Achieving the 2024 core priorities

In 2024, the European Banking Authority (EBA) completed 93% of the tasks outlined in its 2024 Work Programme (WP). Similar to the previous year, a small number of tasks were delayed or postponed, primarily because additional tasks were required that were not initially anticipated.

The EBA’s deliverables included technical standards (regulatory technical standards (RTS) and implementing technical standards (ITS)), guidelines, responses to calls for advice, opinions, reports and peer reviews, reflecting the institution’s role within the European Union’s regulatory framework.

The sections below break down the EBA’s main tasks and deliverables over the past 12 months in further detail, adhering to the priorities and structure of the 2024 WP. They include tables and visuals illustrating or detailing how the EBA executed the WP.

Overall, the achievements section offers insights into the scope of the EBA’s activities, stressing an unwavering commitment to its regulatory responsibilities and its role in ensuring stability and integrity within the European banking sector.

NB: These deliverables do not include tasks that are ongoing in nature.

Implementing Basel framework in the EU and enhancing the Single Rulebook

The EBA focused on its contribution to the timely and faithful implementation of the Basel III reforms in the EU to ensure banks can withstand future crises and to preserve a proper functioning of the European and global financial systems. This will underpin a strong regulatory framework, relying on more risk-sensitive approaches for determining capital requirements and also addressing previous shortcomings. At the same time, this work contributes to enhancing the Single Rulebook in banking and financial regulation.

Whereas the banking package, i.e. the Capital Requirements Regulation (CRR) III and Capital Requirements Directive (CRD) VI, entered into force in July 2024, in December 2023 the EBA published a roadmap detailing its approach to, and sequencing of, its work on the some 140 mandates in the different areas, in line with the legal deadlines set out by the co-legislators.

Overall, the EBA has so far issued Consultation Papers (CPs) on 24 mandates of the banking package, delivered on 10 mandates and delivered 8% of the planning foreseen under the roadmap.

Facilitating Basel III implementation in Europe

In accordance with Phase 1 of the roadmap, work was carried out in the area of credit risk with the publication of five CPs on the mandates, aimed at implementing critical elements of the standardised approach (SA) and the review of targeted elements of the internal ratings based (IRB) framework (review of the RTS on the categorisation of model changes and of the ITS on joint decision processes). In addition, the EBA published a report on the treatment of credit insurance in the prudential framework.

In the area of operational risk, work focused on preparing the CP on mandates relating to the calculation of the business indicator (BI) and its sub-items, mapping the BI to FINREP, as well as the adjustments to the BI following mergers, acquisitions and disposals. Further work included developing a CP on the taxonomy for operational risk losses, together with two mandates related to the management of operational risk losses. In parallel, the reporting framework for the new requirements concerning operational risk in CRR III was developed.

Many of the mandates on market risk, covered in a batch of CPs issued in 2023 and in 2024, related to aspects of the FRTB that are essential for sound implementation, or that have a material impact on own funds requirements, were also completed. As a result of the Commission’s decision to postpone the application of the market risk framework in the EU in order to preserve an international level playing field, the EBA published a no-action letter on the boundary between the banking book and the trading book to help address technical questions and issues arising from the postponement.

The EBA continued its contribution to the Commission’s renewed Sustainable Finance Strategy, announced in July 2021 as part of the European Green Deal, and paid particular attention to aspects relating to environmental, social and governance (ESG) matters reflected in its work, in accordance with the roadmap on sustainable finance published in December 2022.

Contributions in this field include the following: the EBA’s final report on greenwashing, in response to a request from the Commission and produced in coordination with the other ESAs – the report also provides recommendations to institutions, supervisors and policymakers; a joint ESAs opinion on the review of the SDFR in which the ESAs call for a coherent, sustainable finance framework that caters for both the green transition and for enhanced consumer protection, taking into account the lessons learned from the functioning of the SFDR; as well as under the same regulation, the annual joint Article 18 report focusing on principal adverse impact (PAI) disclosures.

In addition, efforts were devoted to addressing ESG-related regulatory mandates conferred on EBA in the banking package. In this context, the authority issued guidelines on the management of ESG risks in early January 2025, which set out harmonised guidance to help EU banking institutions identify, measure, manage and monitor ESG risks, including for designing their transition plans to ensure their resilience in the short, medium and long term.

At the same time, the EBA published a CP on the draft guidelines on ESG scenario analysis in January 2025, which also aims to contribute to this field, albeit with a focus on institutions. The proposed guidelines set out expectations for institutions when adopting forward-looking approaches and incorporating the use of scenario analysis as part of their management framework to test financial and business model resilience to the negative impacts of ESG factors. These proposals complement the EBA guidelines on the management of ESG risks, published at the same time, and further deliver some of the elements set out in the EBA Roadmap on Sustainable Finance and as part of the EBA’s planned actions for the implementation of the EU banking package.

With regards to the work on the prudential treatment of exposures subject to ESG risks, the focus was on data availability and the feasibility of adopting a standard methodology for ESG exposures with a corresponding report (published with a short delay in Q1 2025). Work has also started on incorporating ESG aspects into the disclosure and supervisory reporting that is being prepared as part of step 2 of implementing CRR III/CRD VI changes.

Following a first batch of CPs issued in 2023, the mandates relating to step 1 of implementing CRR III/CRD VI changes in the supervisory reporting framework and in the disclosure requirements for banks were finalised towards the end of Q2 2024 – and for investment firms in Q4 – thereby allowing early implementation of these elements and ensuring that market participants and supervisors have access to the information they need to assess institutions for their respective purposes.

In the context of the banking package, the EBA has taken into consideration the recommendations of the Advisory Committee on Proportionality (ACP) to ensure that the regulatory products and guidance it delivers are drafted in a way that is consistent with and uphold the principle of proportionality, and reduce compliance costs without damaging the prudential objectives. The ACP viewed that the development of RTS, ITS, GL and Q&As could reflect proportionality by (i) setting different scopes, (ii) aiming for less complex regulation, (iii) using easy language and (iv) having the implementation impact on small and medium-sized banks in mind. In particular, the ACP recommended that the EBA further address proportionality in the credit risk framework, given its relevance for banks’ balance sheets regardless of size, range of activity and level of complexity.

The