the importance of increasing transparency around margin calls, to facilitate banks’ liquidity management – in fact, sudden significant margin requests can easily exacerbate the liquidity shortage experienced in a crisis.

With respect to banks’ guarantees, the EBA noted their use as collateral for clearing members, rather than as collateral for CCPs. In their uncollateralised form, their use as eligible collateral at CCPs was considered as possible temporary measure to alleviate liquidity strains, subject to certain restrictions as outlined by ESMA.

Q5: What is the latest follow-up on the energy crisis?

Achilleas: EU banks reported in the fourth quarter of 2022 around EUR 340 billion of exposures towards energy firms, slightly lower than in the previous quarter. Towards the end of the year, energy prices had eased considerably from their peak levels. For this reason, exposures towards commodity derivative retreated back to end-2021 levels. Volatility, however, remains elevated in energy markets compared to previous years, warranting close monitoring of the developments in this sector, since commodity prices are closely linked to geopolitical developments and therefore remain highly volatile.

Figure 6: EU banks’ exposures towards commodity derivatives

Source: EBA Supervisory reporting data

Regulatory and supervisory actions taken

Readiness of the regulatory framework and evaluation of the potential impacts

Since the inception of the conflict, the EBA began identifying and listing possible related prudential issues arising from the prudential framework under the mutated circumstances. The framework has proven robust in past crises and equipped to deal with such situations. Nonetheless, a close assessment of specific features of the deteriorating environment and the extraordinary global and EU response was warranted to evaluate any potential loopholes to be potentially addressed from a regulatory perspective. The areas investigated were manifold, ranging from the application of the prudential consolidation requirements to the credit risk and market risk area, as well as some specific accounting requirements potentially impacting the prudential requirements. Even if no immediate actions have been deemed necessary from a regulatory perspective, continuous monitoring of the situation vis-à-vis the prudential and accounting aspects is still ongoing.

Ensuring a consistent supervisory approach to the macroeconomic events that affected the financial situation of banks

All competent authorities, with very few exceptions, undertook supervisory activities to assess the direct and indirect implications of the Russian aggression against Ukraine, the asset concentration in energy sensitive sectors, as well as the consequences of interest-rate rises, inflation risk and related asset price corrections. Banks were required to report regularly to the competent authority the direct exposures to Russia, Ukraine and Belarus, which were further analysed in a proportionate manner. The highest attention to the indirect implications was warranted as CAs undertook vulnerability assessments, monitored second-round effects, conducted walk-away scenarios and examined ICT security implications.

In line with its mandate to foster the efficient, effective and consistent functioning of supervisory colleges, from the onset of the Russian aggression against Ukraine, the EBA has proactively facilitated information sharing on the direct and indirect implications on the banking groups and its subsidiaries/branches and for coordinating supervisory actions. In some cases, the EBA had to initiate interactions and recall the importance of colleges as a forum for coordinating supervisory responses to an adverse event.

The EBA aims to include its experiences from the monitoring of supervisory colleges in 2022 in the update of the regulatory and implementing technical standards on the functioning of supervisory colleges1., In particular it will include its experiences on college interactions in the context of the Russian aggression against Ukraine by strengthening the identification of early warning signs, potential risks and vulnerabilities, and increasing information exchanges if there is an adverse material effect on the risk profile.

Derisking аnd financial inclusion in the context of the war in Ukraine

In April 2022, the EBA published a statement setting out what financial institutions and their supervisors can do to provide refugees from Ukraine with access to the EU’s financial system. The EBA also indicated what financial institutions and supervisors can do to protect vulnerable persons from abuse by criminals, to prevent human trafficking and called on financial institutions to ensure that compliance with the EU’s restrictive measures regime does not lead to unwarranted de-risking.

The outbreak of the war in Ukraine coincided with the EBA’s preparation of new guidelines aimed at tackling the adverse impact of de-risking on vulnerable customers such as refugees and human relief efforts. In December, the EBA consulted on two new sets of guidelines: the guidelines on effective money laundering (ML) and terrorist financing (TF) risk management and access to financial services; and the guidelines on the risk factors to consider to manage risks associated with customers that are not-for-profit organisations. Together, these guidelines foster a common understanding throughout the EU on what institutions should do to tackle ML/TF risks effectively, while taking care not to deny customers access to financial services without good reason. The final guidelines will be published in Q1 2023.

Supporting the implementation of sanctions

To assist the EC and the national authorities in monitoring the deposits under the Russian and Belarusian sanctions, the EBA designed templates for the reporting of deposits falling under the economic sanctions. The templates and associated instructions published in May 2022 were meant for voluntary use by the relevant national authorities responsible for then monitoring the sanctions in the Member States. While leveraging the EBA’s expertise in designing common European supervisory reporting frameworks, these templates do not form part of the EBA reporting framework.

Updating the prudential framework

The Single Rule Book

Ensuring consistency
  1. Finalising the framework for the IRRBB

    In October 2022, the EBA delivered on its CRD mandates to amend the framework for the interest rate risk in the banking book (IRRBB). The EBA developed an improved set of guidelines and two final draft regulatory technical standards (RTS) specifying technical aspects of the revised framework capturing IRRBB positions. These regulatory products complete the enacting into EU law of the Basel standards on IRRBB and are of crucial importance given the current interest-rate environment.

    The Guidelines on IRRBB and credit spread risk arising from non-trading book activities (CSRBB) will provide continuity to the current guidelines published in 2018, which it will replace, while including new aspects, particularly the criteria to identify non-satisfactory internal models for IRRBB management and those to assess and monitor credit spread risk arising from non-trading book activities.

    The final draft RTS on the IRRBB standardised approach specify the criteria to evaluate the risks arising from potential changes in interest rates that affect both the economic value of equity (EVE) and the NII of an institution’s non-trading book activities. They will also provide a simplified standardised approach for smaller and non-complex institutions.

    The final draft RTS on IRRBB supervisory outlier tests (SOT) specify the modelling and parametric assumptions and the supervisory shock scenarios to identify institutions for which the EVE would decline by more than 15% of Tier 1 capital, as well as to evaluate if there is a large decline in the NII.

    The EBA committed to closely monitor their implementation and more generally the impact of the evolving interest rates on the management of IRRBB by EU institutions and on other related prudential aspects.

  2. Monitoring work on capital

    In 2022 the EBA continued its monitoring work under its mandate as per Article 80 of Regulation (EU) No 575/2013 (Capital Requirements Regulation – CRR)2. In this chapter, three of the main streams of work performed are described: i) monitoring of the implementation of the Opinion on the Legacy Instruments; ii) closing of the pre-CRR CET1 review; and iii) monitoring of total loss-absorbing capacity and minimum requirement for own funds and eligible liabilities (TLAC/MREL) and reinforcement of the consistency of capital and eligible liabilities (TLAC/MREL).

    Legacy instruments

    In 2020, the EBA issued an opinion to clarify the prudential treatment of legacy instruments after the ending of the CRR1 grandfathering rules in December 20213. Starting from 2021, CAs, in close cooperation with the EBA, worked to identify potential infection risk and discussed the way forward on the basis of the EBA Opinion.

    In July 2022, an analysis of how the opinion was implemented4 was published. It showed that many instruments were already resolved through either calling, redeeming or repurchasing, or by amending their terms and conditions. In a few cases, the infection risk was addressed through the transposition of Article 48(7) of the Bank Recovery and Resolution Directive (BRRD), while for a limited number of instruments, actions are still ongoing or under consideration. Finally, a few instruments have been kept in a lower category of own funds, as eligible liabilities or in the balance sheet as non-regulatory capital.

    Going forward, the EBA expects institutions and CAs to consistently apply the guidance and principles of the EBA’s opinion for the new generation of legacy instruments stemming from CRR2. In the course of 2023, the EBA together with CAs will scrutinise the remaining legacy instruments.

    Closing of pre-CRR CET1 review

    In 2017, the Board of Supervisors mandated the review of pre-CRR CET1 instruments. The exercise concluded in 2022 after the EBA, in cooperation with the CAs, assessed almost 70 types of instruments and 240 single issuances. All in all, this exercise resulted in strengthening the collective knowledge of the different instruments in each EU jurisdiction with significant impacts on the quality and loss-absorbing capacity of the CET1 instruments via improved consistency between the CRR/RTS provisions. Finally, this exercise reinforced the EBA’s monitoring role as per Article 80 of the CRR.

    The analysis of the pre-CRR instruments built on the CET1 list as published in May 2017, and it has been regularly updated. In December 2022, an updated CET1 list was published. Since the previous list of December 2021, the new version includes instruments issued by institutions from Iceland, Liechtenstein and Norway and a new type of instrument issued by Spanish investment firms. Furthermore, a few instruments no longer used by institutions were deleted and minor amendments were applied to reflect legislative changes or to provide further clarifications.

    Monitoring of TLAC/MREL and reinforcement of the consistency of capital and eligible liabilities (TLAC/MREL)

    In 2022, the EBA published an updated TLAC/MREL monitoring report5. Overall, the recommendations of the first TLAC-MREL monitoring report were well implemented. However, the EBA identified some new provisions to be recommended and some others to be avoided. In light of the new observations on certain features of the issuances, new parts were included in this report, namely on make-whole clauses (to be disallowed), clean-up calls (to be allowed) and substitution and variation clauses (for which prior approval is needed in certain circumstances).

    Furthermore, to ensure consistency, where appropriate, across instruments with similar loss-absorption features, the report contributed to the alignment of the own funds and the eligible liabilities instruments frameworks, in particular on:

    1. tax gross-up clauses, which can be accepted if they are activated by a decision of the local tax authority of the issuer, and if they relate to interest and not to principal under both frameworks;
    2. the exercise of substitution and variation clauses in both own funds and eligible liabilities instruments should as a minimum be subject to receiving prior consent from the relevant authority and where these clauses would lead to material changes that would affect the eligibility criteria of the instruments, to the prior approval of the relevant authority;
    3. the incentives to redeem have been established consistently across the two regimes even though their presence triggers different consequences.

    In general, the vast majority of eligibility criteria are fully aligned for own funds and eligible liabilities and only isolated deviations exist. In this context the EBA plans to publish a report that merges the contents of the recent Additional Tier 1 (AT1) monitoring report6 published in June 2021 and the above-mentioned EBA report on the recent monitoring of TLAC-/MREL-eligible liabilities instruments.

    Monitoring the high-quality and consistent application of the IFRS 9 expected credit loss frameworks

    The EBA continued to work on monitoring and scrutinising the implementation of International Financial Reporting Standards (IFRS) 9, as well as its interaction with prudential requirements following the publication of the EBA report on the IFRS 9 implementation by EU institutions7 published in November 2021.

    In line with the staggered approach presented in the IFRS 9 roadmap8 the benchmarking exercise on IFRS 9 gradually extended. In 2022, the EBA worked on the integration of the high default portfolios (HDPs) into the benchmarking exercise to assess relevant drivers of variability and related impacts on the prudential ratios arising from the implementation of the IFRS 9 expected credit losses model.

    In June 2022, a third data-collection activity was launched to test new quantitative templates on HDPs. The data analysis is still in progress and will be completed in the first half of 2023. The preliminary findings and data quality checks issues have been considered in the development of the HDPs portfolios IFRS 9 templates of the ITS on supervisory benchmarking 20249, leveraging to the extent possible credit risk benchmarking infrastructure and methodology.

    The new ITS seeks to: (i) widen the scope of the IFRS 9 benchmarking analysis to a higher share of financial instruments subject to the IFRS 9 impairment requirements; and (ii) get a broader view of the existing variability of the expected credit loss outcomes and the related impacts on the amount of own funds and regulatory ratios.

    Full extension to HDPs is expected to be achieved in the ITS on supervisory benchmarking 2025.

  3. Finalising the development of an all-inclusive large exposures regime in the EU

    In 2022, the EBA directed part of its efforts to finalising the large exposures framework. Under a host of new mandates in the risk reduction measures package adopted by European legislators in 2019, the EBA developed RTS to identify shadow banking entities for the purposes of reporting large exposures and RTS to identify groups of connected clients (GCCs).

    Entities that offer banking services and perform banking activities but are not regulated and are not being supervised in accordance with any of the acts set forth in the technical standards forming the regulated framework are identified as shadow banking entities. These technical standards take into account international developments and internationally agreed standards on shadow banking entities. The status of entities established in third countries is also assessed to provide for a treatment that distinguishes between banks and other entities. When identifying shadow banking entities, any transaction with such an entity is subject to the limits set out in the EBA Guidelines on limits on exposures to shadow banking entities.

    Meanwhile, the EBA developed technical standards to set out criteria for the identification of a GCC. The objective of the definition of a GCC is to identify two or more natural or legal persons who are so closely linked by idiosyncratic risk factors that it is prudent to treat them as a single risk. For such cases, the EBA has developed criteria that aim to set out clear circumstances where interconnections by means of a control and/or an economic dependency relationship can lead to a single risk and thus a grouping requirement. In addition, these technical standards set out rebuttable provisions for the assessment of situations where control and economic dependencies coexist and thus one overall GCC, as opposed to two or more separate GCC, needs to be formed. In conjunction with the EBA Guidelines on connected clients, a complete framework is provided for the identification of two or more natural or legal persons who are so closely linked by idiosyncratic risk factors that it is prudent to treat them as a single risk.

  4. Updating the framework on securitisation

    During the year, the EBA contributed to the completion of the capital market recovery package facilitating the use of securitisation to support Europe’s recovery from the COVID-19 crisis. Among the key measures included in this package was the extension of the simple, transparent and standardised (STS) label to on-balance sheet securitisation aimed at supporting small and medium-sized enterprises (SME) lending and the removal of existing regulatory obstacles to the securitisation of non-performing exposures enabling banks to free their balance-sheets of non-performing exposures. In relation to these changes the EBA has been mandated to develop a number of technical standards which were published last year. In first place, further clarity on the securitisation risk retention rules was provided, ensuring better alignment of interests and reducing the risk of moral hazard, thus contributing further to the development of a sound, safe and robust securitisation market in the EU. The EBA has also made progress in the finalisation of the STS framework for synthetic securitisation which is one of the most prominent segments of the EU securitisation market. Here the triggers for switching the amortisation system from pro-rata to sequential were specified and a set of criteria were provided ensuring the homogeneity of the underlying exposures, which are key requirements related to standardisation and simplicity of STS transactions.

  5. Ensuring consistency of market and credit valuation adjustment risk framework

    In 2022, in the area of market risk, the EBA continued to deliver on its fundamental review of the trading book (FRTB) roadmap by finalising the RTS on advanced economies for equity risk. With that, the EBA closed all RTS falling under phase 3 of its roadmap, and accordingly started its work on phase 4 deliverables. Closing phase 3 regulatory standards marks an important point in the FRTB regulatory cycle – in particular, banks opting for calculating the own funds requirements for market risk with a standardised approach are now provided with all aspects needed to perform its practical implementation.

    The regulatory framework that applies to internal models under the FRTB was mostly implemented in the EU by means of the EBA RTS. Therefore, in 2022, the EBA significantly invested in the support of upcoming internal model investigations. In particular, the EBA organised a series of training sessions that were held at the beginning of 2023 to train on-site inspectors on the new regulatory requirements for internal models. [Furthermore, the EBA developed the consultation paper on draft RTS on the assessment methodology that was published in early 2023. In this way, CAs were provided with techniques to assess the applicable regulatory requirements before the investigations start].

    The EBA continued to support a consistent application of the Single Rulebook in the area of market risk, as well as credit valuation adjustment (CVA) risk by means of Q&As. Notably, on the application of intragroup CVA exemptions by EU subsidiaries of third-country groups, the EBA published a Q&A10 clarifying that currently there are no jurisdictions outside the EU qualifying for those exemptions. In 2022, the EBA also started monitoring the implementation of the Structural FX Guidelines and the impact resulting from it.

  6. Finalizing the EBA roadmap for investment firms (IFs)

    In 2022, the EBA has worked on completing the remainder of the open regulatory products in order to close the EBA roadmap for IFs (apart from the mandates relating to ESG risks): the RTS on liquidity risk measurement, the GLs to specify the criteria when exempting Article 12(1) IFs (class 3) from the liquidity requirements, the RTS on Pillar 2 add-ons and the GL on procedures and methodologies for the SREP. Given the complex topic, the RTS on prudential consolidation for investment firms, which is also the item closing the EBA roadmap, could not be finalised during 2022.

    COVID-19: After two unprecedented years of pandemic, 2022 was the year of progressive reductions in government support and a return to the pre-pandemic regulatory state.

    The swift reaction in the early days of the pandemic ensured no disruption in the flow of lending to the real economy. More importantly, it allowed the EU banking sector to provide short-term liquidity support to firms and individuals affected by temporary income losses unrelated to their longer-term viability. This was done through the use of all the flexibilities embedded in the prudential framework, via a number of statements, guidelines, technical standards and reports (see Figure 1). This wide range of policy measures made it possible to strike the right balance between mitigating the effect of the pandemic, while at the same time ensuring no distortion in the true identification of risk and related bank capitalisation. As such, prompt actions taken at EU level, coupled with efficient coordination with Member States and the flexibility left at the national level, proved successful in addressing the crisis.

    With the effects of the COVID-19 pandemic fading away, the next step was naturally to return to a steady state regulatory framework and implement the internationally agreed Basel III reforms. It started by phasing-out the EBA Guidelines on the prudential treatment of general payment moratoria as of 1 April 2021 and ended on 16 December 2022 when the EBA published its closure report on COVID-19 measures and repealed its Guidelines on COVID-19 reporting and disclosure. As a way forward, the EBA will continue its monitoring of the impacts of COVID-19 on credit risk models (i.e. internal-rating based approach and IFRS 9) and provide further clarifications on potential upcoming implementation issues related to EBA COVID-19 measures.

    Figure 7: Actions in light of COVID-19

    Note: The full timeline of EBA actions can be found in the Annex, as well as on the EBA website.

  7. Work on market infrastructure

    In 2022in the area of market infrastructure, the EBA continued to work toward the delivery of the RTS on Initial Margin Model Validation (IMMV). The RTS was published for consultation at the end of 2021, with the consultation ending in February 2022. The feedback received was extensive and required substantial reviews of the proposal, which was finalised by the end of 2022 and published at the beginning of 2023.

    In addition, in 2022, the EBA, jointly with the other ESAs, proposed amendments to the RTS on over-the-counter (OTC) derivatives not cleared to extend the temporary exemptions regime for intragroup contracts. This has been a significant step in accommodating the ongoing assessment of third-country equivalence and allows for a review of the intragroup exemptions framework under the European Market Infrastructure Regulation (EMIR) review.

    Finally, the EBA continued contributing to the discussions at the global level on market infrastructure, notably in the Working Group on Margin Requirements, and further enhanced consistency in the application of the Central Securities Depositories framework by publishing Q&A11 on the matter.

Future-proofing the regulatory framework
  1. EU implementation of Basel III

    The finalisation of the Basel III accord creates a clear and solid regulatory framework and ensures a global level playing field. It is a key achievement at the international level and its full and consistent implementation is key for its success. Implementing Basel III will further underpin the trust in the banking sector and lead to tangible macroeconomic benefits.

    The EBA and the EU institutions sat at the negotiating table at the Basel Committee on Banking Supervision and defended the specificities of its banking market. Therefore, the final Basel III accord incorporates many suggestions that make the Basel Framework suitable to be adopted in the EU. With the EU co-legislator finalising the CRR III and the CRD VI in 2023 or early 2024, the EBA stands ready to start working on the relevant draft technical standards.

    The EBA believes that banks should be ready to implement the reforms faithfully and on time. This should be a key objective and requires the banking prudential framework reforms to be implemented quickly by co-legislators, the EBA and market participants.

    Under the current Banking Package proposals, the EBA will be asked to develop around 70 technical standards and 30 guidelines. Most of these will require consultation and finalisation within the two-to-three years after the entry into force of CRR III and CRD VI. Most of these technical standards focus on the main risk areas (credit, market and operational risks), as well as market access and banks’ internal governance. A small number of broad-scope implementing technical standards will cover the essential areas of reporting and disclosure.

    Furthermore, the EBA will be asked to provide technical advice developing around 30 technical reports on a broad range of areas related to the banking framework, covering, in addition to the above-mentioned areas, several other aspects including systemic risks and ESG factors.

    In these times of high uncertainty, the finalisation of the CRR III and CRD VI and the development of technical standards are essential for strengthening banks’ prudential framework.

  2. Making the securitisation framework more consistent and allow securitisation to support a greener economy

    Helping banks to lend more to the real economy is a key component of the commission actional plan on capital market union and here securitisation has a prominent role including in financing the transition to a more sustainable economy. Ensuring a properly functioning securitisation market is therefore a key objective which has driven our recent works in the area.

    We have recently contributed to the debate on how to revive the EU securitisation market in a prudent manner by providing a joint advice with the ESAs on the performance of the EU securitisation prudential framework. A conclusion of the report is that that the capital and liquidity framework for banks do not constitute a key obstacle to the revival of the securitisation market in the EU., Other factors beyond the prudential framework should also be considered. such as the need for increased proportionality of the current transparency and due diligence requirements and of a tightening in monetary policy, without which a revived interest of investors and originators in securitisation should not be expected.

    There is nonetheless still room for improvement of the prudential rules applying to securitisation. We have focused our efforts in assessing how we can improve the consistency, clarity and risk sensitiveness of the bank’s capital framework. In this spirit, we have proposed to start with a set of technical quick fixes to the prudential framework aiming at improving its consistency and clarity. In addition, we have proposed a targeted reduction of the risk weight floor for originators recognising their associated reduced agency and model risk. This would encourage banks to originate resilient transactions to shed and diversify their risks. and may provide a modest help to reviving the market, without raising prudential concerns. The possibility to reduce further the conservativeness in the framework via a reduction of the so-called p-factor has been evaluated but not supported on the basis of concerns on creating cliff effects in the capital requirements. We have acknowledged that an alternative design of the securitisation risk weight formula might remove these constrains, however, this would require a more fundamental and comprehensive review. In the spirit of commitment to international standards we suggested to move this discussion at the Basel table.

    These considerations on the prudential framework matter as securitisation can offer a key risk management tool in the transition to a greener economy. In March 2022, the EBA has published a report which analyses the recent developments and challenges of introducing sustainability in the EU securitisation market. The outcome of this analysis also served as a key input in the context of the policy and technical discussions on the EU green bond standard regulation (EU GBS).

    The EBA’s analysis has shown that it would be premature to establish a dedicated framework for green securitisation based on the green credential of the collateral. Rather, ensuring to have a common label should be the priority. The EBA analysis suggest that the upcoming EU GBS regulation, which focus on the use of proceeds, should also apply to securitisation, provided that some adjustments are made to the standard. In this regard, the EBA recommended that in case of securitisation, and generally any bond issued via SPV, the use of proceeds requirement should be shifted from the issuer to the originator.  EBA also recommended that additional disclosures would be necessary to ensure that investors are made aware of the green characteristics of the underlying securitised assets. It also called for further EBA work on green synthetic securitisation and social securitisation.

    Pragmatism has been one of the drivers of the report’s recommendations, which acknowledge the immaturity of the present EU sustainable securitisation market and the need for consistency with existing and still-evolving ESG standards. The recommendations also seek to be reasonable as to what can be achieved while being mindful of greenwashing risk. Therefore, at this stage the EBA recommends a transitory approach to ensure that regulation encourages the growth of green assets, specifically financing new green assets rather than refinancing existing ones.

Figure 8: EBA market survey responses to “Envisaged timeframe to enter the sustainable securitisation market”

 

Supervisory practices

2022 European Supervisory Examination Programme

“The common supervisory impetus across the EU met its goal but digital transformation and ESG will call for more attention.”

In line with its mandate, the EBA proactively drives the convergence in supervisory practices through the selection of topics deserving European traction based on its expertise in EU-wide risk analysis, policy development and practical experience of CAs, and its role in supervisory colleges by establishing yearly the European Supervisory Examination Programme (ESEP)12. The selection of the key topics for supervisory attention is closely aligned with the Union Strategic Supervisory Priorities (USSPs), stipulated in the EBA’s founding regulation13, to ensure that the supervisory work undertaken on a day-to-day basis is driven by the strategic and long-term priorities. The two overarching and forward-looking priorities for 2020-2022 were set on “business model sustainability and adequate governance structures”.

Figure 9: USSPs 2020-2022 and the key priorities in the ESEP 2022

Graphical user interface, diagram

Description automatically generated

Figure 10: Key topics incorporated into CAs’ supervisory priorities in 2022

Graphical user interface

Description automatically generated with medium confidence

The five key topics, introduced in the EBA’s 2022 ESEP, namely the impact of the COVID-19 pandemic on asset quality, Information and Communication Technology (ICT) risks, digital transformation, as well as Environmental, Social and Corporate Governance (ESG) and Money Laundering/Terrorist Financing (ML/TF) risks, were overall adequately incorporated into competent authorities’ supervisory priorities, supervisory assessments and colleges’ work. However, competent authorities are still in the process of building up their capacity to review the risks associated with the digital transformation and ESG, and supervisory intention on these topics was not always homogeneous, in particular when compared to attention given to the review of the asset quality/provisioning, and ICT and ML/TF risks.

Monitoring of colleges

“Overall good operation of supervisory colleges, though further enhancement is expected in certain areas.”

Based on the EBA 2021-2023 college-monitoring approach, the EBA continued to closely monitor a limited but diverse group of colleges, in terms of business model, origin, geographical spread and size.

In 2022, the interactions and the organisation of the supervisory colleges were of a high quality overall, with refinements and some good practices compared to 2021. Improvements were observed in the document distribution and the exchange of the values of the list of early warning indicators. For 2023, improvements in some procedural aspects of joint decisions in accordance with the ITS on the Joint Decision14 will be sought. The EBA fosters the sharing of good practices observed, for example when there is mutual engagement among members and observers, including third-country observers, to develop an overall assessment of the bank’s situation across borders or a joint inspection which is beneficial for both the home and host supervisors.

ICT peer review

“Challenges in the supervision of ICT risks still exist, though competent authorities have incorporated the EBA Guidelines on ICT risk assessment under the SREP into their supervisory practices.”

The EBA peer review on the ICT risk assessment under Supervisory Review and Evaluation Process (SREP15) looked at the supervisory practices in ICT risk assessment in the context of the SREP and the application of the EBA Guidelines on ICT risk assessment under the SREP16 that promote common procedures and methodologies for this assessment.

The peer review revealed that CAs have largely applied the EBA Guidelines on ICT risk assessment under the SREP and implemented them in their supervisory practices. The CAs generally apply a risk-based approach to the supervision of ICT risk where the frequency and depth of the assessments correlate with the level of ICT risk of the banks. However CAs experience challenges in building the necessary ICT supervisory capacity and expertise, applying proportionality in the assessment, and incorporating the ICT risk assessment and scores into the overall SREP.

Through the peer review, good supervisory practices and recommendations were shared, such as the establishment of dedicated training curricula and mentoring for ICT risks or setting up internal networks. CAs were recommended to perform horizontal comparisons and IT landscape analyses.

Work on governance and remuneration
  1. Remuneration benchmarking

    Following the separation of the regulatory frameworks for institutions and investment firms with the introduction of Directive 2019/2034/EU, the EBA updated and further improved its remuneration benchmarking and high earner data collections. The analysis of data will benefit from templates that are tailored to the different business models of such firms. The data collection will be enriched by the collection of data on the application of the derogations to the requirements to pay out variable remuneration of identified staff in instruments and under deferral arrangements when specific conditions are met. As a new element we will benchmark the gender pay gap for all staff and for identified staff under the revised guidelines. As part of the collection of data on high earners, we will in future receive information on the number of high earners (staff receiving EUR 1 million in total in remuneration or more) per gender. Both data on the gender pay gap and data on high earners will, together with the EBAs diversity benchmarking, aim to identify and make transparent inequalities on the employment conditions for staff of different genders.

  2. Remuneration of high earners

    In the data collected for the financial year 2021, the EBA identified an increase in the number of high earners who received remuneration of more than EUR 1 million. The number of high earners increased by 41.5%, from 1 383 in 2020, to 1 957 in 2021. This increase is linked to the overall good performance of institutions, in particular in the area of investment banking and trading and sales, continuing relocations of staff from the UK to the EU and a general increase in salaries.

    Figure 11: Development of the number of high earners

    Chart, bar chart, waterfall chart

Description automatically generated

    Figure 12: Distribution of high earners by payment bracket of EUR 1 million and Member State

    Chart, bar chart, waterfall chart

Description automatically generated
  3. Improving the cooperation of CAs when assessing the fitness and propriety of members of the management body

    The three ESAs are jointly developing a database and guidelines that will form a system for the exchange of information relevant to the assessment of the fitness and propriety of holders of qualifying holdings, directors and key function holders of financial institutions and financial market participants by CA in accordance with the legal acts referred to in Articles 1(2) of the founding regulations. The database will hold information on such assessments made by all CAs in Member States, so that relevant information for additional assessments to be made can easily be identified, exchanged and used. This process will increase the supervisory efficiency.

    The EBA is benchmarking the diversity of the management bodies of institutions, considering the age, gender, geographical, educational and professional background of members. As gender equality is a core value of the EU, some focus is given to the aspect of gender, including the EBA’s benchmarking of the gender pay gap at the level of the management body. Where imbalances still exist, more transparency on diversity policies and practices is thought to foster improvements in this area.

    The EBA gathered and analysed data of 662 credit institutions and 129 investment firms selected by NCAs of all Member States. Despite the legal requirements, a significant proportion of 27.05% of institutions (2018: 41.61%) still have not adopted a diversity policy.

    The gender balance is improving gradually, but too slowly. The representation of women and men on boards is still insufficiently balanced. Only 18.05% of executive directors, including the CEO, are female (2018: 15.13%; 2015, 13.63%). In the supervisory function of the management body, women previously held 27.75% (2018: 24.02%; 2015: 18.90%) of the non-executive director positions (including those of chairperson and staff representative.) Female executive directors are paid on average 9.43% less than their male colleagues even if CEO remuneration is excluded; for non-executive directors the average gender pay gap is at 5.90%.

    More diverse management bodies can help to improve their decision-making on strategies and risk-taking by incorporating a broader range of views, opinions, experiences, perceptions, values and backgrounds. A more diverse management body reduces the phenomena of “group think” and “herd behaviour”. We found that credit institutions with a gender-diverse management function have on average a RoE of 7.88%, while credit institutions with executive directors of only one gender have on average a lower RoE of 5.27%.

    The EBA will continue to monitor diversity in management bodies and issue periodical benchmark studies on diversity and on the gender pay gap at the level of the management body and follow up with CAs on the measures taken to remedy identified shortcomings in institutions’ compliance with the underlying regulatory requirements.

Resolution framework

Crisis preparedness

As part of its role in crisis preparedness, with the objectives of further enhancing the usability of recovery planning and making crisis preparedness more effective, the EBA undertook a dedicated effort to develop draft guidelines on overall recovery capacity. This is a summary measure of institutions’ capability to restore their financial position after a significant deterioration. The issued consultation paper aims to harmonise the observed practices in overall recovery-capacity determination and assessment respectively by institutions and CAs.

In the field of resolution preparation and monitoring of implementation, the EBA has been advancing the following objectives in line with its founding regulations and relevant BRRD mandates: 

  • contribute to the harmonisation of rules in the EU17, in particular in the area of resolvability;
  • increase transparency of the resolution framework;
  • monitor the progress of resolution planning and the related build-up of MREL resources in the EU;
  • drive convergence in resolution practices.

To further harmonise the resolution framework across the EU, the EBA published its final guidelines on resolvability in January 2022. The guidelines provide a common set of resolvability standards for all resolution banks in the EU to follow. Those were complemented in September by the Guidelines on transferability , setting out the steps institutions and authorities should take to facilitate transfers in resolution. In December, the EBA launched a consultation on its Guidelines on resolvability testing to frame how institutions and resolution authorities should approach the testing phase of their resolution planning efforts, to ensure that the capabilities developed to comply with the two sets of guidelines mentioned earlier are in fact fit for purpose.

In accordance with the transparency of the resolution framework, the EBA has taken several initiatives to ensure progress from institutions and authorities. In June, the EBA launched a consultation on a set of guidelines for authorities to publish their approach to the implementation of bail-in. In line with FSB standards these guidelines ask authorities to specify the timeline of the bail-in and how they intend to convert instruments and deliver them, e.g. using interim instruments. The EBA has also initiated work with its members on setting a roadmap for authorities and institutions to improve transparency of the framework, with a particular focus on predictability and resolvability.

The EBA also published its annual MREL shortfall report and impact assessment on the progress of resolution planning monitoring and the related build-up of MREL resources. As of 31 December 2021, the report estimated that 70 banks reported an MREL shortfall of EUR 33 billion out of a sample of 245. This is down by 42% compared to last year’s quantitative report on MREL on a comparable basis. The report shows progress in closing MREL shortfalls, albeit at a lower rate for smaller banks, and concludes that the impact of MREL on banks’ profitability is manageable, although disparate across types of banks and Member States.

In 2022, the EBA set out the first set of priorities for resolution practices convergence under the European Resolution Examination Programme (EREP) to draw resolution authorities’ attention to matters deserving a common and coordinated approach as well as a European traction. The priority areas for 2022 were MREL shortfalls, a management information system (MIS) for valuation, and liquidity and funding in the resolution context. Overall, the EREP is intended to achieve a high level of sharing of information and practices among authorities, provide a calibration level for resolution work programmes and foster the coordination and collaboration between authorities. In 2023, the EBA is going to assess how the priorities set out in 2022 were followed throughout the year. Very importantly, the EBA will share with the authorities the good practices it observed in monitoring the implementation of the 2022 EREP items in order to spread awareness of the various practices across the EU and increase preparedness and readiness of resolution authorities.

Strengthening deposit guarantee schemes

In July 2022, the EBA launched a public consultation on its draft revised guidelines on deposit guarantee schemes (DGSs) contributions. The revised guidelines aim inter alia to enhance the proportionality between the risk of a credit institution and its contributions to the DGS, streamline and simplify the original guidelines, improve the risk sensitivity of the calculation methods for contributions, and improve the formula for determining the risk adjustment factor of each member institution. Following a public consultation during which the EBA received helpful suggestions for further clarifications, the final guidelines were issued in February 2023.

In August 2022, the EBA also published on its website extensive data on the financial means available to DGSs, the amount of deposits across the EU that are covered by DGSs, and, for the first time, qualified available financial means that stem from contributions, other available financial means and outstanding liabilities18.

Recommendations of the Advisory Committee on Proportionality

Created in 2020, the Advisory Committee on Proportionality (ACP) provides recommendations to the EBA on how to foster proportionality in its activities and missions.

While forming an integral part of the EBA, the ACP is an independent committee. It namely advises the EBA on its annual work programme and, putting forward proposals on how its work may take into account specificities of financial institutions.

In 2022, proportionality remained a key driving principle of the EBA in its regulatory work. The ACP recommended the EBA to pay particular attention to proportionality in its activities in 2022 in the areas of operational risk and investment firms, Supervisory Review and Evaluation Process (SREP), ESG and sustainable finance and reporting and transparency. The EBA took the recommendations into account in the preparation of these activities, recognising the value of enhancing proportionality where possible.

The EBA continued to complete its roadmap for investment firms and proportionality recommendations were included in the SREP methodology for investment firms and liquidity risk measurement and liquidity requirements. The revised SREP Guidelines published early 2022 embed proportionality based on size and complexity of institutions but also based on risks ensuring supervisors can apply SREP in a proportionate way. Furthermore, building on the ACP advice, the EBA is also considering elements related to ESG and ICT into the preparation of the next revision of the guidelines.The EBA published a renewed roadmap on sustainable finance outlining objectives and timelines for delivering mandates and tasks. In the execution of the roadmap the EBA will pay particular attention to proportionality. The application of the principle of proportionality in the area of ESG will primarily aim at ensuring that ESG requirements reflect the materiality of ESG factors and risks, taking into account not only the size and complexity of institutions but also other factors determining the materiality of ESG risks, such as the nature and characteristics of exposures and activities.

The EBA continued implementing the recommendations from the Study of the cost of compliance with supervisory reporting (2021) which aimed to reduce compliance costs for institutions, in particular for small and non-complex institutions (SNCIs). Majority of recommendations have been completed, including significant reduction of several reporting areas for SNCIs, use of “core and supplement approach” when designing requirements and better release planning, integration of reporting and disclosures and promotion of use of regulatory technology (RegTech). The EBA also progressed in integration efforts and preparation of a common data dictionary for supervisory, resolution and statistical reporting, resubmission policy and signposting tool for reporting.

Leveraging EUCLID: making the most of banking and financial data

EUCLID: population expanded significantly and breakdown available on size/significance, ensuring more nuanced analysis

After the EBA finalised its implementation in 2021, 2022 was again remarkable for the EUCLID ecosystem. The EBA started collecting a limited set of supervisory data in 2011 from a sample of 55 EU banks. In 2014 the EBA reporting sample already covered the largest 200 EU/EEA credit institutions and the whole supervisory reporting framework. In 2019 the EBA began preparing for EUCLID by onboarding resolution groups (200) and credit institutions (1 600) subject to resolution reporting. With the deployment of EUCLID, the EBA started collecting data for the entire population of banks, made up of around 650 banking groups (500 banking groups at the highest level in EEA and an additional 150 sub-groups) and around 4 300 credit institutions. With EUCLID the resolution onboarding was also finalised, covering additional 200 resolution groups. The reporting population was further expanded in 2022 to cover 2 500 investment firms and more than 250 groups of investment firms. Consequently, the number of reporting files transmitted to the EBA through EUCLID has grown exponentially, from around 10 thousand files in 2014 to around 62 000 files for 2020 reference dates (quarterly or monthly), reaching over 244 000 files for 2022 reference dates.

Figure 13: scope of entities for whish the EBA collects data

Chart, bar chart, waterfall chart

Description automatically generated

Looking to banking groups and credit institutions in EUCLID, as of March 2023, 164 are considered largest institutions from all EU/EEA countries and contribute to EBA statistical publications, including the EBA Risk Dashboard; around 700 EU credit institutions belong to these banking groups. The banking sector also comprises further 500 banking groups, with 500 subsidiaries, and the remainder being independent institutions reporting on solo-level. Regarding small and non-complex institutions (SNCI), as identified by national authorities, EBA’s EUCLID shows a large diffusion of such institutions, with around 2 500 entities. Smaller institutions are the largest component also of the EUCLID newly added population of investment firms (IF), with less than 10 being classified as Class 1 minus entities, 1 000 as Class 2 entities and 1300 as smaller Class 3 entities, all which constituting a lower bound1 for the final IF population in the EU/EEA.

The abovementioned EUCLID-enabled breakdowns allow the EBA to conduct finer and comprehensive analysis for its several reports, dashboards and impact assessment studies supporting, for example, EBA replies to Call for Advice or regular policy work when drafting technical standards or guidelines.

With the view of achieving as seamless as possible implementation of workflows and integration of quality assurance processes across the reporting chain, the EBA has continuous interactions with national authorities and reporting agents. Several national authorities were onboarded by the EBA for the first time in 2022 into the EUCLID ecosystem, namely concerning the reporting to EBA of data from investment firms (IF) and payment fraud, while also increasing the quality assurance process for the reasonably new resolution reporting.

As a data-based and insight-driven institution, the EBA has incorporated data and analytics as a key element in its strategic areas, leveraging the enhanced technical capability for performing flexible and comprehensive analyses. In its Data Strategy the EBA defines its data-driven vision and the strategic ambition to extend the range of data collected, enhance the usability of its underlying systems, and strengthen its analytical capabilities. Building on its data infrastructure (EUCLID), the EBA continues developing data services and sharing data and insights with internal and external stakeholders.

 

A group of people looking at a large piece of paper

Description automatically generated with medium confidence

 

Enhancing transparency

The EBA considers the transparent provision of continuous information on banks’ exposures and asset quality to market participants as a key part of its mission. The EBA believes that this is crucial, particularly in moments of increased uncertainty. Financial information is a public good that facilitates the proper functioning of financial markets. The dissemination of banks’ data is an integral part of the EBA’s responsibility of monitoring risks and vulnerabilities and preserving financial stability in the single market. In that light, in 2022 the EBA published several products to disclose banking information to the wider public, such as its EU-wide transparency exercise, remuneration and governance data and data on diversity practice.

The 2022 exercise

The EU-wide transparency exercise, which has been carried out by the EBA since 2011, aims to promote market discipline and foster consistency in EU banks’ figures. The exercise relies solely on supervisory reporting data – financial reporting (FINREP) and common reporting (COREP).

Results of the 2022 exercise were released at the end of the year in the form of the disclosure of around 1 million data points for data at the highest level of consolidation from 122 banks of 26 EEA countries. The results disclosed at the granular bank level covered several areas such as capital, leverage ratio, risk exposure amounts (REAs), profit and loss, market risk, securitisation, credit risk, sovereign exposures, non-performing exposures (NPEs) and forborne exposures (FBEs).

The templates were mainly unchanged with respect to the previous years’ exercises, with minor adjustments to the mapping, due to the latest ITS framework release. The consistency of the templates over the years and the broadly stable sample allows the users to build time series on the main banking indicators which range from 2015 to 2022, collating overall 10 million datapoints.

The transparency exercise results are extensively used by banks, market analysts, academics, international organisations and journalists for their assessments of the EU banking sector. To facilitate analysis of the transparency figures, the EBA has made available, along with the individual banks’ results and the full database, a set of interactive tools to access the data.

Remuneration and governance data

The EBA has been collecting and publishing data since the end of 2010 on staff members who have received remuneration of EUR 1 million or more in the previous financial year (high earners) in payment brackets of EUR 1 million, including the business area involved and the main items of salary, bonus, long-term awards and pension contributions. This data is collected from all institutions, but the collection applies only to staff whose activities are carried out predominantly within the EU. The CAs are responsible for collecting the relevant information from credit institutions and investment firms and for submitting it to the EBA. In this respect, the EBA publishes the aggregated data on high earners at the EU level in the visualisation tools for data exploration.

Additionally, the EBA collects detailed information annually, in particular on the remuneration of identified staff from more than 130 institutions at the highest level of consolidation. In this regard, the EBA benchmarks remuneration trends biennially through a benchmarking analysis report. The collection of both sets of data aim to ensure a high level of transparency of the remuneration practices within the EU.

EUCLID and data dissemination: what EBA’s users expect and how to meet requirements.

Salvatore Corvasce, Statistician

Salvatore Corvasce
Statistician

What steps should the EBA take to ensure that its centralised database, EUCLID, meets the expectations of its users on data dissemination?

Salvatore Corvasce: EUCLID is widely recognised as the platform for banking and financial data in the EU’s financial sector. As a centralised repository of financial data from banks and other financial institutions, EUCLID is a fundamental resource for a broad range of stakeholders, including regulators, analysts, researchers and other users of financial data.

The EBA has a crucial responsibility to ensure that the data collected and disseminated through EUCLID is trustworthy, reliable and easily accessible to users. To meet users’ expectations on data dissemination, the EBA should implement several key practices.

As a statistician, what strategies do you recommend the EBA implement to ensure that EUCLID data dissemination meets the expectations of its users?

First, we have developed and published plenty of tools on the EBA’s website during the last few years. It is important for me to enhance the development of tools and support users in interpreting and applying the data provided through EUCLID. This could include interactive visualizations, analytical reports, and other value-added services that enable users to derive insights and inform decision-making.

Second, we should be more ambitious and engage with users to solicit feedback and identify areas for improvement. This can help ensure that EUCLID continues to meet the evolving needs of its users and remains a valuable resource in the financial sector.

How do you plan to expand your data dissemination efforts in the future?

As part of the EBA Data Strategy, which I am actively involved in, the EBA recognises data dissemination as a key milestone in providing transparent and reliable information to our stakeholders. Moving forward, we plan to leverage emerging technologies and best practices to enhance our data dissemination efforts. This could include developing new interactive tools and dashboards, incorporating machine learning and artificial intelligence to automate data analysis and visualisation, collaborating with external partners, and offering APIs to provide easy access to our data. Our goal is to ensure that our stakeholders have access to the most accurate and up-to-date information, and that we continue to improve our data dissemination efforts over time.

Data on diversity practices

Since 2016, the EBA has been collecting data triennially for the benchmarking of diversity practices on an ad hoc basis under Article 35 of the EBA foundation regulation.

During the course of 2022, the EBA analysed information on the diversity policies drawn up by individual credit institutions and investment firms, including the targets set for the underrepresented gender, together with data on the composition of management bodies as of the end of 2021. In addition, data were collected on the gender pay gap for members of the management body in the management and in the supervisory function, separately for each gender, for the performance year 2021.

The exercise was based on a representative sample of 662 credit institutions and 129 investment firms selected by NCAs of all EU Member States, Liechtenstein and Iceland, on the basis of common criteria set out by the EBA in accordance with CRD and Investment Firms Directive (FD) requirements.

Presently, the EBA is developing new EBA guidelines in order to integrate this exercise into its regular reporting, including the technical package and specifications, and regular processes to enhance disclosure and monitoring in this regard providing these alongside with self-exploration tools to market participants.

Supporting NPL markets

Selling NPLsin secondary markets represents one of the tools available to credit institutions to manage and reduce the NPL amount on their balance sheets.

In 2022, following the mandate received by the Directive on loan credit servicers and purchasers (Directive (EU) 2021/2167) and leveraging the experience gained with the voluntary use of the NPL transaction data templates (first issued in 2017), the EBA developed implementing technical standards (ITS) specifying the templates to be used by credit institutions to provide information to credit purchasers when selling or transferring NPLs. The final draft ITS were published by the EBA and submitted to the Commission for their final adoption in 2023 on 16 December 2022.

Through these draft ITS, the EBA promotes data standardisation for NPL transactions, which aims to reduce information asymmetry between sellers and buyers of NPL, to increase the efficiency of secondary markets for sales of NPLs, by ensuring a better price for sellers and by attracting smaller investors with less negotiation power. The benefits of data standardisation in facilitating the NPL transactions were calibrated against the costs for banks of preparing and collecting the data, especially for smaller banks. In this regard, the EBA provided for a flexible and proportionate approach, identifying a minimum set of mandatory information and allowing, for certain types of transactions, to treat all data requirements as not mandatory.

The NPL templates do not form part of the EBA supervisory reporting framework, but their content, where possible, refers to definitions in other EBA regulatory and reporting requirements, to promote consistency and harmonisation and facilitate implementation by credit institutions.

Supervisory reporting

In 2022, the EBA continued to engage in increasing the efficiency of its supervisory reporting framework along the lines identified in the feasibility study on integrated reporting; keeping the reporting requirements meaningful and relevant for authorities; improving market discipline by setting Pillar 3 disclosure requirements on ESG risks. The EBA’s role in promoting market discipline will be further enhanced with the upcoming project for a centralised Pillar 3 Data Hub.

Proportionality remained a key focus in the EBA’s reporting work. The EBA continued implementing recommendations from its cost of compliance study to reduce compliance costs of institutions, in particular of SNCIs. The EBA has applied proportionality by reducing requirements for SNCIs and promoted use cases for RegTech and provided examples and supporting background to the reporting requirements among others.

In 2022 the EBA continued the joint work with the European Insurance and Occupational Pensions Authority (EIOPA) to improve the Data Point Model (DPM) Standard with the DPM ReFit project. A draft common metamodel was developed which upgrades the current DPMs to be fit for future reporting with increasing volumes, complexity and integration. The EBA and EIOPA will use this new common model “DPM Standard 2.0” for all their reporting frameworks going forward. The new DPM Standard 2.0 includes a common approach to implementing the glossary, the definition of data concepts, the rendering of data in templates and the same metadata formats for data validation and data calculation. DPM Standard 2.0 will also enable a higher level of and scope of data integration, collaboration on data definitions and take advantage of new technologies en route towards a fully digitalised regulatory data chain. The new DPM standard 2.0 is an important step towards building an integrated reporting framework for banking.

Laying the foundations for a more integrated and efficient reporting landscape

Building an integrated reporting system that would cover prudential, resolution and statistical requirements represents a long-term vision for increasing efficiencies and reducing reporting costs while keeping the reporting framework meaningful and relevant for supervisors.

During 2022, following the priorities identified in the EBA feasibility study19 published in December 2021, the EBA worked on establishing the governance of the future integrated reporting system and the features of a common data dictionary in close collaboration with the ECB, the EC and prudential, resolution and statistical authorities. The discussions were also sounded out with the banking industry in a workshop in December 202220.

The governance of the future integrated reporting system would rely on the Joint Bank Reporting Committee (JBRC), an advisory body with the task of analysing aspects related to “how” the integration of statistical, supervisory and resolution reporting could be achieved, while the definition of these reporting needs (“what”) would still be the prerogative of the current authorities and institutions under the established processes.

The involvement of the banking industry would be ensured via a stakeholder contact group of industry reporting experts, the Reporting Contact Group (RCG), which would closely cooperate with the JBRC and its expert groups, providing advice and feedback on subjects related to integrated reporting.

In line with the feasibility study, a cornerstone of an integrated reporting system should be a common data dictionary that would facilitate the objective of “define once, report once”. In 2022, the work on the data dictionary focused on the two major components:

  1. The syntactic layer (the container) that ensures the content is organised in a standardised and harmonised way. The EBA worked together with the ECB and assessed that the DPM ReFit (the planned upgrade to the DPM model) could be used to model and host the Integrated Reporting Framework (IReF), which would be the future harmonised statistical reporting framework. This is a major step towards building a common data dictionary based on a common metamodel (common syntactic layer).

  2. The semantic layer (the content) that describes the integrated reporting requirements. The EBA, and the ECB together with some NCAs, ran a pilot project by comparing selected concepts from FINREP and AnaCredit. They gained practical experience on how to integrate frameworks serving different needs, using separate processes and separate data dictionaries.

In parallel with the work towards a more integrated and efficient reporting landscape, the EBA continued with the ongoing work of keeping the supervisory and resolution reporting framework meaningful and relevant for authorities. Notable pieces of this work include the development of reporting requirements on market risk, in particular on the FRTBand the development of a new IRRBB reporting framework, building on the new policy package published and submitted to the EC in Q4 2022 and on the Pillar 3 disclosure requirements on IRRBB currently applicable. This latter package was published for Consultation in January 2023, and it is particularly relevant in the current context of inflation and high interest rates. Finally, the EBA is also implementing as part of the reporting framework the data needed for the purposes of benchmarking of remuneration practices, high earners and gender pay gap for credit institutions and investment firms, to facilitate the collection of this data and to further facilitate the monitoring of diversity in management bodies and issue periodical benchmark studies.

EBA project for a centralised Pillar 3 Data Hub

Since its establishment, the EBA has been working on improving market discipline through enhancing the quality and availability of prudential information on credit institutions disclosed to the general public. The work of the EBA in this area so far was largely focused on setting the disclosure standards that ensure consistent and comparable disclosures across banks. In addition, the EBA, together with the CAs, conducts regular assessment and benchmarking of actual disclosures to promote best practices.

The proposed amendments to EU Regulation No 575/2013 (CRR III) aim to strengthen the role of the EBA in promoting market discipline and apply new mandates in the area of Pillar 3 disclosures (Articles 433, 434 and 434a). In this proposal, The EBA is asked to centralise institutions’ prudential disclosures and make them readily available through a single electronic access point on the EBA website. This is a key and strategic project with European relevance, which would allow all banking stakeholders single access to prudential disclosure data from all EEA institutions, promote transparency and comparability of this data across institutions and enhance market discipline in the EU banking sector, further contributing to the soundness of the European financial system.

The project will leverage all past EBA work in the area of transparency (developing a comprehensive package on Pillar 3 prudential disclosures aligned with the Basel standards and mapped to the supervisory reporting requirements), and from the infrastructure perspective, the building of EUCLID and the work under the EBA data strategy lay the foundations for this project.

As part of the Pillar 3 Data Hub (pending the finalisation of the legislative process), the EBA would not only publish Pillar 3 disclosures for the EEA credit institutions. For SNCIs, the EBA would also make the disclosures for those institutions based on the supervisory reporting data that the authority is already receiving. This approach should significantly contribute to the reduction of the operating and compliance costs for those institutions – in line with the EBA objectives in terms of proportionality.

Thus, the Pillar 3 Data Hub offers a unique opportunity to the EBA to include the ideas of its data strategy – to offer high-quality banking data to all stakeholders.

The EBA Pillar 3 Data Hub project is also linked to another EU project on transparency, the European Single Access Platform (the upcoming ESAP Regulation) that aims to centralise the disclosure of public corporate information in the single market. In the context of the ESAP, the EBA will be the EU collection body for Pillar 3 data (according to the Commission proposal21). This means that, in addition to receiving and publishing Pillar 3 data in a centralised manner, the EBA will feed this information into ESAP.

ESG disclosure standards

The supervisory reporting is currently built on the traditional categories of financial risks. Nevertheless, the financial sector has started to be exposed to new risks (and opportunities), as ESG could impact institutions’ profitability and solvency by affecting them directly or affecting their counterparties.

A first step in monitoring the ESG risks is represented by the disclosure of relevant, meaningful and comparable information, which is a vital tool to promote market discipline, allowing stakeholders to assess credit institutions’ ESG risks and their sustainable finance strategy.

In January 2022, in line with the requirements laid down in the CRR, the EBA published the final draft ITS on Pillar 3 disclosures on ESG risks, which were adopted by the EC in November 2022. The draft ITS set out comparable qualitative information on how credit institutions are taking into account ESG factors in their governance, business model, strategy and risk management framework, as well as quantitative disclosures on climate change-related transition and physical risks and mitigating measures, and on the ratio of exposures financing taxonomy-aligned activities.

The required comparable disclosures will lead to a better understanding of how climate change-related risks may exacerbate other risks faced by credit institutions. Considering the challenges in providing all the required information, a phase-in approach for the entry into force of the ITS was established, starting from December 2022.

To ensure consistency with this new Pillar 3 Framework on ESG risks and the provision of all information needed by credit institutions’ counterparties, the EBA also followed the developments of the first draft sustainability disclosure standards at both European and international levels, by answering the respective public consultations. In addition, in accordance with Directive (EU) 2022/2464 (Corporate Sustainability Reporting Directive), the EBA prepared an opinion on the European Financial Reporting Advisory Group’s (EFRAG) technical advice on draft European sustainability reporting standards (ESRS), which was submitted to the Commission in January 2023. In its opinion, the EBA welcomed the level of alignment of the draft ESRS with the Pillar 3 disclosure requirements and their interoperability with the draft international sustainability disclosure standards. In addition, at the international level, the EBA is also actively participating in the work currently being developed by the Basel Committee on Banking Supervision as regards the Pillar 3 Framework and possible extension to ESG risks.

Figure 14: ESG disclosure in the EU financial institutions

Timeline

Description automatically generated

Digital resilience, financial innovation and consumer protection

Digital resilience

Digital Operational Resilience

Following the legislative procedure, the DORA Regulation and Directive22 was published in the Official Journal of the European Union on 27 December 2022 and entered into force on 16 January 2023. There will be an implementation period of 2 years, therefore DORA will enter into force on 17 January 2025. DORA was published along with two other important EU cybersecurity-related legislative acts: the Network and Information Security Directive 2 (NISD2) and the Critical Entities Resilience (CER) Directive. Together they aim to strengthen cybersecurity and resilience across the EU.

During 2022, the EBA continued evaluating the upcoming legislation and along with the other ESAs, started preparing for the implementation of DORA. During the two years before the application of DORA, the ESAs would need to deliver more than 15 policy products to the EC.

The ESAs are called for the first time to jointly deliver such a large-scale project. To this end, the ESAs coordinate and collaborate on an ongoing basis. The ESAs have prepared internally a joint DORA high-level implementation plan to facilitate the delivery of the relevant tasks during the DORA implementation period.

For the development of the various policy-related mandates, the ESAs have set up a new subcommittee on digital operational resilience under the joint committee (JC SC DOR). This will enable wider coordination among the different EU authorities (as envisaged by DORA), as all EU CAs across the financial sector are members, along with the European Union Agency for Cybersecurity (ENISA), ESRB, the Single Resolution Board (SRB) and the EC as observers. This will facilitate the harmonisation across the three sectors and alignment with the relevant legal frameworks, such as NISD2 and Critical Entities Resilience (CER).

In the context of the DORA preparation, the ESAs have jointly launched a high-level exercise on the ICT third-party providers’ landscape across the EU financial sector, which is due for completion in 2023. An ESAs webinar was delivered on 27 September 2022 to facilitate the ongoing data-collection exercise on ICT third-party arrangements and to allow stakeholders to share any questions they may have. Moreover, the EBA continued its work to ensure that the regulatory framework for ICT, security risk and cyber resilience is well implemented, including with consistent supervisory practices. The EBA continued to provide inputs to the work of international standard-setters in the area of operational resilience (e.g. BCBS).

Digitization of payment services and electronic money
  • Review of the Payment Services Directive

    In June 2022, the EBA published its response to the EC’s Call for Advice (CfA) on the review of the revised Payment Services Directive (PSD2). While the EBA has observed that some of the key objectives of the PSD2 had started to materialise, such as the enhancement of competition, the facilitation of innovation, the reduction of payment fraud, and the protection of consumers’ money and data, in its response, the EBA developed more than 200 concrete recommendations for further improvements.

    The proposals aim to:

    • reduce potential exclusion from access to payment services;
    • bring about a harmonised and consistent application of the legal requirements across the EU; merge the PSD2 with the Electronic Money Directive;
    • clarify the scope of application of strong customer authentication (SCA);
    • address new security risks for customers such as social engineering fraud, where customers are tricked into initiating a payment transaction;
    • address obstacles to the provision of payment initiation services (PIS) and account information services (AIS);
    • move from open banking to open finance;
    • address unwarranted de-risking practices by banks affecting payment and e-money institutions;
    • and address the enforcement shortcomings in relation to the implementation and application of SCA for e-commerce card-based transactions.
  • Guidelines on the limited network exclusion under PSD2

    In February 2022, the EBA published its final own-initiative guidelines on the limited network exclusion under PSD2, applicable as of 1 June 2022. These guidelines clarify how NCAs should assess whether a network of service providers or a range of goods and services qualify as “limited” and are, therefore, not subject to the PSD2. Payment instruments that might benefit from this exclusion include store cards, fuel cards, public transport cards and meal vouchers.

    The guidelines aim to address significant inconsistencies the EBA had identified as to how this exclusion had previously been applied across the EU. The guidelines therefore contribute to the single market for payment services in the EU and ensure transparency for supervisors and customers by setting out expectations on how a network of service providers or a range of goods and services should be assessed in order to qualify as “limited”; the use of payment instruments within limited networks; the provision of excluded services by regulated financial institutions; and the submission of notification to CAs.

  • Amendments to the RTS on strong customer authentication and secure communication

    In April 2022, the EBA published its final draft of the amended RTS on Strong Customer Authentication and Secure Communication (SCA&CSC). The amendment, on which the EBA had consulted at the end of the previous year, inserted a new mandatory exemption to SCA that will require account providers not to apply SCA when customers use an account information service provider (AISP) to access their payment account information, provided certain conditions are met. The amendment aims to reduce friction for customers using the services of AISPs, mitigate the impact that the frequent application of SCA has on AISP services, and achieve an appropriate balance between the at times competing objectives of PSD2 of enhancing security, facilitating innovation and enhancing competition in the EU.

Addressing the extent to which enhanced security requirements have reduced fraud in retail payments

PSD2 requires all payment service providers (PSPs) in the EU to report payment fraud to NCAs, and for NCAs to then provide the EBA and the ECB with aggregated information on that data.

In 2022, the EBA, in close cooperation with the ECB, assessed the data received, with a view to determining the extent to which the security requirements imposed by PSD2 and the Technical Standards on SCA were being implemented. The EBA published a Discussion Paper (DP) in January 2022 with its preliminary observations on selected subsets of data from the second half of 2020. The DP presented the EBA’s preliminary findings in relation to three of the six available payment instruments, which were credit transfers, cash withdrawal and card-based payments; for the latter, the view of both issuers (i.e. the card holders’ PSPs) and acquirers (i.e. merchants’ PSPs) is provided.

The DP found inter alia that, for remote card payments, the share of fraud reported by card issuers is five times higher for non-SCA transactions in terms of volume and three times higher in terms of value. The figures reported by acquirers are similar, with non-SCA transactions incurring fraud levels that are four and five times higher by value and volume respectively.

This finding is of interest, especially considering that in the considered reporting period (H2 2020) many issuers and acquirers as well as merchants in the EU were still not compliant with the SCA requirements.

Figure 16: Fraud rate for remote card payments reported by issuers and acquirers, with and without SCA

A screenshot of a computer

Description automatically generated with medium confidence

Similarly, the analysis also showed that fraud is significantly higher for cross-border transactions with counterparts located outside the EEA, where inter alia SCA does not apply, than for those conducted inside this area, as illustrated in Figure XX.

Figure 17: Fraud rate when payments are executed domestically, inside the European Economic Area (EEA) and outside EEA in H2 2020

Chart

Description automatically generated

In conclusion, the EBA’s preliminary analysis has confirmed that introducing SCA in the EU has significantly reduced fraud levels.

Financial innovation

Improving the landscape for investors when using crowdfunding platforms

In recent years, crowdfunding has become a significant means through which startups and SMEs have been able to finance their projects. Regulation (EU) 2020/1503 on European Crowdfunding Service Providers (ECSPR) was issued to ensure a level playing field across providers and appropriate safeguards for investors. While ECSPR already requires crowdfunding service providers to disclose a substantial amount of information, investors may be exposed to the risk of having insufficient information, and/or incomplete understanding of the viability of a crowdfunding project. Therefore, in May 2022, in accordance with the mandate in Article 19(7) of ECSPR, the EBA published a draft RTS aimed at reducing potential asymmetries of information between project owners with respect to credit scoring and loan pricing, and ensuring a minimum set of common standards in terms of credit risk assessment, governance, and risk management structures.

Crypto-asset markets

In September 2020, the EC published its legislative proposal for a regulation on markets in crypto-assets (MiCA), which is intended to create a holistic approach to the regulation and supervision of crypto-asset activities that are not already covered by EU law and creates 4 new schemes of regulation for issuance activities and crypto-asset service provision. In particular, MiCA creates schemes of regulation for so-called stablecoins in the form of asset-referenced tokens (ARTs) and electronic money tokens (EMTs). For significant ARTs and EMTs a scheme of EU level supervision is created whereby the EBA will supervise issuance activities for ARTs and EMTs that are classified as “significant” in accordance with the criteria set out in MiCA. The text was endorsed by the Council in October 2022 and the final endorsement is pending. Throughout the co-legislative process, the EBA has provided technical inputs and developed an implementation plan to ensure the timely delivery of the 20 policy mandates (technical standards and guidelines), and to prepare for its supervision and other tasks, such as the new product intervention powers under MiCA.

In addition to taking forward preparatory actions for MiCA implementation the EBA continued the monitoring of crypto-asset market developments and its contributions to the crypto-asset work streams of international standard-setters (notably BCBS and FSB).

In March 2022, the EBA, together with the other ESAs, issued a warning to consumers following increased activity and interest from the public on the topic as well as the growing promotion of those assets. In particular, the ESAs highlighted the reasons why such products may not be suitable for most consumers, among which the possibility of losing invested capital in its entirety, the exposure to misleading advertisements, as well as the promise of fast and/or high returns.

The EBA, through its crypto-assets network (which includes NCAs represented on the EBA’s Board of Supervisors, and observers from the EC, ECB, EIOPA and ESMA), stepped up its work to foster knowledge-sharing between industry and CAs on crypto-asset market developments and supervisory approaches, pending the application of MiCA. This work is essential to promote supervisory capacity-building and convergence in the transition phase, and to mitigate risks of regulatory arbitrage. The work focused on issuances of stablecoins and will expand in 2023 to cover credit institution, payment institution and electronic money institution crypto-asset service providers.

In addition, the EBA commenced monitoring crypto-asset lending and staking activities, including its findings in the 2022 non-bank lending report23. The EBA also stepped up its monitoring of decentralized finance (DeFi), contributing to the Financial Stability Board’s work in this area24, and participated in the BCBS work to draw up a common standard on the prudential treatment of banks’ exposures to crypto-assets25.

EBA’s new access to data on crypto-assets and blockchain analytics
Alain Otaegui, Policy expert

Alain Otaegui
Policy expert

The EBA has just finalised its public procurement aimed at obtaining access to crypto-asset and blockchain analytics data service providers. When did the EBA recognise it needed access to crypto-assets data, and why did you take the decision to launch a tender procedure?

In early 2022, as negotiations on the MiCA proposal were advancing, at the EBA we started accelerating preparatory work for our future policy mandates and supervisory function. While we had been monitoring the crypto-asset markets for some years already, the sources of data and information for our monitoring activities were rather limited. Access to robust and real-time data is however increasingly necessary for policymakers (and enforcement authorities) to undertake a proper assessment of market developments in the crypto-asset sector and of the potential impact of policy actions. As a consequence, we began exploring the scope and quality of some of the data providers. Acknowledging the fact that in a still developing industry (and sector) there was not a single provider that could cover all our future data needs, we decided to launch this ground-breaking public procurement procedure for financial regulators in the EU. The tender includes two distinct services: blockchain analytics services, which will allow us to monitor and track financial crime and other risks related to specific tokens, crypto-asset service providers, wallets or transactions; and data on crypto-asset markets, which will allow us to understand broader market dynamics, including those linked to specific tokens, distributed ledger technology networks or service providers.

How does the EBA expect to fit that data within its current and upcoming tasks and priorities?

As set out in MiCA, in order to address increased risks from significant ARTs and EMTs, the issuers of those tokens must comply with additional obligations and their supervision is partly or fully assigned to the EBA. The EBA is responsible for carrying out assessments of the significance of ARTs and EMTs and can classify them as significant where they meet certain criteria, as specified in MiCA. As a consequence, the EBA will need to monitor the activities of ARTs and EMTs, which will require comprehensive and robust reporting from the issuers to CAs. However, the data the EBA will be able to access as a result of this tender will help the EBA overcome any limitations of the data reported by issuers under MiCA. As the issuers’ reporting obligations are expected to start to apply by late 2024 at earliest, this data will also help the EBA improve its understanding of the scope of ARTs and EMTs that may fall under its supervision, and thus also the scope of resource needs for its future supervisory tasks.

In addition, data on crypto-asset markets and blockchain analytics services can be useful for the EBA’s monitoring of risks to consumers, assessment of ML/TF risks, impact assessment accompanying the EBA’s policy mandates under MiCA, and any other assessments of crypto-asset markets and their interconnectedness with the banking and payments sectors.

The EU Supervisory Digital Finance Academy

The EU Supervisory Digital Finance Academy (EU-SDFA) is a three-year project sponsored by the EC that was launched in 2022. The EBA, together with ESMA and EIOPA, are partnering with the EC on the activities of EU Supervisory Digital Finance Academy.

The Academy aims to strengthen the supervisory capacity of CAs’ staff in dealing with the risks and opportunities arising from the use of advanced technologies in the financial sector.

The Academy features a comprehensive training curriculum on digital finance and a series of workshops on practical issues stemming from the regulation and supervision of innovations used by financial entities. The EBA, together with ESMA and EIOPA, are guiding and steering development of the Academy’s training curriculum to ensure it is tailored to the CAs’ needs.

Three foundational training sessions took place in the last quarter of 2022, and the topics included Blockchain and DeFi, artificial intelligence and machine learning (AI/ML), Cybersecurity and digital operational resilience, Open Finance, along with introductory sessions for MiCA and DORA, case studies and panel discussions.

In 2023, advanced training sessions will take place covering cyber risk, AI and ML for supervisory technology (SupTech), distributed ledger technology and regulatory topics such as MiCA, DORA and a global regulatory overview related to digital finance. In addition, the ESAs will organise workshops on SupTech, digital business models analysis, and RegTech.

Use of SupTech across the EU competent authorities

What is SupTech? SupTech is the use of technology-enabled innovation by CAs to facilitate and enhance the effectiveness and efficiency of their work.

Digital transformation is affecting not only the financial sector, but also supervision. In 2022 the EBA conducted a comprehensive study on CAs’ approach to the development of SupTech. This made it possible to i) understand how technology is used to support activities of CAs; ii) reveal the main SupTech-related benefits and challenges; and iii) identify areas for knowledge and skill-development initiatives.

Study results show that CAs in the EU have started their SupTech journey. More than half of the respondents have or are in the process of developing a SupTech strategy or plan. Authorities have indicated 553 SupTech tools, of which 216 are tested and deployed, 163 are at the pilot stage and 160 at an idea stage. There has been increased use of SupTech solutions during the last four years – most SupTech tools described in detail were launched in or after 2019.

Technology is leveraged to support supervisory processes in a broad range of areas under the EBA’s remit: microprudential, consumer protection/market conduct, anti-money-laundering and countering the financing of terrorism, resolution and deposit protection areas.

The most common SupTech tools currently in use relate to data analysis, collaboration within authorities and regular reporting. SupTech tools also aim to support supervisors in specific areas, for example, in i) media and social media monitoring; ii) credit, market, liquidity risk management; iii) identification of emerging risks, market surveillance; iv) complaint handling; v) processing of large amounts of documents; vi) risk scoring of individual financial institutions or sectors; vii) preparing for and tracking the progress of deposit compensation in the event of deposit payouts; viii) development of resolution plans.

The most widely used technologies that enable SupTech tools include i) data analytics and big data; ii) text mining/natural language processing; iii) application programming interfaces (APIs); iv) artificial intelligence and machine learning; and v) advanced visualisation.

Going forward, the EBA will continue to facilitate knowledge exchange among the CAs and support targeted training initiatives on SupTech, including, via the EU Supervisory Digital Finance Academy.

Figure 15: why is SupTech important?

Timeline

Description automatically generated

Consumer protection

Contributing to better regulated non-bank lending in the EU

While non-bank financial intermediation is not a new phenomenon, the use of new technologies and the digitalisation of financial services are paving the way for new players to enter local EU markets, increasingly making non-bank lending an alternative to conventional provision of lending by credit institutions. However, while the existence of alternative means of financing can increase competition and benefit consumers when credit provision happens outside the EU regulatory perimeter, this may create challenges for all the stakeholders and regulators.

Against this backdrop, and as part of a broader CfA on digital finance, the European Commission asked the EBA to carry out an analysis of the EU non-bank lending sector. The relevant report was published in May 2022. In the area of consumer protection, we recommended to widen the scope of the Consumer Credit Directive to cover some of the business models previously excluded (e.g. Buy-Now-Pay-Later loans, consumer loans offered through crowd-lending platforms), to enhance disclosure requirements and to strengthen requirements for creditworthiness assessment26. Other proposals highlighted the need to strengthen the admission and authorisation procedures and clarify the prudential perimeter and the supervisory responsibilities, especially where lending is provided cross-border. Finally, it is proposed that non-bank lenders be subject to the EU-wide AML/CTF rules. This would help guard against uneven approaches and regulatory arbitrage and enhance the reporting framework, thus increasing the visibility of the risks from non-bank lending activities.

Providing advice to the EU Commission on the current legal framework for residential mortgages

In June 2022, the EBA published its response to the EC’s CfA on the review of the Mortgage Credit Directive (MCD). The MCD had become applicable in March 2016, with a view inter alia to create an EU internal market for residential mortgages and to ensure a high level of consumer protection. The EBA had supported the implementation of the MCD at the time through the development of a RTS and three sets of guidelines.

In its response to the CfA, the EBA observed that, overall, since the application of the MCD, consumer protection had become more effective throughout the EU single market and that creditors’ practices had been increasingly harmonised. Nevertheless, the EBA highlighted several issues that should be addressed through a potential revision of the MCD in order to facilitate smoother functioning of the internal market, foster a level playing field across all types of lenders and ensure an even higher level of consumer protection. To that end, the response recommended that the EU Commission clarify certain aspects of the scope of the MCD, address the impact of digitalisation on the distribution of mortgages, and apply measures to facilitate cross-border mortgages, thus contributing to financial stability and sustainability.

First thematic review on the transparency and level of fees and charges of retail banking products observed significant ongoing consumer detriment

Under Article 9 of its founding regulations, the EBA is mandated to collect, analyse and report on consumer trends, such as the development of costs and charges of the retail banking products under its consumer-protection remit. These products comprise mortgage credit, consumer credit, payment services, electronic money, deposits and payment accounts.

To deliver on this mandate, the EBA publishes a biennial CTR, based on input provided by a variety of different sources, including national authorities, consumer associations, national ombudsmen, industry and public databases. Across several of the more recent editions, the CTR had identified the lack of transparency and level of fees and charges as one of the key issues causing detriment to consumers in the EU.

As a first step to understand and assess this commercially sensitive topic, the EBA used one of its newly conferred powers and carried out a thematic review, culminating in the publication of a review report in December 2022. The report indicated that fees and charges vary widely across the EU in terms of type and level of fees, and that, for some financial institutions, fees and charges represent a major source of their income.

Except for payment accounts, the review also found that the level of harmonisation and standardisation of fees within and across EU Member States was low, making it difficult for consumers to effectively compare costs, thus making markets less competitive than national legal frameworks are subject to the general principle of freedom of contract. Consequently, most NCAs have no powers to regulate the level of fees and only in few cases, NCAs have the power to intervene when the level of fees charge is considered not to be reasonable compared to the service offered and limited to payment accounts.

Collecting and publishing consumer trends data

In 2022, the EBA started work on the next edition of its biennial Consumer Trends Report, covering the years 2022/2023. In line with previous editions, the CTR will describe the trends that the EBA observed for retail banking products and services within its regulatory remit. The report will use a wide variety of sources, including consumer associations, national authorities, national ombudsmen, industry associations, and statistical databases, to identify the key issues that cause detriment to consumers across the EU. The report is due to be published in April 2023 and its content will shape the consumer protection priorities that the EBA will set for the subsequent two years.

Fighting money laundering and terrorism financing

A picture containing cartoon, LEGO, design

Description automatically generated

 

In 2022, the EBA continued to lead the development of a consistent approach to tackling financial crime risk in the EU’s financial sector, to strengthen supervisory capacity and to coordinate the work of competent authorities and foster EU-wide responses to emerging money laundering and financing of terrorism (ML/TF) risks. It also continued to provide technical advice to the EU’s co-legislators to inform the development of the emerging legal and institutional EU anti-money laundering and countering the financing of terrorism (AML/CFT) framework.

Framework

Strengthening the EU legal and institutional framework

Financial crime cannot be tackled in isolation. This is why the EBA implemented a holistic regulatory framework to ensure a consistent approach to identifying, assessing and managing ML/TF risk across all areas of supervision and across all stages of a financial institution’s life cycle.

In 2022, the EBA completed this framework with new guidelines on core aspects of financial institutions’ AML/CFT governance and internal controls, the Remote Customer Onboarding Guidelines that provide clarity on the application of AML/CFT rules in a digital context, and the AML Compliance Officer Guidelines. Both guidelines set common EU standards in areas where divergent approaches existed that hampered the effectiveness of institutions’ AML/CFT defences and made the sector vulnerable to abuse by financial criminals.

The EBA also published revisions to its SREP Guidelines to specify how prudential supervisors should take ML/TF risks into account, a report on the withdrawal of authorisation that lays down uniform criteria supervisors should use to assess the seriousness of an AML/CFT breach and prepared for the delivery of ten new mandates under the recast Regulation on the transfer of funds and crypto-assets.

Consolidating the regulatory framework

In 2022, the EBA continued to carry out reviews of competent authorities’ approaches to tackling ML/TF risk in banks. Expert teams led by EBA staff examined how twelve supervisors from nine Member States assessed ML/TF risk in their sector, how they adjusted their AML/CFT strategy and supervision in line with that risk assessment and the measures they took to remedy shortcomings they had identified in institutions’ AML/CFT systems and controls. A particular focus this year was on supervisory cooperation, and the role of prudential supervisors in Member States’ AML/CFT framework. This was because of the EBA’s ongoing work to put in place a holistic approach to tackling ML/TF risk and the publication, in 2022, of the revised SREP Guidelines, among other prudential instruments. A report summarising these findings and recommendations made will be published in 2023.

Findings from the previous round of “implementation reviews”, which were published in March 2022, suggest that supervisory cooperation was becoming a priority for most competent authorities, who had started to put in place mechanisms to exchange information with their counterparts at home and abroad. Nevertheless, cooperation with financial intelligence units (FIUs) was not always systematic and continued to be largely ineffective in most Member States.

This hampered the effectiveness of competent authorities’ AML/CFT efforts.

Supervision

Building supervisory capacity

The EBA supported the effective implementation of the AML/CFT framework by building supervisory capacity.

The EBA continued its programme of in-depth reviews of CAs’ approaches to tackling ML/TF risks in banks with on-site assessments of 12 CAs in 2022, detailed bilateral feedback and a report on their findings and recommendations from the previous year’s review cycle. The EBA also published a report on CAs’ responses to the Luanda Leaks with several good practices EBA staff had observed and assessed CAs’ approaches to tackling ML/TF risks in the payment institutions sector, with results due in 2023.

  1. AML/CFT implementation Reviews – findings from Round 2

    Implementation reviews are EBA staff-led assessments of CAs’ approaches to tackling ML/TF risk in banks. In March 2022, the EBA published the findings from its second round of implementation reviews, which took place in 2020 and 2021.

    Over the course of 2020 and 2021, review teams assessed seven CAs from seven EU/EEA Member States and made recommendations tailored to each CA to support their AML/CFT work. They also assessed how prudential supervisors in these Member States tackled ML/TF risk in line with their supervisory remit and scope.

    Challenges that were common to most CAs in this round included difficulties in the identification and assessment of ML/TF risks associated with the banking sector and with individual banks within that sector, in particular in relation to TF risk; translating ML/TF risk assessments into risk-based supervisory strategies; using available resources effectively, including by ensuring sufficiently intrusive on-site and off-site supervision; and taking proportionate and sufficiently dissuasive enforcement measures to correct AML/CFT compliance weaknesses. The review teams also found that cooperation with FIUs was not always systematic and continued to be largely ineffective in most Member States, though several CAs had started to take steps to address this.

    Overall, while these challenges hampered the effectiveness of aspects of CAs’ approaches to AML/CFT supervision, change was underway and the review teams found that most CAs were on course to tackle ML/TF risks more effectively, holistically and comprehensively.

    Throughout 2022, EBA staff provided training where its findings suggested that this was necessary to strengthen supervisory knowledge and practices either in-house, or by contributing to events hosted by the Commission, the ECB and other EU bodies. For example, in April 2022, the EBA provided AML/CFT training to more than 100 EU life insurance supervisors. It also hosted a three-day training programme on effective, risk-based AML/CFT supervision, drawing on the findings from its AML/CFT implementation reviews. The EBA’s in-house AML/CFT training alone reached nearly 1 500 EU supervisors.

EU cooperation and coordination

The EBA continued to foster cooperation and information exchange among EU financial services supervisors and to coordinate common responses to EU-wide ML/TF risks. Staff continued to monitor and provide hands-on support to nascent EU AML/CFT colleges to strengthen cross-border AML/CFT supervision, led work to tackle unwarranted de-risking with a series of reports and new guidelines, and took the lead on a common response to emerging financial crime risks following Russia’s invasion of Ukraine.

As of 31 December 2022, 244 AML/CFT colleges had been established in the EU. Of these, 105 were established in 2022, including 35 in the banking sector, 18 in the payment/electronic money sector, 32 in the investment sector (collective investment undertakings, fund managers and investment firms) and 20 in the life insurance sector. EBA staff attended 11 of these colleges in 2022 It also published its second report on the functioning of AML/CFT supervisory colleges in the EU. The report highlighted that, although competent authorities were committed to implementing the AML/CFT colleges framework, they need to do more to ensure ongoing collaboration and proactive information exchange within colleges.

  1. A new EU database

    On 31 January 2022, the EBA launched its central AML/CFT database EuReCa, which brings together information on serious deficiencies in individual financial institutions’ systems and checks that expose these institutions to ML/TF risk, and the measures CAs took to correct those deficiencies. Throughout the year, EBA staff supported CAs as they set up the internal processes necessary for reporting. By 31 December 2022, the EBA had received nearly 400 submissions from AML/CFT and prudential supervisors in 21 EU Member States, which it analysed and disseminated to CAs as necessary to inform their supervisory tasks.

    Since EuReCa’s inception, the EBA has provided extensive support to CAs to help them adapt their internal processes to meet their reporting obligation. Over the course of 2022, the EBA provided training to 550 supervisors; hosted monthly meetings for 190 CA staff in charge of reporting; answered more than 2 600 emails; prepared a user manual and FAQs; provided access to a test environment to enable users to get used to the platform before submitting real data; and reached out proactively to reporting authorities when inaccurate or incomplete data was identified.

EuReCA – one year on

One year on, EuReCA has become a key tool strengthening AML/CFT supervision and coordinating supervisory efforts across the EU and will keep contributing with its holistic insights to the fight against ML/TF.

Between 31 January and 31 December 2022, CAs reported to EuReCA 259 “material weaknesses” and 129 measures to mitigate these deficiencies. Most material weaknesses were related to credit and payment institutions, but reports were submitted on all types of financial institutions across different sectors. Most submissions were made by AML/CFT authorities and related to material deficiencies in institutions’ customer due diligence framework as well as wider AML/CFT systems and controls. Where prudential authorities submitted reports, these tended to relate to serious weaknesses, including negligence or wilful misconduct of senior management or members of the institution’s management body.

The EBA also received 15 “reasoned requests” from prudential and AML/CFT supervisors to access information from EuReCa, and EBA staff shared information with stakeholders on their own initiative.

Figure 18: Types of entities concerned by the material weaknesses reported up to 31 December 2022

Chart

Description automatically generated

Figure 19: Distribution of material weaknesses submitted up to 31 December 2022 by category

Chart

Description automatically generated

Finally, the EBA continued to provide technical advice to the EC and co-legislators to strengthen the EU’s AML/CFT defences through letters, responses to calls for advice on wider financial services topics and bilateral exchanges, highlighting the importance of supervisory cooperation and a holistic, joint approach to fighting financial crime. A coordinated, joint approach will be particularly important as the new institutional AML/CFT framework is set up.

Roles and responsibilities of the AML/CFT compliance officer
Aniko Hrubi, AML specialist

Aniko Hrubi
AML specialist

Solene Rochefort, AML expert

Solene Rochefort
AML expert

Why was it important for the EBA to define the roles and responsibilities of the AML/CFT compliance officer in the form of guidelines?

Throughout the different interactions with AML supervisors across Europe, we understood that different approaches exist in different countries as regards the definition, tasks and hierarchical level of the AML compliance officer. This meant that, for example, senior management of financial institutions did not always prioritise hiring suitably qualified staff for AML/CFT roles, or that the AML compliance officer was simply not sufficiently senior to report to the institution’s senior management body, which then affected the quality of institutions’ AML/CFT compliance measures overall. The EU’s AML Directive requires financial institutions that have a management body to identify the member of the management body who is ultimately responsible for compliance with AML/CFT requirements. The AML Directive also explicitly says that an AML/CFT compliance officer should be appointed at the management level in institutions. But it doesn’t set out in detail how these provisions should be applied. We needed to create a common understanding across the EU about the underlying concept, hence the issuance of our guidelines.

What is the key message of the guidelines?

These Guidelines set clear expectations of the role, tasks and responsibilities of the AML compliance officer and the management body. They specify that financial institutions should appoint one member of their management body who will ultimately be responsible for the implementation of the AML/CFT obligations, and clarify the tasks and functions of that person. They also describe the roles and responsibilities of the AML compliance officer and when this person is appointed by the management body, according to the proportionality criteria. When the institution is part of a group, the Guidelines prescribe that a group AML compliance officer should be appointed and clarify this person’s tasks and responsibilities.

When drafting the guidelines, how did you take into account the huge variety of financial sector stakeholders that will need to implement these guidelines?

For all EBA work, the principle of proportionality is key. These guidelines specify that, depending on the scale and complexity of the financial institution’s operations and its risk exposure to ML/TF, the management body needs to decide if a separate, dedicated AML compliance officer needs to be appointed. Also, the proportionality criteria will determine whether that role will be carried out on a full-time basis or whether it may be carried out by an employee or an officer in addition to their existing functions within the financial institution.

How the AML CO Guidelines fit into the wider EBA Guidelines on internal governance?

We worked closely with EBA experts on internal governance and suitability. The AML Compliance Officer Guidelines complement, but do not replace, other existing relevant Guidelines issued by the ESAs on wider governance arrangements and suitability checks. Our messages are coordinated and consistent.

What feedback did you receive from the industry?

Reactions were in fact very positive! After the publication of the guidelines in June 2022, we participated in several private sector events to raise awareness and promote the new guidelines. Many AML compliance officers told us that they believed the guidelines were useful and actually contributed to enhancing the value of their position and the daily work they do. The EBA received the same message throughout its country reviews on AML/CFT supervision of banks in EU countries. It was great to hear such feedback!

From which date are the guidelines applicable?

The AML compliance officer guidelines are applicable as of 1 December 2022. Since that time, all EU supervisors confirmed to the EBA that they either comply or intend to comply with these guidelines.

Integrating ESG risks into the regulatory framework

A group of people standing around a question mark

Description automatically generated with medium confidence

 

ESG is a horizontal priority for the EBA and feeds into many aspects of its work. The EBA is following a sequenced and comprehensive approach to integrate ESG risks considerations in the banking regulatory framework and support the EU’s efforts to achieve the transition to a more sustainable economy. In 2022, in addition to work on ESG-related stress testing and disclosures described in other parts of the report, the EBA’s work included a first assessment on prudential treatment, risk management and supervision, identifying the concept of greenwashing and publication of a renewed roadmap presenting the EBA’s work plan in the area of sustainable finance.

The role of environmental risks in the prudential framework

The EBA is mandated to assess whether a dedicated prudential treatment of exposures related to environmental and/or social objectives / subject to environmental and/or social impacts would be justified. A two-step approach is being followed to address this mandate. Firstly, a discussion paper was published in May 2022, on which feedback from stakeholders was sought. The discussion paper provided an initial assessment of how the framework interacts with environmental risks and posed questions on whether adaptations are required to effectively address such risks. The feedback received to this discussion paper will be considered before formulating policy recommendations in a final report to be published in 2023.

Integrating ESG risks in the supervision of investment firms

The EBA published a report on the integration of ESG risks in the supervision of investment firms. The objective of this report is to provide an initial assessment of ESG factors and risks for the purposes of the prudential supervision of investment firms under the Investment Firms Directive. To this end, the report sets out the foundations for further considerations of the ESG aspects in the SREP of investment firms. The work on the integration of ESG risks in the supervision of investment firms builds on and complements the EBA report on management and supervision of ESG risks for credit institutions and investment firms published in 2021.

Collecting evidence on greenwashing

Growing demand for sustainability-related products, an increase in sustainability claims by institutions and rapidly evolving regulatory regimes have led to growing concerns about potential greenwashing practices in the financial sector. Accordingly, the Commission has requested each of the ESAs, individually but in a coordinated manner, to provide their respective input on several aspects related to greenwashing, including its definition, types and forms, risks and supervisory tools. To help deliver their inputs, the ESAs have gathered the views of stakeholders through a Call for Evidence, which attracted 136 responses from various types of organisations including financial institutions, academics and NGOs. In addition, the EBA organised a survey among its competent authorities. Responses received will help the ESAs to form views on the key features, drivers and risks associated with greenwashing, collect examples of potential greenwashing practices and take stock of supervisory tools and initiatives. Ultimately, obtaining a more granular understanding of greenwashing will help inform policy making and supervision and foster the reliability of sustainability-related claims.

Enhancing management of ESG-related risks

Following-up on its 2021 report on ESG risks which concluded on the need for institutions to incorporate ESG risks into their business and risk management processes, the EBA conducted preparatory work in 2022 for new Guidelines on the identification, assessment, management and monitoring of ESG risks. This preparatory work was also conducted in anticipation of a new mandate envisaged for the EBA under the CRD VI to set requirements for institutions on this. Preparatory work included a review of institutions’ practices based on supervisory findings, also with a view to identifying shortcomings, identifying relevant EU and international frameworks such as BCBS principles on climate-related risks and first discussions on the substance of requirements which would ensure robust risk management practices by EU banks.

The renewed ESG roadmap
Fabien Le Tennier, Policy expert

Fabien Le Tennier
Policy expert

Ali Erbilgic, Senior policy expert

Ali Erbilgic
Senior policy expert

Why has the EBA published a renewed roadmap on sustainable finance?

The EBA published its first action plan on sustainable finance back in 2019. Since then, the sustainable finance regulatory framework has evolved fast, and will continue to evolve fast in years to come. Renewing EBA’s roadmap on sustainable finance was needed as a response to these developments. Numerous legislative acts and initiatives allocate to the EBA new mandates and tasks related to sustainable finance and ESG risks. To provide transparency to stakeholders, the renewed roadmap outlines the EBA’s objectives and timeline for delivering mandates and tasks over the next 3 years. This roadmap builds on and replaces the EBA’s first action plan. To this end the roadmap, on the one hand, ensures continuity of actions assumed under the previous action plan, and, on the other hand, accommodates the necessary adjustments needed following market and regulatory developments, including new mandates and new areas of focus.

What are the main dimensions of work included in the EBA’s roadmap?

Mandates and tasks cover the three pillars of the banking framework, i.e., market discipline, supervision and prudential requirements, as well as other areas related to sustainable finance and assessment and monitoring of ESG risks. As a result, the EBA’s work aims on the one hand to incorporate ESG considerations into a risk-based banking framework, and mitigate these risks, and on the other, to support the EU’s wider efforts to achieve the transition to a sustainable economy, while remaining risk-based.

Can you summarise the EBA’s plans in these different areas?

In the area of transparency and disclosures, the EBA will continue its work related to the development and implementation of institutions’ ESG risks and wider sustainability disclosures. Similarly, the EBA will continue its efforts to ensure that ESG factors and risks are adequately integrated into institutions’ risk management framework and their supervision, including through further developments on climate stress tests. In the area of prudential regulation, the EBA has initiated an assessment of whether amendments to the existing prudential treatment of exposures would be justified. In addition to these tasks, the EBA will contribute to the development of green standards and labels, and measures to address emerging risks in this field such as greenwashing. Finally, the EBA will assess and monitor developments in sustainable finance and institutions’ ESG risk profile, including those based on data from expected supervisory reporting.

Are changes to timelines described in the roadmap conceivable?

The roadmap was developed based on the current state of the regulatory framework and reflects our current expectations on mandates and tasks. However, there are ongoing regulatory developments which may affect the scope and timelines of some tasks. For example, as the Banking Package (CRR/CRD) is currently undergoing a revision, additional mandates stemming from these texts are not yet fully known. These envisaged new or amended mandates are included in the roadmap to the extent they are expected based on the legislative proposals. However, their exact scope and deadline will only be fully determined once the final texts are agreed to and adopted.

Figure 20: key objectives of the EBA’s roadmap on sustainable finance

Chart, radar chart

Description automatically generated
Contributing to European and international activities

The EBA’s work on ESG risks and sustainable finance is closely intertwined with ongoing developments at the EU and international level, to which the EBA also directly contributes. At the EU level, the EBA has contributed to work conducted by the Platform on Sustainable Finance, an advisory body to the Commission, such as on data and usability as part of reporting in accordance with the EU taxonomy of environmentally sustainable activities.

At the international level, the EBA is involved in the work conducted by the Network for Greening the Financial System and the BCBS. Within the BCBS high-level Task Force on Climate-related Financial Risks, the EBA contributed to responses to frequently asked questions (FAQs) clarifying how climate-related financial risks may be captured in the existing Basel Framework, the publication of principles for the effective management and supervision of climate-related financial risks as well as considerations for using Pillar 3 of the Basel Framework to promote a common disclosure baseline for climate-related financial risks across internationally active banks.

Going forward, the EBA will pursue its participation in EU and international initiatives including through ongoing cooperation with the European Commission, ESMA, EIOPA and ECB/ESRB with a view to ensuring an overall consistency of actions across the EU financial sector and delivering on cross-sectoral climate risk stress-testing mandates.

Enhancing efficiency and effectiveness

Empowering people and ensuring organisational agility

Essential ingredients for the EBA’s continued development success are its highly-talented and committed staff as well as its organisational culture. The organisation has been and is still focusing on attracting and developing talents; on fostering teamwork that encourages openness and respect; on leveraging tools and services; on strengthening partnerships, all contributing to the EBA’s reputation as an attractive employer and agile organisation.

Beside better internal structural adjustments fostering higher internal synergies, the EBA has implemented a robust internal mobility policy offering staff career development opportunities. It has also invested in developing staff external mobility through staff exchange with ESAs and national competent authorities. User satisfaction and efficiency of enabling services has been enhanced by investing in technological infrastructure, methods for digital collaboration and initiatives to make processes more efficient and services more user-friendly. Operational performance has been also improved by a result-based planning and monitoring Master file tool, as well as partnerships for shared resources, capabilities and services.

Strengthening research initiatives

Every year the EBA organises a policy research workshop that aims to bring together economists and researchers from supervisory authorities and central banks, as well as leading academics, to discuss how the banking sector is evolving and the challenges for banks and their regulators. The EBA launches a call for papers inviting the submission of policy-oriented research papers in topics related to banking regulation and supervision and researchers from supervisory authorities and central banks are particularly encouraged to submit their work for discussion27. We have been inviting very distinguished policymakers and academics, and in 2022, our hybrid event was attended by more than 400 registered participants. The 2022 topics were climate change and ESG, as well as technological innovation, an EBA event promoting the policy research issues which are front and centre for the banking sector. In addition, several internal policy research seminars were organised and external policymakers and academics were invited to discuss topics such as artificial intelligence, house prices, mortgage debt and climate changes. The aim was to promote discussion on regulatory and supervisory topics and contribute to improving the policymaking process. The annual research events and monthly research seminars provide the right environment for debate on the impact of regulatory reforms on banking markets through a strengthened analytical function.

Promoting the EBA’s work

In 2022, the EBA continued to carry out communication activities aimed at promoting the Authority’s work and deliverables envisaged in the annual work programme via its main communication channels: the corporate website, press interviews and social media platforms.

In order to speak to a wider audience, the EBA produced factsheets and infographics on some of its key topics, including ESG, digital finance, digital platforms, gender equality and more. The EBA also increased the number of dynamic data visualisations aimed at presenting large amounts of data in a more comprehensive and digestible manner. The Flourish data visualisation tool was used to accompany publications such as the quarterly risk dashboards, the EU-wide transparency exercise, reports on high earners, funding plans and asset encumbrance.

The EBA Communication team coordinated and contributed to the successful publication and promotion of the Authority’s key publications, such as the Risk Assessment Report, the EU-wide transparency exercise and several thematic reports.

Throughout the year, the EBA published 132 press releases and news items, promoted the EBA’s work in the press and media, conducting 74 interviews and briefings with the press and responded to 706 queries via email.

The Authority was also very active on its corporate social media channels, publishing more than 400 tweets and 200 posts on LinkedIn. This resulted in more than 230 000 Twitter profile visits and more than 19 000 new followers on LinkedIn.

The EBA website remained the main communication tool with external stakeholders and received more than 1 739 000 unique visits.

To promote its core values, the EBA also continued its internal communication activities and initiatives, such as the campaign aimed at promoting the EMAS registration of the Agency and raising awareness on sustainability-related topics, or all the activities aimed at promoting diversity and gender equality at the EBA.

A picture containing screenshot, design

Description automatically generated

 

Stakeholder engagement
Anne Tiedemann, Senior policy expert

Anne Tiedemann
Senior policy expert

What changed in 2022 for the EBA stakeholder engagement?

As part of its missionthe EBA is built on strong cooperation with EU supervisors and EU institutions. However, as the banking sector is confronted with new risks and opportunities, the mission of the EBA has evolved and adjusted to a certain extent to address those complex challenges. As a result, the EBA has embarked on enhancing its engagement with core stakeholders such as the Council, the European Parliament, the other ESAs, the ECB Single Supervisory Mechanism and on expanding its openness to a new set of non-financial regulators in the areas of cyber risk, crime prevention, data protection and competition.

In 2022, we actively explored and reached out to new stakeholders to engage and exchange with them through bilateral engagements and targeted sessions. We also reworked our internal toolbox and more proactively assessed areas of particular interest to external stakeholders.

What was the rationale? Why did you overhaul your engagement with stakeholders?

Coming out of a pandemic into a more interconnected world with global uncertainties, we know that one of the prerequisites for meaningful cooperation is trust. At the same time, we are facing new actors as regards ESG and digitalisation, be it EU institutions, agencies, associations or industry. That means, those new stakeholders need to understand what we do as much as we need their input to do our job better. At the same time, it is important that every exchange remain anchored in our commitment to transparency, as it has always been a guiding principle of the EBA.

Once committed to that level of engagement, it’s difficult to stop, right?

Going forward, we see an increase in cross-sectoral collaboration and regulation. In addition, the complexity of regulation may not diminish. In return, our engagement with external stakeholders is set to expand further. We need to explain what we do. That entails raising awareness about the EBA’s mandates, tasks and policies, and stakeholders need to understand how the latter impact them. Ultimately, this ongoing dialogue is a key pillar to ensure transparent, unified and safe regulation and supervision for the benefit of consumers and the EU economy.

Creating a greener organisation

The year 2022 has been a breakthrough year for the establishment of the EMAS at the EBA.

In March 2022, the first environmental statement was positively validated and verified by independent external auditors. With its registration by French Ministry for the Ecological Transition in August 2022, the EBA has become the first European agency in France to be awarded the EMAS certificate.

In December 2022, the EBA celebrated this achievement with the vice-president of the European Parliament responsible for EMAS – Ms Heidi Hautala – who, during an internal event “EMAS, a success story”, remarked that even small changes add up to a hugely positive impact at the EBA.

Throughout the year, the EBA substantially progressed by introducing environmental best practices and it successfully achieved its 2022 environmental objectives and targets:

  • travel: at least 50% reduction in the number of meetings and visits in 2022 in comparison to 2019;
  • energy: at least 10% reduction in the energy consumption of the building;
  • waste: at least 70% of waste is recycled;
  • procurement: environmental impact is considered for 100% of contracts procured by the EBA.

The effectiveness of the environmental management system was checked during annual audits and management review. The independent external auditors concluded that environmental matters and concerns are part of the EBA’s premises management, activities and missions. People interviewed are fully aware of EMAS objectives and requirements and include them in their daily work. Real improvements have been made in the management system since November 2021.

The EBA continued to communicate its efforts to raise awareness about sustainability and environmental management, and to adequately inform its stakeholders. Communication has been a key success factor in the implementation of EMAS at the EBA. These include a clear communication strategy, an attractive visual identity, regular updates and information to target audiences, diversified communication channels and methods, a smart theme “Sustainability and beyond” and tagline “Together we can make a difference”, to name a few.

The survey launched in March 2022, exactly 2 years since the beginning of the EMAS implementation, proved that the EBA staff members are happy with the management of environmental aspects of the agency and are very motivated to improve its environmental performance. They believe that the rational use of energy, water, stationery and office supplies is well implemented. They evaluate that environmental instructions are well defined and respected, and most importantly that the staff apply most of these good practices. The majority think that environmental impacts are considered in the EBA’s core business activities and procurements.

The auditors also confirmed communication among the strong points of the environmental management system at the EBA. In particular, they observed high quality communication strategy and productions, clear messages for staff, lots of communication and awareness-raising actions (EBA corner on the intranet, survey, weekly staff newsletter, etc.) and the increase in ESG matters in the EBA activities.

Powering Risk Management

In 2022, the EBA continued to develop and improve its Enterprise Risk Management (ERM) in order to continue raising awareness on the topic and to further integrate risk management into the EBA’s decision-making process. The EBA intends to use the ERM:

  • as a strategic decision-making tool to optimise performance across all aspects of the organisation;
  • to ensure it is capable of delivering on all aspects of its mandate;
  • to take an agency-wide view of risk to preserve its existing assets while creating value for future opportunities.

The following aspects were finalised:

  • A risk register, including 15 strategic risks were identified. The risk register is a systematic listing, description and prioritising of risks for the EBA. It enables risks to be organised and monitored, and their root causes and possible implications to be analysed.
  • An ERM policy, setting out the overall ERM practices, as well as a risk appetite / risk tolerance statement, summarising the EBA’s appetite for risk in each of a whole range of activities.
  • An ERM lifecycle document explaining in detail the different steps / phases to be considered during the course of 1 year, including detailed indications of the different stakeholders and lines of defence involved in each step. The ERM lifecycle exists to generate and maintain a stream of data and information, recorded in the EBA’s risk register, upon which the EBA’s personnel can make risk-informed decisions.
  • Awareness sessions for directors and heads of units, as well as other staff.
  • Finally, a risk toolkit to centralise and manage the risks/progress made.

Out of the 15 risks, 5 were identified as needing extra mitigation measures, which are being developed at the beginning of 2023. In addition, in 2023, the EBA intends to:

  • develop an updated iteration of risk register via application of the ERM lifecycle;
  • pilot integrating existing local risk registers into the ERM framework;
  • develop local risk assessments further. 

Enhancing digitalisation

In the 2022, the EBA completed the implementation of the Collaboration Platform, a key initiative enabling EBA to operate with digital solutions that are future-proofed, secure, easy to use, highly efficient and effective. EBA users can work, collaborate, share information, and communicate with their colleagues, counterparts and externals seamlessly within the EBA office and outside of it, enabled by devices, tools and services.

The platform, based on M365 tools, facilitates internal and external cooperation and collaboration, and enables secure and quick information exchanges. The implementation increases efficiency by providing:

  • Increased and secure information exchange between committees, governing bodies and working groups.
  • Facilitation of the work performed by EBA and its external stakeholders, via an online platform, resulting in less administration, increased mobility, reduced communication and travel costs (including lower environmental impact).
  • Knowledge retention, by organising the information according to specific criteria and subject and making it available to relevant counterparties and stakeholders.
  • Empowering EBA colleagues to quickly create their own collaboration structures.
  • Security and Compliance enhancements, multi factor authentication, information protection, data loss prevention, aligned with infosec polices and security standards.
  • Managing user access via a unified system, will eventually reduce all administration and help desk costs and effort, and will provide adequate controls and reporting over requesting, authorizing & granting access to critical applications across the organisation.
  • Enabling the future convergence for the successors of EBA legacy systems such as Extranet, Colleges, Nintex Workflows.
  • Rich ecosystem of 3rd party applications and native features to offer future capabilities when needed (e.g. project management, workflows, translation services)
  • Information Management Platform to ensure not only proportionate security protection to EBA files according to their sensitivity, but also allowing compliant processing of personal data, legal documents, etc. (encryption, retention, archiving, purging)
  • Consolidation of mobile device management using to securely offer the collaboration tools and experience across laptops, iPads, iPhones, and workstations.

Strengthening the Q&A process

Developed since 2013, the EBA decided to make some internal changes to enhance the efficiency and accountability of its Q&A process through which the EBA answers stakeholders’ questions about the single rulebook in 2022, with a renewed commitment to answering stakeholders’ questions and to doing so within 9 months.

The continued importance of Q&As (https://www.eba.europa.eu/single-rule-book-qa) is reflected in the ever growing number of questions submitted, which, by 31 December 2022, amounted to around 6 500. Institutions, industry associations, CAs and other stakeholders have used the Q&A processto submit questions on legal texts within the EBA’s scope. This includes associated Commission delegated or implementing acts, on related technical standards developed by the EBA and adopted by the Commission, and on EBA guidelines adopted under these legislative texts. To ensure answers reflect a consistent approach, the review of the questions submitted follows a thorough process involving the EBA, the EC and the CAs.

In the course of 2022, EBA staff increased their efforts to reduce processing times, to close Q&As within 9 months from submission. By 31 December 2022, around 2 450 questions could be answered and about 370 were under review (down from about 680 at the end of 2021). The bulk of these are on the CRR/CRD, with about half of Q&As relating to questions on the supervisory reporting framework.

New admissibility criteria were applied in 2022 to help with this effort, focusing the process on Q&As that are the most useful to ensure consistent, efficient and effective application of regulation and supervision.

Q&As are also an integral part of the Interactive Single Rulebook (https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook). This is a compendium of the key legislative frameworks within the EBA’s remit. It enables stakeholders not only to access the relevant legislative frameworks in one place, but also, by using the links embedded in relevant articles of these legislative texts, any person can consult the associated technical standards (RTS and ITS), EBA guidelines, and Q&As on these legislative and regulatory texts.

Q&As

342 Q&As were submitted in 2022 and 224 were answered.

The role of legal
Inci Metin, Senior legal officer

Inci Metin
Senior legal officer

How does the EBA Legal and Compliance Unit support the EBA’s regulatory work?

The Legal and Compliance Unit (LCU) has two dedicated teams to support regulatory work. In those two teams we review all draft technical standards, guidelines, recommendations, opinions and decisions that the EBA produces. We make sure that each product fits well within the EBA’s legal framework and other Union law and has a sound legal basis, while achieving our colleagues’ policy objectives.

The importance of this work was clear when the application of two EBA guidelines by a national authority was challenged in national legal proceedings. One of the challenges related to the EBA Guidelines on product oversight and governance Guidelines. We represented the EBA in the European Court of Justice, resulting in the ECJ judgment C-911/19 upholding our Guidelines. That procedure was very important for the EBA’s future path in continuing to have flexibility in being able to use guidelines to address risks we see in the banking sector. In 2022, this case helped us and the same national authority defeat a legal challenge to another set of guidelines.

How did the LCU contribute to the ECJ judgment on the EBA Guidelines and why is the judgment important for the EBA’s work today?

When the case was referred to the ECJ for preliminary ruling, we created a team of three lawyers, of which I was part. We provided our observations to the Court in which we submitted our defence of the Guidelines, with success. The Court supported our arguments.

This was a fundamental case on the EBA’s scope of action and powers in general, since the Court confirmed that the EBA is not limited to concepts expressly mentioned in Level 1 texts, but rather the EBA can develop new concepts in guidelines, once these are necessary for the effective application of the sectoral act on which they are based and that we continue acting under the legal framework of the EBA. The judgment had two very significant effects on the EBA’s work. First, the EBA is reassured about its future work on guidelines, and EBA lawyers will continue to ensure that the EBA acts within the limits of its regulatory framework. Second, it set clear criteria for stakeholders and national courts to understand what the EBA can and cannot do with guidelines. That helped in 2022, when a national administrative court dismissed a challenge to the legality and validity of the EBA’s Guidelines on Loan Origination and Monitoring. The Court ruled that there was no reason to doubt the legality and validity of the Loan Origination Guidelines.

You are also involved in the AML/CFT unit’s work. How is the LCU assisting with the move of AML/CFT competencies to the EU’s proposed?

The AML/CFT area’s work has been particularly interesting during 2022 and continues to be. In addition to the usual legal review of regulatory products, legal support is required for the transitional phase in which the EBA is expecting to transfer some of its tasks and powers to the new AMLA.

In 2022 the co-legislators worked on the AML legislative package and the EBA’s expertise on the topic was sought on a number of occasions. This expertise also includes the knowledge about legal issues and legal implications from the perspective of a European AML/CFT Authority, which should be considered for a smooth transition of competencies to the new AMLA. In that context, I have enjoyed contributing to questions on the transfer of the EBA’s AML database, EuReCa. The legal framework for the EBA and the framework for the AMLA are designed differently. My input here related mostly to the fact that the legal framework for AMLA needed to ensure a sensible takeover of the database and that important features would be maintained.

As part of the transitional phase, in the draft AML package, the Commission and the co-legislators intend to task the EBA with a number of AML/CFT mandates to be delivered during the transitional phase. This is to ensure that there is no regulatory gap until AMLA is operational. For the EBA to fulfil its upcoming tasks in the most effective way, it is important that the respective legal bases and frameworks exist and we have been contributing to this. I look forward to continuing to provide my support to the transition as part of the EBA’s internal transition project team.

Cross-sectoral work under the Joint Committee

A group of three people around data from different sectors

 

Joint Risk Assessment

The Joint Committee prepared two Joint Risk Reports in Spring and Autumn respectively. In Spring, the report highlighted increasing vulnerabilities across the financial sector, notably regarding inflation risk, a possible deterioration in asset quality, increase in yields and a sudden reversal of risk premia, as well as the rise of environmental and cyber risks. It also included a preliminary assessment of the consequences of Russia’s invasion of Ukraine. The ESAs encouraged supervisors and market participants to prepare for the challenges ahead, including compliance with sanctions, and warned against rising risks to retail investors. They also called on financial institutions to further incorporate environmental, social and governance (ESG) concerns in their business strategies and governance structures and to strengthen cyber resilience.

The autumn Joint Risk Report argued that the deteriorating economic outlook, high inflation and rising energy prices had increased vulnerabilities across the financial sectors. It considered the implications of Russia’s invasion of Ukraine, inflationary pressures and their impact on interest rates and cyber and digitalisation-related risks. The ESAs advised national supervisors, financial institutions and market participants to intensify preparation for the challenges facing them, which remained largely in line with those identified in the Spring Risk Report and also included risks arising from crypto assets.

Sustainable finance

Sustainable finance continued to be a central element of the work of the Joint Committee in 2022, which focused on the Sustainable Finance Disclosure Regulation (SFDR). The ESAs issued an updated Joint Supervisory Statement on the application of the SFDR. The statement invited national competent authorities and market participants to use the interim period from 10 March 2021 until 1 January 2023 to prepare for the future application of the Regulatory Technical Standards (RTS) and implement the relevant measures of SFDR and the Taxonomy Regulation in line with the timeline indicated in the statement. Under Article 5 and 6 of the Taxonomy Regulation, market participants were requested to provide an explicit quantification (i.e., a numerical disclosure of the percentage) of the extent to which investments underlying the financial product are taxonomy-aligned.

In June, the ESAs published a clarification on the ESAs’ draft RTS under SFDR. This clarified Principal Adverse Impact (PAI) disclosures, financial product disclosure and Do Not Significantly Harm (DNSH) disclosures. The clarification document responded to numerous requests by stakeholders.

As foreseen by Article 18 of SFDR, the ESAs published their first report on the extent of voluntary PAI disclosure of investment decisions on sustainability factors. The report examined the state of disclosures under Article 4 SFDR on principal adverse impacts, noting that disclosures were made under Level 1 measures. Based on a survey of NCAs’ practices, the report found that implementation varied across jurisdictions with discrepancies in how the PAIs were disclosed and in the level of details used in explaining why financial market participants did not take into account PAIs of their investment decisions.

In September, the ESAs published a Final Report containing RTS amending the SFDR Delegated Regulation related to disclosures in financial products of investments in fossil gas and nuclear energy. The Report was prepared in response to an urgent request by the European Commission received in April. The amendments added a yes/no question to identify whether financial products make fossil gas or nuclear energy Taxonomy-aligned investments. In case of a positive answer to the question, additional graphical representations are required. The ESAs also proposed minor technical revisions to the SFDR Delegated Regulation. The ESAs also published practical application Q&As providing clarifications on the SFDR Delegated Regulation.

Finally, the ESAs made progress in preparing of the amendment of the SFDR Delegated Regulation in response to a Commission’s mandate received in April. The mandate requested the ESAs to develop further the PAI indicators28 and to include specific financial product disclosures on decarbonisation targets (i.e. reduction of greenhouse gas emissions). The ESAs aim to submit a final report with draft RTS to the Commission in 2023.

Digitalisation

Digital issues were also at the core of the Joint Committee work in 2022. In February, the ESAs published a Joint Report on Digital Finance. The report sets out the findings and advice of the ESAs in response to the European Commission’s Call for Advice on digital finance and related issues. It covers cross-sectoral and sector-specific market developments in relation to fragmented financial services value chains, digital platforms and mixed-activity groups. It also considers the risks and opportunities posed by digitalisation in finance. The ESAs present ten cross-sectoral and two insurance-specific recommendations for actions to ensure the EU regulatory and supervisory framework remains fit for the digital age.

The Digital Operational Resilience Act (DORA) includes several policy mandates for the ESAs. To follow up on this work, the Joint Committee set up a JC Sub Committee on Digital Operational Resilience (JC SC DOR), with the involvement of National Competent Authorities and relevant European authorities. The JC SC DOR’s mandate was published in June and the first meeting took place in November. The Sub-Committee develops technical advice and draft technical standards, guidelines and recommendations mandated by DORA or the European Commission (call for technical advice) to be delivered in 2023 or 2024. It will help the ESAs ensure consistency in this cross-sectoral policy work including ICT risk management (with ICT third-party risk management and operational resilience testing), ICT related incidents and threats reporting, and the oversight of critical ICT third party service providers.

European Forum for Innovation Facilitators (EFIF)

In 2022, EFIF remained as a key forum to facilitate information exchange and supervisory convergence in innovation in the FinTech sector in the EU. ESMA chaired the EFIF in first part of 2022. The forum held three meetings, each attended by over 60 EFIF members. EFIF members shared experiences and updates on developments in the design and operation of their innovation facilitators as well as on innovative products and trends identified through the hubs and sandboxes. They also discussed various topics and case studies in the areas of RegTech, Artificial Intelligence, Decentralised Finance, Non-Fungible Tokens, synthetic data, data protection, ESG and GreenTech, digital sandboxes, facilitation of financial innovation, and quantum computing.

In 2022, EF finalised the Procedural Framework for Cross-Border Testing. The Framework aims to assist innovative FinTechs in their engagement with innovation facilitators cross-border through digital tools. The ultimate purpose of this initiative is to help innovators save time and money as they deliver new products and services to the market. This Framework was enabled by the launch of the EU Digital Finance Platform in April 2022. The Digital Platform supports the functionalities related to cross-border testing such as a standardised common form that firms can use to indicate their interest in conducting cross-border testing. Finally, the Joint Committee adopted the EFIF Work Programme for 2023, which includes the development of an updated Joint ESAs Report on innovation facilitators in 2023. After the October EFIF meeting, the EBA took over EFIF’s chairmanship.

Consumer protection and financial innovation

Consumer protection remained at heart of the Joint Committee cross-sectoral work in 2022. The JC continued to work on Packaged Retail and Insurance-Based Investment Products (PRIIPs) and intensified its work on digital and financial education issues.

Regarding PRIIPs, at the end of April, the ESAs delivered their advice of the review of the PRIIPs Regulation following a Call for Advice received from the European Commission. The advice served as input to the Commission’s work to develop a strategy for retail investment. The ESAs recommended significant changes to the PRIIPs Regulation in order to make the Key Information Document (KID) more user-friendly, notably by allowing information to be presented in a layered format, including a new section to give prominence to information on sustainable characteristics or objectives and allowing different approaches for different types of products, where necessary, including providing more flexibility on the information provided in the performance section of the KID. They also suggested not to extend the scope to additional products at this stage, but further specify the existing scope and to make changes to better facilitate comparison between different investments in multi-option insurance products.

The ESAs also issued a joint Supervisory Statement about the “What is this product” section of the KID for PRIIPs, having identified a range of poor practices in how manufacturers describe products under this section, such as insufficient information being provided regarding capital protection levels and potential losses for the investor. The supervisory statement provides an overview of these issues and sets out the ESAs’ expectations in each area to ensure that information is presented to retail investors in an adequate, clear and accessible manner.

In 2022, the ESAs published two sets of Q&As on PRIIPs incorporating into the existing ESA Joint Q&As on PRIIPs, one in October 2022 and one in December 2022, relating to (a) existing ESMA Level 3 guidance applying to UCITS that is relevant in a PRIIPs context based on the implementation of the PRIIPs KID for UCITS from 1 January 2023, (b) the currently applicable PRIIPs Delegated Regulation (2017/253), and (c) new requirements in the Commission Delegated Regulation (EU) 2021/2268 amending the existing PRIIPs Delegated Regulation and applicable from 1 January 2023.

During 2022, a total of 10 administrative sanctions or measures under the PRIIPs Regulation were reported to the ESAs by the competent authorities in three Member states (Croatia, Denmark and Hungary). These measures were fines and orders to the PRIIP manufacturer or person advising on, or selling, the PRIIP to remedy specified breaches of the PRIIPs Regulation or the PRIIPs Delegated Regulation29.

The ESAs also worked on addressing the risks to consumers arising from crypto-assets. Against the backdrop of growing consumer activity and interest in crypto-assets and aggressive promotion of those assets and related products to the public, including through social media, the ESAs issued a Joint Warning in March 2022. The warning informs consumers that many crypto-assets are highly risky and speculative and sets out key steps consumers can take to ensure they make informed decisions.

The ESAs were also actively engaging with the public. In February, they organised a high level hybrid conference on financial education and literacy to exchange ideas and experiences, stimulate the discussion and raise awareness on the topic. The discussion focused on the following topics related to financial education: Capital Markets Union; digitalisation with a specific focus on cybersecurity, scams and fraud; financial resilience of vulnerable groups and sustainable finance. The ESAs also organised the 9th edition of the Joint ESAs Consumer Protection Day, which took place as hybrid event in Frankfurt am Main, Germany in September 2022. It focused on addressing the needs of consumers and helping them navigate the current complex landscape. It tackled issues related to sustainable finance, open finance and financial inclusion.

In addition, the ESAs built a thematic repository of financial education initiatives on digitalisation, focusing on cybersecurity, scams and fraud. The repository contains a list of 127 national initiatives and related description and hyperlinks that consumers can avail themselves with to obtain helpful information to improve their financial literacy.

Finally, based on the thematic repository, the ESAs also drafted a thematic report on the implementation across the EU of national financial education initiatives on digitalization, with a focus on cybersecurity, scams, and fraud. The report identified twelve good practices that National Competent Authorities and other public entities can follow when designing and implementing their financial education initiatives. These include the publication of a blacklist of fraudulent providers and the targeting of digitally literate consumers to help them properly assess the financial risks arising from financial products and services linked to new technologies, such as crypto assets. They also comprise search engine optimisation to ensure that NCAs’ financial education websites appear among the first search results when consumers look for information on specific financial subjects. The report also draws on insights from a workshop organised by the ESAs with NCAs to facilitate an exchange on the implementation of financial education initiatives.

Securitisation

The ESAs continued their cross-sectoral work on securitisation throughout 2022. Following a Call for Advice from the European Commission to assess whether the current securitisation framework, including its prudential aspects, is functioning in an optimal manner and to identify potential areas for improvement, the ESAs published a JC advice.

The ESAs welcomed the opportunity to assess the capital and liquidity framework for securitisation and thoroughly reviewed the aspects on which the Commission had requested feedback. The advice on banking includes targeted recommendations to support the securitisation market in a prudent manner and to promote the issuance of resilient securitisations qualifying for a more beneficial capital treatment, without jeopardizing investor protection and financial stability.

The Joint Committee also issued a public consultation on the joint RTS on disclosure of information on sustainability indicators for simple, transparent and standardised (STS) securitisations in spring. In the course of 2022, the ESAs analysed the responses to the consultation and discussed the scope of the RTS.

Financial conglomerates

The Joint Committee published its 2022 annual list of identified financial conglomerates, which includes 63 financial conglomerates with the head of group located in the EU or in the EEA. Following the finalisation of the draft Implementing Technical Standards (ITS) on reporting templates for conglomerates on intra-group transactions and risk concentration, the final ITS was published by the European Commission in the Official Journal in December 2022. The new templates aim to align the reporting to enhance supervisory overview of group-specific risks, in particular contagion risk. They also aim to increase comparability among financial conglomerates of different Member States, thereby improving supervisory consistency.

Other relevant cross-sectoral Joint Committee work

The ESAs published their Final Report on EMIR draft RTS with regards to intragroup contracts. The final report comprised new draft amending Regulatory Technical Standards (RTS) on the risk mitigation techniques for OTC derivative contracts not cleared by a central counterparty (CCP), notably bilateral margining. The draft RTS proposed to amend the European Commission Delegated Regulation setting out the detailed bilateral margin requirements in relation to the treatment of OTC derivative contracts concluded between counterparties that are part of the same group and where one counterparty is established in a third country and the other counterparty is established in the Union. The ESAs have also issued a statement to provide clarifications for the period between the publication of the report and the finalisation of the non- objection procedure by the European Parliament and the Council.

Finally, the Joint Committee approved the draft consultation paper on the guidelines drafted pursuant to the mandate from Article 31a of the ESA Regulations to set up a cross-sectoral system for the exchange of information on the fit and proper assessments, paving the way for a public consultation in early 2023. Work also continued on the related IT solution consisting of a cross-sectoral National Competent Authorities’ contact list and searchable shared database of holders of qualifying holdings, directors and key function holders assessed for fitness and propriety.

ESAs’ Joint Board of Appeal

The Board of Appeal is a joint independent body of the ESAs, introduced to effectively protect the rights of parties affected by decisions adopted by the Authorities and is responsible for deciding on appeals against certain decisions by the ESAs. The ESAs provide administrative support to the Board of Appeal and serve as its Secretariat through the Joint Committee. The Board of Appeal took a decision in a case against the EBA in July 2022 and decided to dismiss the appeal as it was directed against a decision of the EBA which was not challengeable.

PRIORITIES FOR 2023

The ESG roadmap

The EBA will continue its work on ESG risks and sustainable finance in 2023 based on the mandates and tasks identified in its roadmap published in December 2022.

Incorporating ESG considerations into the prudential framework

In 2023, the EBA will continue its assessment of whether a dedicated prudential treatment of exposures associated with environmental and/or social objectives and impacts would be justified. Based on the feedback received on the DP on this topic, which was published in 2022, as well as on insights gained from available data and policy developments at EU and international levels, the EBA will draft a report with recommendations for the short, medium and long term. The report will pursue the analysis set out in the DP and explore, for those aspects of the framework which are most likely to be affected by environmental risks, how these can be best captured through either existing mechanisms or through enhancements or clarifications within the framework. While the EBA aims to publish a report in 2023, given ongoing discussions on the CRR revisions may affect the exact mandate and deadline for this work including potential follow-up analysis.

Greenwashing and how to address it

Using the inputs received from stakeholders as part of the Call for Evidence organised at the end of 2022, the EBA will prepare its progress and final report to the Commission on greenwashing risks and supervision. A progress report in May 2023 will take stock of the ESAs investigations so far. This will include an ESAs high-level common understanding of greenwashing and an EBA analysis on the specific forms and specific risks greenwashing can take or lead to in the context of banking activities, as well as an overview of regulatory and supervisory frameworks which could be used now or in the future to address greenwashing. The EBA will continue its work throughout 2023 to prepare a final report with policy recommendations related to addressing greenwashing in May 2024.

Green retail loans and mortgages

The EBA received a CfA from the EC on the definition and possible supporting tools for green loans and mortgages to retail and SME borrowers. This request is part of the EC’s Strategy for financing the transition to a sustainable economy. The EBA’s advice is intended to support the EC in policy considerations on the definition of green lending and measures to encourage the development of the green loans and mortgages market. Collecting information on current market practices is a key element of this task and necessary for the EBA to provide evidence-based advice. To this end, in 2023 the EBA will launch an industry survey to collect quantitative and qualitative information on credit institutions’ green loans and practices related to these green loans. The EBA will deliver its advice to the EC based on an assessment of the industry input to this survey and further engagement with a wider range of stakeholders,. The EBA’s final report is expected in December 2023.

Guidelines for ESG risks management

Building on the preparatory work conducted in 2022, the EBA will prepare further Guidelines for institutions on the identification, assessment, management and monitoring of ESG risks. These Guidelines will specify how institutions should account for ESG risks as part of their broader risk management framework, covering aspects such as materiality assessment of ESG risks, integration in risk appetite, internal audits and internal capital adequacy assessment process, and impact on the management of financial risk types – such as credit, market, liquidity and operational risks. The Guidelines will build on the Report on management and supervision of ESG risks for credit institutions and investment firms which the EBA published in June 2021. Depending on the final mandate, the Guidelines may also include requirements on prudential transition plans for institutions. The EBA aims to publish a consultation paper shortly after the revised CRD is agreed to by co-legislators and published.

Quantifying ESG risks

The EBA will continue its preparatory work to put a system in place to assess material ESG risks and monitor developments in sustainable finance. Systemically gathering and analysing such information is important for the EBA to deliver its mandates and objectives as laid out in the EBA founding regulation and Commission’s Strategy for financing the transition to a sustainable economy. As part of this initiative to maximise the use of available information, the EBA is planning leverage on the disclosures required under Article 449a CRR and to collect data published by large credit institutions under the scope of the Pillar 3 ESG disclosures. While the initial focus is on climate-related financial risk, this risk assessment and monitoring tool will gradually expand in scope to include other environmental risks beyond climate-related risks and other social and governance aspects, considering developments in availability and quality of data and methodologies.

Finalising the Basel III implementation in the EU

Supervisory reporting and the Pillar 3 Framework

The CRR III/CRD VI is expected to enter into force on 1 January 2025. It will imply significant changes on supervisory reporting and Pillar 3 disclosure frameworks, namely on credit risk, CVA risk and operational risk, as well as applying new reporting requirements on third-country branches, ESG-related risks and output floor. In 2023, the EBA will do preparatory work on reporting and disclosure, in parallel with the finalisation of the underlying legal framework.

Proportionality

The Advisory Committee on Proportionality provided in 2022 a set of recommendations on the EBA Work Programme for 2023, putting forward advice on further enhancing proportionality in EBA’s activities. The advice focused on Supervisory Review and Evaluation Process (SREP), recovery and resolution, ESG and sustainable finance and reporting and transparency. The EBA will take into account these recommendations in its work in 2023.

The EBA Advisory Committee on Proportionality will in 2023 work closer together with Proportionality Committees of EIOPA and ESMA to discuss and advice on cross-sectoral work, like DORA. In 2023 Advisory Committee on Proportionality will also assess the EBA work programme for 2024 and provide recommendations on how to ensure proportionality is addressed in EBA’s activities.

Stress-testing banks

The 2023 EU-wide stress test

The EU-wide stress test will help supervisors and market participants identify any systemic or idiosyncratic vulnerabilities in the banking sector. This is extremely timely given the heightened macroeconomic uncertainty and the banking crisis in early 2023.

The 2023 exercise covers a sample of 70 banks – 57 from the Eurozone – representing about 75% of EU banks’ total assets. Compared with previous EU-wide stress tests, the 2023 exercise covers 20 more banks, which is an increase of 40% in terms of covered banks. As part of the expansion of the sample, the EBA has inserted additional proportionality aspects. The proportionality aspects allow a more simplified approach in assessing risks with lower reporting requirements and, therefore, fosters efficiency gains to banks that apply them.

Similar to previous exercises, the narrative of the adverse scenario for the EU-wide banking stress test reflects the main risks for EU banks that have been identified by the EBA and the ESRB. Contrary to past exercises, the adverse scenario implies the persistence of high inflation over the horizon and, as a result, much stronger market interest rates.

Compared with previous exercises, the 2023 EBA adverse scenario is more severe with assumes a cumulative decline of EU GDP from the starting point of 6% over the 3-year horizon, with high and persistent inflation, which triggers a prompt and strong increase in market interest rates and risk premiums; moreover, it is sustained over the horizon. This configuration contributes to the severity of the assumed macroeconomic picture, by dampening demand via real income and financing cost-adverse effects. It also increases the risks of corporate and household defaults for banks against the background of elevated debt levels at the beginning of the stress-test horizon. 

Contributing to the European Commission’s Fit-for-55 stress test

One of the main deliverables for the EBA in 2023 will be the one-off climate risk stress test exercise, which according to the latest European Commission’s request30 that details the existing mandate of the Renewed Sustainable Finance Strategy (RSFS), should be launched by the end of 2023.

The added value of this exercise consists of its cross-sectoral and system-wide approach, as opposed to standard solvency stress tests which focus on specific sectors only. Therefore, it will be an unprecedented exercise which will require collaboration and coordination between ESAs, the ECB and the ESRB.

The primary focus will be to assess the resilience of the financial sector in line with the Fit-for-55 package, also focusing on the capacity of the financial system to support the transition to a lower carbon economy, even under conditions of stress. In this context, the exercise will investigate how stress propagates throughout the financial system and how financial institutions’ reactions might amplify stress.

The exercise will be based on two different ad hoc ESRB climate scenarios. The first one will focus on climate change-related risks that could materialise in the short term (e.g. asset price corrections triggered by a sudden reassessment of transition or physical risks). The second one will combine climate change-related risks with other stress factors, consistent with scenarios for regular stress-testing exercises (compounding risk). This latter will be an important step forward towards the incorporation of climate risks in a fully fledged stress-test framework.

The results of this exercise, which will be published between the end of 2024 and the beginning of 2025, are not expected to directly feed into the setting of microprudential capital requirements, instead they may serve as context or background information for any future considerations on micro and macroprudential policy.

The EBA workshop on Climate Risk Stress Testing

In February 2023, the EBA held a 2-day workshop on climate risk stress testing, attended by academics, banks, central bankers and regulators, for a total of almost 1 000 participants.

Firstly, the objectives of such an exercise were explored, trying to strike a balance between different perspectives: on the one hand, the workshop focused on techniques to assess the capacity of the banking sector to support a certain transition target (efficacy perspective). On the other end, climate risk stress-test tools were analysed from the standard viewpoint which consists of assessing banks’ resilience to climate shocks. This requires appropriately incorporating and reflecting climate-related risk drivers (physical, transition, business model adaptation, etc.) into a stress-testing framework.

The discussion also focused on models and on the design of tools and scenarios to reduce uncertainty and complexity, while embedding specific transmission channels and compounding risks. There is a growing interest for short-term scenarios, which could also be combined with standard stress-test scenarios. This would help assess short-term climate-related risks that could materialise in the form of asset price corrections, triggered by a sudden reassessment of transition or physical risks.

Finally, as regards the overall framework, the conclusion was that an in-depth analysis is needed to clearly assess the pros and cons of the bottom-up and of the top-down approach, guiding an informed choice between the two frameworks.

Data at the service of stakeholders

Delivering on the EBA data strategy

The EBA continues the implementation of its data strategy plan. With EUCLID, the EBA continues to deliver greater standardisation, harmonisation, and integration of all the regulatory data. Allowing the EBA to focus now on the next goals, which will provide greater processing and analyses of all regulatory data, thus driving faster, more accurate and advanced analytics, ultimately unlocking the value of EBA data and making it available in the proper format to the correct internal or external consumers who should have access to it.

EUCLID keeps evolving: new data collections being onboarded

After investment firms’ onboarding and first files received by the EBA in late 2022 – another huge step in the evolution of EUCLID – efforts in 2023 will focus in ensuring data is of the highest quality possible, improving its timeliness, completeness and accuracy levels to those observed in other EBA reporting areas and reporting agents population. The same applies to resolution and MREL reporting where after 2 years of challenging interactions and improved experience, the EBA will in 2023 achieve the long-awaited goal of publishing the MREL Dashboard with frequently updated MREL information and with greater granularity than before.

The accuracy and usefulness of master data and registers information will be in the spotlight of EBA’s efforts. This includes codes, reporting agents and market participants names, reporting specifications, amongst others. These tools which are often specifically supported by string legal mandates are part of what is usually seen as the backbone of the EUCLID ecosystem and are key for data usability and analysis.

Another important milestone for the EBA prepared in 2022 which has already seen the light of day in 2023 is the setting up of the appropriate data transmission channels to collect country-level reports with fraudulent payments data. While previously collected via Excel, this data collection has seen its onboarding into EUCLID launched in late 2022, with files starting in Q1 2023 to be submitted to EBA using the newly developed XBRL-CSV format, which embodies a more streamlined, user-friendly data collection and data quality assurance format that the EBA will continue to roll-out to other reporting areas until 2024-2025.

In 2023, the EBA will equally ensure the full implementation in EUCLID of all reporting modules updated in version 3.2 of the reporting framework. As for version 3.3. of the reporting framework, EUCLID will be ready to collect files for the respective modules for which the first reference date will still be as of 2023, namely Supervisory Benchmarking, IPU reporting and the ESG ad-hoc data collection.

Looking at the broader picture for 2023, the EBA within its Data Strategy project plans to finalise and put into production a calculation validation engine that will decisively underpin EBA’s ability to achieve state of the art quality assurance processes. Hence, the EBA will be able to run all validation rules in its reporting framework more efficiently, while better providing evidence and supporting tools to all its stakeholders in what regards data quality and usability.

A new dissemination portal

The current EUCLID infrastructure provides a technical solution that facilitates a single entry point for data reporting based on harmonised specifications for a streamlined data-collection process. As a result, EUCLID permitted the continuous increase in the data collected – in number, volume, variability and speed – making the EBA the de facto data hub for European banking and financial data.

The next step is to ensure all stakeholders (internal and external) can benefit from this data by making it more accessible, understandable and valuable to all. To do this, the EBA started developing and implementing the European Data Access Portal, which will not only support decision-making and improve the quality of decisions made by all stakeholders, but will ultimately increase transparency and accountability of the European banking sector, therefore becoming the instrument to use for publishing Pillar 3 information also.

Supervisory disclosure case for credit institutions and investment firms

The technical standards on supervisory disclosure under CRD and IFD cover different areas, including templates for CAs to disclose texts of laws, regulations, administrative rules, information on manner of exercise of the options and discretions, general criteria and methodologies used for the SREP and aggregate statistical data on key aspects of the implementation of the prudential framework in their Member State. For the latter, starting from 2023, the EBA pre-populates the aggregate quantitative data leveraging the supervisory information already available in EUCLID for the respective jurisdiction, while recognising the importance of efficiency and transparency. Based on the experience gained in exercises such as stress tests or transparency, the EBA now aims to expand its data services to its stakeholders by enhancing existing processes without adding any reporting burden to the market participants. 

Figure 21: Supervisory disclosure process

Graphical user interface

Description automatically generated

Looking ahead

First steps towards creating a Pillar 3 Data Hub

The year 2023 marks a period of preparatory works for developing the Pillar 3 Data Hub, aggressively aiming to find the most efficient ways of collecting Pillar 3 quantitative and qualitative information directly from the banks. The EBA will also launch the IT development project. Later in the process, the EBA is planning a dialogue with the industry on finding the best way to submit the information to the EBA. Further, as part of the preparatory work, the EBA will be updating mapping between the disclosure and supervisory reporting requirements that would ensure that the calculations of disclosures for SNCI are accurate.

Transition to DPM Standard 2.0

After a decade of using a single data dictionary and adopting a metadata-driven strategy the DPM Standard 1.0 required enhancements to still fit the purpose of responding to changes and reducing costs. DPM Refit was the joint EBA-EIOPA response to the challenge of increased volume, granularity, and complexity of the data and aims to reap the benefits of stronger collaboration and higher harmonisation. Following completion of the DPM ReFit project, the EBA will start transition to use the new DPM Standard 2.0 as the data dictionary for the EBA reporting framework. The new DPM Standard 2.0 is a common model to cover EBA and EIOPA reporting. DPM Standard 2.0 allows further integration of different reporting requirements and facilitates automated, digital data processing through reporting life cycle from definition to dissemination of data. During the transition until 2025 the EBA will provide reporting requirements with both DPM Standard 1.0 and DPM Standard 2.0.

Building on the new DPM Standard 2.0, the EBA and EIOPA experts have also been collaborating in developing common tools, the DPM Studio, to maintain standardised data definitions, validations, and data exchange formats and to support internal and external collaboration processes. The first release of DPM Studio will be in 2023.

Evolving integrated reporting 

In 2023, along the lines identified in the EBA feasibility study, the EBA will continue to work on the governance of the future integrated reporting system and on the common data dictionary, in close collaboration with the ECB.

Priorities for the year will include drafting mandates of the governing body of the integrated reporting system (the JBRC) and of the stakeholder Reporting Contact Group, which are expected to be set up in the second half of 2023.

Work on the common data dictionary will continue with two priorities: a) deciding on the governance of the DPM ReFit metamodel as a precondition for its adoption as a common “container” of the future integrated reporting requirements; and b) developing the roadmap for the work on semantic integration, by specifying its scope, timeline and resource needs.

In addition to the above, in 2023 the EBA will launch the work on granularity assessment of information in the reporting area of credit risk. Indeed, following along the lines of the EBA feasibility study, the move towards more granular data should be gradual. While recognising the big challenges that this will entail, and that the aim is to have a mixed granular model with data still requested at the aggregate level, combined with some granular data, this change is expected to bring a series of benefits to the EBA and to reporting institutions. These include easier semantic integration under the “define once and report once” principle, less future data requests, increases in data use and reuse, ensured data lineage and transparency in the aggregation process.

Getting ready for DORA

With the entry into force of DORA in January 2023, authorities would be required to adapt their systems to collect data containing ICT-related incident reports from financial entities and forward it to the respective ESAS from 2025 onwards. The EBA is preparing by upgrading their existing systems and platforms to receive data in a sound manner and in line with the existing IT policies and security requirements. 

In the context of DORA, a joint-ESAs Third Party Providers (TPPs) exercise was launched in July 2022, with national competent authorities sending data to the ESAs for over 700 participating institutions. After data quality assurance and data cleaning, the exercise will be finalised in 2023. The data collection will provide useful insights on the ICT third-party providers’ landscape across the EU financial sector and will contribute to the design of the oversight framework under DORA.  

In addition to this, the ESAs in collaboration with the CAs are currently conducting a joint study to assess whether further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities would be feasible in accordance with Article 21 of DORA legal text, and if so, under which requirements and conditions as set out in the legal mandate. For this work, the benefits, costs, risks, governance, data flows and efficiencies among other aspects would be analysed to assess the possibility of setting a single EU Hub. In this regard, this joint report is expected to be published for consultation towards the end of 2023.  

Moving to cloud

In line with the EBA IT Strategy, which set a clear direction towards the cloud, the subsequent EBA Risk Assessment and EBA Cloud Strategy, in 2023, the EBA is expected to complete the Cloud Transformation program. The program is one of the key IT investments and was launched in 2022. It consists of a migration of the entire IT estate to a modern, secure, virtualised, scalable and cost-efficient cloud IT Infrastructure. It also includes cloudification of existing products, laying the cloud foundations for data processing, cloudification of skills and ways of working.

Regulating and supervising digital finance

Enhancing the regulatory framework

DORA DORA entered into force on 16 January 2023 and will apply from 17 January 2025; MiCA is expected to enter into force in 2023 with the provisions on asset-referenced and EMTs expected to apply from 12 months from entry into force; and for crypto-asset service providers, from 18 months from entry into force (although this is tentative for MiCA depending on the outcome of the legislative process). The ESAs will continue working on the delivery of the relevant DORA mandates via the newly established JC SC DOR. The EBA, together with the other ESAs (where necessary), will need to develop the vast policy work on MiCA in advance of the application date. The implementation of the policy mandates on these files will deepen the digital risk management dimension of the Single Rulebook and contribute to a consistent framework for the regulation and supervision of crypto-asset activities.

Prudential treatment of crypto-assets (MiCA)

The EBA will continue its policy development work by preparing technical standards and guidelines and will monitor market developments. The policy mandates under MiCA will expand on the common Single Rulebook for crypto-asset issuance and service provision in the EU established by MiCA, for example by further specifying capital requirements for issuers.

Digital Operational Resilience (DORA)

DORA mandates (Level 2) will complement the legal text and enhance financial entities’ conduct of ICT risk management, thoroughly test ICT systems, and increase supervisors’ awareness of cyber risks and ICT-related incidents faced by financial entities. The ESAs will be working together via the newly established JC SC DOR to deliver the envisaged DORA mandates.

The EBA, in coordination with the other ESAs, will continue engaging with relevant stakeholders to benefit from timely input, which could be valuable for developing policy mandates and preparing new tasks. Interaction with relevant stakeholders will be performed in a coordinated and targeted manner through: (i) public or targeted events/interactions; (ii) 3-month public consultation and public hearings; and (iii) discussions at ESAs’ Stakeholder Groups. In this context, on 6 February 2023, the ESAs hold a joint public event4 on DORA, hearing industry participants’ initial views and potential concerns/areas of attention on the policy mandates.

Supervision/Oversight

Supervising significant issuers of asset reference and e-money tokens (MiCA) 

Given the new supervision tasks that will be assigned to the EBA under MiCA (i.e. for issuers of significant ARTs and EMTs), in 2023/2024, the EBA will develop supervisory policies and procedures, as well as templates for the exchange of information between all relevant parties (including supervised issuers, NCAs, the ECB and other relevant central banks). The EBA will also develop the IT capabilities needed for the supervision. All this work will be taken forward in accordance with the MiCA implementation plan.

In the transition phase to the application of the asset-referenced and e-money token regulatory frameworks under MiCA (expected to apply from 12 months from entry into force of MiCA), the EBA will continue to promote convergence in supervisory expectations towards the issuers of asset-referenced and e-money tokens. In this respect, the EBA will continue the market-monitoring activities of its network on crypto-assets, and launch specific information-gathering and supervisory convergence initiatives, including guidance as appropriate, to facilitate supervisory capacity-building and convergence, and to mitigate risks of regulatory arbitrage, pending the application of MiCA.

DORA: Overseeing critical ICT third-party providers (CTPPs)

The EBA together with the other ESAs will need to work on drafting an oversight framework on critical ICT TPPs to oversee risks stemming from financial entities’ dependency on these providers. The oversight framework under the ESAs’ responsibility will cover the EU-wide critical third-party service providers providing ICT services to EU financial entities.

The ESAs are preparing to take up their new role as lead overseers of critical ICT third-party providers (from 17 January 2025). This preparation, led by the ESAs, will include exchanges with existing EU and third-country overseers and supervisors, the establishment of appropriate structures, methodologies and processes, along with the design of this novel oversight framework, in line with the ESAs joint implementation plan. The ESAs high-level exercise mentioned above will also provide input into the oversight preparation and relevant mandates, including the EC’s CfA.

Moreover, the EBA will be working to build the necessary technical capacity to meet its new DORA tasks, and to fulfil its new oversight tasks.

Financial innovations

The EBA continues to closely monitor financial innovations, including the risks and opportunities they bring to consumers and industry. This helps to identify areas where further regulatory or supervisory response may be needed. The EBA will do so through engagement with the CAs, industry associations and consumer organisations. Close cooperation with EIOPA and ESMA is envisaged on cross-sectoral innovations related not only to banking, but also to insurance and securities markets sectors.

Considering the ongoing and envisaged policy work, in 2023 and beyond, the EBA expects to place further attention on the following areas:

  1. artificial intelligence / machine learning use cases in banking and payment services (for example, creditworthiness assessment / credit scoring or regulatory credit risk modelling);
  2. tokenisation in relation to new financial products and services and DeFi); and
  3. digital identity management, to monitor emerging use cases related to digital identities, biometric recognition and self-sovereign identity.

This year the EBA chairs and coordinates the European Forum for Innovation Facilitators, which is a platform for the coordination and cooperation between innovation facilitators to support and foster the scaling up of innovation in the EU financial sector. Among the main European Forum for Innovation Facilitators deliverables in 2023 is to update the ESA’s joint 2019 report on regulatory sandboxes and innovation hubs and to develop a cross-sectoral mapping of financial services offered by mixed-activity groups via innovative distribution models.

Retail risk indicators and mystery shopping

Closely related to the EBA’s tasks on financial innovation and digital finance are two new tasks that were conferred on the EBA in Article 9(1) of the recent revision of the EBA Regulation and which the EBA will fulfil in 2023. These new tasks mandate the EBA to develop retail risk indicators and to coordinate MS activities.

The EBA has been mandated to develop retail risk indicators for the timely identification of harm that may impact consumers from the misconduct of institutions and from wider economic conditions. The indicators will cover as many of the retail banking products as possible that fall into the EBA’s consumer-protection scope, i.e. mortgage credit, consumer credit, payment services, electronic money, payment accounts, deposits. In so doing, the indicators will also cover some risk arising from some of the more innovative and digitalised products and distribution channels.

The EBA’s work to fulfil the new task on coordinating MS activities, in turn, will build on the methodological guide on MS and the report on the MS activities of national authorities that the EBA had published in 2021. In 2023, the EBA will coordinate an actual MS activity across a small number of EU Member States. The activity will likely focus on payment accounts, consumer credit and mortgage credit and will assess the extent to which providers comply with the consumer-protection requirements applicable to these products, including in relation to fees and charges. In the process, mystery shoppers will visit not only branches of traditional banks and other financial institutions, but will also assess the online presence of providers that have online-only distribution models (e.g. neo-banks).

Next steps in the EU fight against money laundering and the financing of terrorism

Establishing a new Anti-Money Laundering Authority (AMLA)

In July 2021, the EC published an anti-money laundering and countering the financing of terrorism (AML/CFT) package consisting of four legislative proposals. One of these proposals is a Regulation establishing a new Authority, the AMLA. As part of this proposal, those EBA mandates, powers and resources that are specific to AML/CFT will be transferred to the AMLA. The package is currently being negotiated.

New AML/CFT mandates under the TFR

In 2021, the EC published an AML/CFT package consisting of four legislative proposals for the transformation of the legal and institutional EU AML/CFT framework.

Among the proposals is a proposal for a recast TFR that brings the EU’s legal framework in line with the Financial Action Task Force standards. As a result of this recast TFR, crypto-asset service providers (CASPs) that are included in the regulatory perimeter by the MiCA Regulation will have to include information about the originator and beneficiary of the crypto-assets transfers, just as PSPs/IPSPs currently do for wire transfers – the “travel rule”.

In June 2022, the co-legislators reached a provisional agreement on the revised TFR. According to this agreement, the EBA will be assigned 10 legislative mandates on different aspects of the TFR, once the Regulation is published in the EU Journal. The new mandates include, among others, that the EBA is required to develop guidelines on the steps CASPs must take to comply with the TFR; the AML/CFT supervision of CASPs; and the systems and checks PSPs and CASPs must implement to comply with restrictive measures (financial sanctions) regimes.

The EBA began working on these mandates in 2022. In October, expert groups comprising CASPs, AML/CFT and restrictive measures regimes experts were set up in order to provide technical advice on the EBA TFR work. The EBA also issued a call for input to identify practical issues that the industry experienced when complying with the 2017 Joint Guidelines to prevent the abuse of fund transfers for ML/TF purposes, specifically.

These EBA will consult on a version of these guidelines in 2023.

ANNEXES

Annexes

Organisation chart

Organisation chart

Composition as of 31 December 2022

Organisation chart

Board of Supervisors composition at the end of 2022

COUNTRY INSTITUTION TYPE OF
MEMBERSHIP
INSTITUTION
Austria Österreichische Finanzmarktaufsicht Head Helmut Ettl
    Alternate Michael Hysek
Belgium Nationale Bank van België/Banque Nationale de Belgique Head Jo Swyngedouw
    Alternate Kurt Van Raemdonck
Bulgaria Bulgarian National Bank Head Radoslav Milenkov
    Alternate Stoyan Manolov
Croatia Hrvatska Narodna Banka Head Tomislav Čori
    Alternate Sanja Petrinić Turković
Cyprus Central Bank of Cyprus Head Constantinos Trikoupis
    Alternate Kleanthis loannides
Czech Republic Česká Národní Banka Head Zuzana Silberová
    Alternate Marcela Gronychová
Denmark Finanstilsynet Head Jesper Berg
    Alternate Thomas Worm Andersen
Estonia Finantsinspektsioon Head Andres Kurgpõld
    Alternate Kilvar Kessler
Finland Finanssivalvonta Head Jyri Helenius
    Alternate Marko Myller
France Autorité de Contrôle Prudentiel et de Résolution Head  
    Alternate Emmanuelle Assouan
Germany Bundesanstalt für Finanzdienstleistungsaufsicht Head Raimund Röseler
    Alternate Peter Lutz
Greece Bank of Greece Head Heather Gibson
    Alternate Kyriaki Flesiopoulou
Hungary Magyar Nemzeti Bank Head Csaba Kandrács
    Alternate László Vastag
Ireland Central Bank of Ireland Head Gerry Cross
    Alternate Mary-Elizabeth McMunn
Italy Banca d’Italia Head Andrea Pilati
    Alternate Francesco Cannata
Latvia Finanšu un Kapitāla Tirgus Komisija Head Santa Purgaile
    Alternate Ludmila Vojevoda
Lithuania Lietuvos Bankas Head Simonas Krėpšta
    Alternate Renata Bagdonienė
Luxembourg Commission de Surveillance du Secteur Financier Head Claude Wampach
    Alternate Nele Mayer
Malta Malta Financial Services Authority Head Christopher P. Buttigieg
    Alternate David Eacott
Netherlands De Nederlandsche Bank Head Maarten Gelderman
    Alternate Sandra Wesseling
Poland Komisja Nadzoru Finansowego Head Kamil Liberadzki
    Alternate Artur Ratasiewicz
Portugal Banco de Portugal Head Rui Pinto
    Alternate Jose Rosas
Romania Banca Naţională a României Head Adrian Cosmescu
    Alternate Cătălin Davidescu
Slovakia Národná Banka Slovenska Head Tatiana Dubinová
    Alternate Linda Šimkovičová
Slovenia Banka Slovenije Head Primož Dolenc
    Alternate Damjana Iglič
Spain Banco de España Head Ángel Estrada
    Alternate Agustín Pérez Gasco
Sweden Finansinspektionen Head Karin Lundberg
    Alternate Magnus Eriksson

 

EEA/EFTA MEMBERS

COUNTRY INSTITUTION TYPE OF
MEMBERSHIP
INSTITUTION
Iceland Fjármálaeftirlitið Member Unnur Gunnarsdóttir
    Alternate Gísli Óttarsson
Liechtenstein Finanzmarktaufsicht Liechtenstein (FMA) Member Markus Meier
    Alternate Elena Seiser
Norway Finanstilsynet Member Morten Baltzersen
    Alternate Ann Viljugrein
EFTA Surveillance Authority Member Frank Büchel
    Alternate Jonina Sigrun Larusdottir

 

OBSERVERS

INSTITUTION NAME
SRB Sebastiano Laviola

 

OTHER NON-VOTING MEMBERS

   
ESMA Natasha Cazenave
EIOPA Fausto Parente
ECB Carmelo Salleo
ECB Supervisory Board Stefan Walter, Sofia Toscano Rico
European Commission Martin Merlin, Almorò Rubin de Cervin
ESRB Francesco Mazzaferro

 

Management Board

In accordance with the EBA Founding Regulation, the Management Board ensures that the EBA carries out its mission and performs the tasks assigned to it. It is composed of the EBA Chairperson and six other members of the Board of Supervisors elected by and from its voting members. The Executive Director, the EBA Vice-Chairperson and a representative of the Commission also participate in its meetings.

No new members joined the Management Board in 2022. At the end of December 2022, two members stepped down from their positions and the Management Board was composed of two members from participating SSM Member States (Austria and Germany) and two members from non-participating SSM Member States (Poland and Sweden). The remaining members were elected by the Board of Supervisors in January 2023 from Spain and Greece.

The Management Board met six times in 2022, out of which two meetings were held at the EBA premises, and the remaining meetings were held as videoconferences. To guarantee the transparency of its decision-making, minutes of the Management Board’s meetings are published on the EBA website.

COUNTRY INSTITUTION MEMBER
Austria Finanzmarktaufsicht Helmut Ettl
Germany Bundesanstalt für Finanzdienstleistungsaufsich Raimund Röseler
Poland Komisja Nadzoru Finansowego Kamil Liberadzki
Sweden Finansinspektionen Karin Lundberg
European Commission Almorò Rubin de Cervin
  European Banking Authority Jo Swyngedouw (Vice-Chair)

 

Banking Stakeholders Group composition as of 31 December 2022

NameInstitutionPositionSelected to represent
María Ruiz de Velasco CamiñoABANCAHead of Legal & ComplianceFinancial institutions
Julia StrauRaiffeisen bank International AGHead of group supervisory affairs & regulatory governanceFinancial institutions
Christian KönigAssociation of private BausparkassenSecretary GeneralFinancial institutions
Eduardo Avila ZaragozaBBVA GroupGroup Head of Global Supervisory RelationsFinancial institutions
Johanna OrthSkandinaviska Enskilda Banken (SEB) Head of group regulatory affairsFinancial institutions
Vėronique OrmezzanoVYGE ConsultingFounder and ChairpersonFinancial institutions
Erik De GunstABN AMRO BankHead Regulatory OfficeFinancial institutions
Wolfgang Johann GerkenJP Morgan SEHead of EU Regulatory AffairsFinancial institutions
Sėbastien De BrouwerEuropean Banking FederationChief Policy OfficerFinancial institutions
Elie BeyrouthyEuropean Payment Institutions FederationChair of Executive BoardFinancial institutions
Yuri Che ScarraGoldman Sachs Bank Europe SE (Since 1 July 2022)Director Governmental Affairs EMEAFinancial institutions
Leonhard RegneriInput Consulting gGmbh ConsultantEmployees’ representatives of FI
Andrea Sità UILCA Italian Labor Union - credit and insurance sectorUnion leader- AuditorEmployees’ representatives of FI
Patricia Suárez RamírezASUFINCEOConsumers
Jennifer LongInternational Monetary FundFinancial Sector Assessment Program AssessorConsumers
Monica CaluAsociatia Consumers United/Consumatorii UnitiPresident, Chair of the Executive BoardConsumers
Tomas KybartasThe Alliance of Lithuanian consumer organisationsMember of the Council Consumers
Vinay PranjivanAssociação Portuguesa para a Defesa do ConsumidorPolicy advisor financial services user groupConsumers
Martin SchmalzriedConfederation of Family Organisations in the EU Policy and Advocacy Manager Consumers
Christian StiefmuellerFinance Watch AISBLSenior Adviser, Research & AdvocacyIndustry
Rens Van TilburgSustainable Finance LabDirectorUsers of Banking Services
Alin Eugen IacobAssociation of Romanian Financial Services UsersChairmanUsers of Banking Services
Constantinos AvgoustouRegtify LimitedChief Executive OfficerSMEs
Rym AyadiCity University of London, Business School and CEPSProfessor banking and finance,Senior Advisor Economic Policy Top-ranking academics
Monika MarcinkowskaUniversity of LodzProfesor of Banking and FinanceTop-ranking academics
Concetta Brescia MorraUniversity Roma TreProfessor of Banking and Capital Markets LawTop-ranking academics
Edgar LöwFrankfurt School of Finance & ManagementProfessor of AccountingTop-ranking academics
Sebastian Stodulka Erste Group Bank AGHead of regulatory affairsFinancial institutions
Poul KjærCopenhagen Business School Associate ProfessorUsers of Banking Services

 

Key publications by activity

Policy and convergence work
Activity 1: Capital, leverage ratio and loss absorbency
Opinion on amendments to the RTS on own funds and eligible liabilities
Final Report on draft Regulatory Technical Standards on own funds and eligible liabilities
Opinion on legacy instruments - outcome of its implementation
Amending Guidelines on the specification and disclosure of systemic importance indicators
Report on the monitoring of TLAC-/MREL-eligible liabilities instruments of EU Institutions
Activity 2: Liquidity risk and interest rate risk in the banking book
Amending draft ITS on currencies with constraints on the availability of liquid assets
Guidelines on IRRBB and CSRBB
RTS on the IRRBB standardised approach
RTS on IRRBB supervisory outlier tests (SOT)
Activity 4: – Credit risk (incl. large exposures, loan origination, NPL, securitisation)
Report on the 2021 Credit Risk Benchmarking Exercise
Report on developing a framework for sustainable securitisation
Survey on the application of the infrastructure supporting factor (xlsx)
RTS specifying the requirements for originators, sponsors, original lenders and servicers relating to risk retention
Joint ESAs consultation paper on sustainability disclosures for STS securitisations
Discussion paper on the role of environmental risks in the prudential framework
ITS amending Implementing Regulation (EU) 2016/1801 on the mapping of ECAIs’ credit assessments for securitisation
Consultation paper on draft ITS on NPL transaction data templates
Report on the peer review on supervision of NPE management
RTS on criteria for the identification of shadow banking entities
Consultation paper on draft RTS on the identification of a group of connected clients (GCC)
Principles that should be applied in ensuring representativeness of the IRB-relevant data impacted by the COVID-19 pandemic and related measures
Report on large exposures exemptions
Consultation paper on draft RTS on the homogeneity of the underlying exposures in STS securitisation
Consultation Paper on draft RTS on the determination by originator institutions of the exposure value of SES in securitisations
RTS on performance-related triggers in STS on-balance-sheet securitisations
Amending Guidelines on disclosure of non-performing and forborne exposures
Report on the application of the Infrastructure Supporting Factor
Joint Committee advice on the review of the securitisation prudential framework (executive summary)
Joint Committee Advice on the review of the securitisation prudential framework (banking)
Joint Committee Advice on the review of the securitisation prudential framework (insurance)
ITS on NPL transaction data templates
Closure report of COVID-19 measures
RTS on the identification of a group of connected clients
Consultation paper on the supervisory handbook on the validation of IRB rating systems
Activity 5: Market risk, investment firms and service risks, and operational risk
Final draft RTS on emerging markets and advanced economies for equity risk
Opinion on the European Commission’s amendments relating to the final draft Regulatory Technical Standards for own funds requirements for investment firms
Draft amended RTS on FOR
Report on the 2021 Market Risk Benchmarking Exercise
RTS on PD and LGD under the internal default risk model
EMIR RTS amending the bilateral margin requirements with regard to intragroup contracts
ESAs statement on adapting the EMIR implementation timelines for intragroup contracts with third-country group entities
RTS on specific liquidity measurement for investment firms
Consultation paper on draft ITS amending Commission Implementing Regulation on benchmarking of internal models
ITS amending Commission Implementing Regulation on benchmarking of internal models
Activity 6: Supervisory review and convergence
Guidelines on common procedures and methodologies for SREP and supervisory stress testing
Report on convergence of supervisory practices in 2021
Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) under the Investment Firms Directive
Regulatory Technical Standards on Pillar 2 add-ons for investment firms
2023 European Supervisory Examination Programme (ESEP) for prudential supervisors
Activity 7: – Internal governance and remuneration
Consultation paper on draft Guidelines on the high earner data collection exercises under CRD and IFD
Consultation paper on draft Guidelines on the remuneration, gender pay gap and approved higher ratio benchmarking exercises under CRD
Consultation paper on draft Guidelines on the remuneration and gender pay gap benchmarking exercises under IFD
Guidelines on the high earner data collections under CRD and IFD
Guidelines on remuneration and gender pay gap benchmarking under CRD
Guidelines on remuneration and gender pay gap benchmarking under IFD
Report on remuneration benchmarking 2019 and 2020 and High Earners 2020
Activity 8: Recovery and resolution
Guidelines on improving resolvability for institutions and resolution authorities
Consultation paper on draft Guidelines on transferability
MREL shortfalls report (as of 31 December 2020)
Consultation paper on draft guidelines to resolution authorities on the publication of their approach to implementing the bail-in tool
Guidelines on transferability
2023 European Resolution Examination Programme (EREP) for resolution authorities
Consultation Paper on Guidelines amending Guidelines on improving resolvability for institutions and resolution authorities
Consultation paper on draft Guidelines on overall recovery capacity in recovery planning
Activity 9: Market access, authorisation and equivalence
EBA methodology for the assessment of regulatory and supervisory equivalence of third countries - 1st step
EBA methodology for the assessment of regulatory and supervisory equivalence of third countries - 2nd step
Guidelines on equivalence of confidentiality regimes
Principles for the assessment of confidentiality and professional secrecy
Report on EU dependence from non-EU entities
List of third country groups with IPUs and third country branches
Opinion on the set-up and operationalisation of Intermediate EU Parent Undertaking(s)
Activity 10: Sustainable Finance
Clarifications on the ESAs’ draft RTS under SFDR
Joint ESAs’ Report on the extent of voluntary disclosure of principal adverse impact under the SFDR
RTS regarding fossil gas and nuclear energy investments
Report on incorporating ESG risks in the supervision of investment firms
EBA statement in the context of COP27
Roadmap on sustainable finance
Activity 11: Innovation and FinTech (without MiCA and DORA)
ESAs statement welcoming ESRB recommendation on a pan-European systemic cyber incident coordination framework for relevant authorities
Joint ESAs response to EC Call for Advice on digital finance
Joint ESAs advice to the European Commission on digital finance - factsheet
ESAs warning to consumers on the risks of crypto-assets
Report on response to the non-bank lending request from the CfA on digital finance
Activity 12: Consumer and depositor protection
ESA advice on the review of the PRIIPs Regulation
RTS on credit scoring and loan pricing disclosure, credit risk assessment and risk management requirements for crowdfunding service providers
Response to the Call for Advice on the review of MCD
Consultation paper on draft revised guidelines on methods for calculating contributions to deposit guarantee schemes
Thematic review on the transparency and level of fees and charges for retail banking products
Activity 13: Payment services
Discussion Paper on the EBA’s preliminary observations on selected payment fraud data under PSD2 as reported by the industry
 Guidelines on the limited network exclusion under PSD2
Amending RTS on SCA and CSC under PSD2
Joint ESAs Supervisory Statement on PRIIPs key information document
Response to the Call for Advice on the review of PSD2
Decision on reporting of payment fraud data under the revised Payment Services Directive
Activity 14: Anti-money laundering and combating the financing of terrorism
Opinion and Report on de-risking and its impact on access to financial services
Report on competent authorities’ responses to the 2020 Luanda Leaks
Statement on financial inclusion in the context of the invasion of Ukraine
Joint ESAs report on the withdrawal of authorisation for serious breaches of AML/CFT rules
Guidelines on the role and responsibilities of the AML/CFT compliance officer
Report on the functioning of anti-money laundering and counter-terrorist financing colleges in 2021
Guidelines on the use of remote customer onboarding solutions
Consultation paper on amending Guidelines on ML/TF risk factors and on Guidelines on access to financial services
Risk assessment and data
Activity 15: Reporting and transparency
Draft ITS on Pillar 3 disclosures on ESG risks
Regulatory Technical Standards on prudential requirements for investment firms
Technical standards on reporting and disclosures for investment firms
Updated Joint ESA Supervisory Statement on the application of the Sustainable Finance Disclosure Regulation
Decision concerning investment firms reporting by CAs to the EBA
Decision amending EUCLID Decision
EBA responses to EFRAG consultations
Opinion on the European Commission’s proposed amendments to the EBA final draft implementing technical standards on prudential disclosures on ESG risks in accordance with Article 449a CRR
Report in reply to the ESRB Recommendation on identifying legal entities
Activity 16: Risk analysis
Risk dashboard Q3 2021
Risk Dashboard Q4 2021
Joint Committee Spring 2022 Report on Risks and Vulnerabilities
Report on Asset Encumbrance 2022
Risk dashboard Q1 2022
Opinion on measures in accordance with Article 133
Advice on the review of the macroprudential framework
Opinion on measures in accordance with Article 133
Joint Committee Autumn 2022 Report on Risks and Vulnerabilities
Report on Funding Plans
Risk dashboard Q2 2022
Thematic note on residential real estate exposures of Eu banks - risks and mitigants
Risk Assessment Report - December 2022
Activity 17: Stress testing
Methodological note for the 2023 EU-wide stress test
Activity 18: Economic analysis and impact assessment
Report on Basel III Monitoring (data as of December 2021)
Activity 19: Data infrastructure, statistical tools, ad hoc data collections
List of institutions for the purpose of supervisory benchmarking (2022 Update) [xlsx]
List of institutions for the purpose of supervisory benchmarking (2022 Update) [pdf]
Decision on supervisory reporting for IPU threshold monitoring
Aggregated DGS data 2015-2021
2022 EU-wide transparency exercise
Coordination and support
Activity 20: Policy coordination, communication and training
Joint Committee 2021 Annual Report
Annual Report 2021
Consolidated Annual Activity Report 2021
Opinion on the European Parliament 2020 discharge report
EBA 2023 Work Programme
Peer review report on ICT risk assessment under the SREP
Activity 21: Legal and compliance
Additional background and guidance for asking questions
Decision on C v EBA

Budget summaries

The amended budget for 2022 is published in the Official Journal of the European Union (available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022B0830%2802%29&qid=1683117964013)

EBA establishment plan 2022

Category and grade Establishment plan in EU budget 2022 Filled as of 31/12/2022
Officials TA Officials TA
AD 16   1   0
AD 15   1   1
AD 14   5   3
AD 13   2   0
AD 12   8   9
AD 11   12   6
AD 10   12   16
AD 9   22   22
AD 8   26   25
AD 7   30   32
AD 6   20   21
AD 5   32   13
Total AD   171   148
AST 11   0   0
AST 10   0   0
AST 9   0   0
AST 8   0   0
AST 7   0   0
AST 6   3   1
AST 5   4   2
AST 4   2   2
AST 3   1   3
AST 2   2   3
AST 1   0   0
Total AST   12   11
AST/SC 6   0   0
AST/SC5   0   0
AST/SC4   0   0
AST/SC3   0   0
AST/SC2   0   0
AST/SC1   0   0
Total AST/SC   0   0
TOTAL   183   159

 

Statistics on disclosure

The Legal Unit is the central point for dealing with requests relating to transparency and public access to documents. In 2022, within the remit of Regulation (EC) No 1049/2001, the Legal Unit provided its advice on 15 formal requests for access to information.

Facts and figures

ENDNOTES

1 See also Report on convergence of supervisory practices in 2021.

2 As amended by Regulation (EU) No 2019/876.

3 EBA Opinion on the prudential treatment of legacy instruments, October 2020.

4 EBA Opinion on legacy instruments: outcome of its implementation, July 2022.

5 EBA Report on the monitoring of TLAC-/MREL-eligible liabilities instruments of EU Institutions, October 2022.

6 EBA updates on monitoring of Additional Tier 1 instruments and issues recommendations for ESG-linked capital issuances | European Banking Authority (europa.eu.

7 https://www.eba.europa.eu/eba-notes-significant-efforts-ifrs-9-implementation-eu-institutions-cautions-some-observed

8 https://www.eba.europa.eu/eba-publishes-its-roadmap-on-ifrs-9-deliverables-and-launches-ifrs-9-benchmarking-exercise

9 https://www.eba.europa.eu/regulation-and-policy/supervisory-benchmarking-exercises/its-package-2024-benchmarking-exercise

10 https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2022_6495

11 https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2021_6083

12 The EBA examination programme for prudential supervisors for 2022.

13 Article 29a of the EBA’s founding regulation.

14 Commission Implementing Regulation (EU) No 710/2014.

15 EBA Report on the peer review on ICT risk assessment under the SREP (EBA/REP/2022/25..

16 EBA Guidelines on ICT risk assessment under the SREP (EBA/GL/2017/05..

17 EU Regulation 1093/2010, Article 25(2.

18 See: https://www.eba.europa.eu/regulation-and-policy/recovery-and-resolution/deposit-guarantee-schemes-data

19 Published in December 2021 Integrated and consistent reporting system | European Banking Authority (europa.eu..

20 ECB and EBA Workshop with the banking industry on the way forward towards integrated reporting | European Banking Authority (europa.eu..

21 EUR-Lex - 52021PC0723 - EN - EUR-Lex (europa.eu.

22 The DORA Directive clarifies or amends certain related EU financial services rules.

23 https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Reports/2022/1032199/Report%20on%20response%20to%20the%20non-bank%20lending%20request%20from%20the%20CfA%20on%20Digital%20Finance.pdf

24 https://www.fsb.org/wp-content/uploads/P160223.pdf

25 https://www.bis.org/bcbs/publ/d545.htm

26 The current revised version of the Consumer Credit Directive includes some of the proposals included in the response to the CfA.

27 EBA Research Workshops: https://www.eba.europa.eu/about-us/eba-research-workshops Videos: https://www.youtube.com/playlist?list=PL98NOQs4f9Ql23NBcFF6B8kYYAVoGbCuD.

28 Under Article 4, SFDR, financial market participants need to provide transparency on whether they consider principal adverse impacts of their investment decisions on sustainability factors. The ESAs developed indicators for principal adverse impact covering environmental and social factors, included in Annex I of the SFDR Delegated Regulation.

29 Regarding the fines, the Central Bank of Hungary reported fines totalling 3 500 000 Ft (approximately 8 731 EUR).

30 Please see here the request sent by the European Commission to ESAs on the 8 March 2023 and the related mandate.

ABOUT

The European Commission is not liable for any consequence stemming from the reuse of this publication.

Luxembourg: Publications Office of the European Union, 2022

© European Union, 2022

The reuse policy of European Commission documents is implemented by Commission Decision 2011/833/EU of 12 December 2011 on the reuse of Commission documents (OJ L 330, 14.12.2011, p. 39).
Unless otherwise noted, the reuse of this document is authorised under a Creative Commons Attribution 4.0 International (CC-BY 4.0) licence (https://creativecommons.org/licenses/by/4.0/). This means that reuse is allowed provided appropriate credit is given and any changes are indicated.
For any use or reproduction of elements that are not owned by the European Union, permission may need to be sought directly from the respective rightholders.

 

Print ISBN 978-92-9245-845-4 ISSN 1977-9038 doi:10.2853/097805 DZ-AB-23-001-EN-C
PDF ISBN 978-92-9245-849-2 ISSN 1977-9046 doi:10.2853/482089 DZ-AB-23-001-EN-N
HTML ISBN 978-92-9245-846-1 ISSN 1977-9046 doi:10.2853/223415 DZ-AB-23-001-EN-Q

 

GETTING IN TOUCH WITH THE EU

In person

All over the European Union there are hundreds of Europe Direct centres. You can find the address of the centre nearest you online european-union.europa.eu/contact-eu/meet-us_en

On the phone or in writing

Europe Direct is a service that answers your questions about the European Union. You can contact this service:

FINDING INFORMATION ABOUT THE EU

Online

Information about the European Union in all the official languages of the EU is available on the Europa website (european-union.europa.eu).

EU publications

You can view or order EU publications at op.europa.eu/en/publications. Multiple copies of free publications can be obtained by contacting Europe Direct or your local documentation centre (european-union.europa.eu/contact-eu/meet-us_en).

EU law and related documents

For access to legal information from the EU, including all EU law since 1951 in all the official language versions, go to EUR-Lex (eur-lex.europa.eu).

EU open data

The portal (data.europa.eu/en) provides access to open datasets from the EU institutions, bodies and agencies. These can be downloaded and reused for free, for both commercial and non-commercial purposes. The portal also provides access to a wealth of datasets from European countries.

Publication document thumbnail

ANNUAL REPORT 2022 - EUROPEAN BANKING AUTHORITY

  HTML PDF PRINT
This publication is available in the following formats HTML PDF ANNUAL REPORT 2022 - EUROPEAN BANKING AUTHORITY Paper ANNUAL REPORT 2022 - EUROPEAN BANKING AUTHORITY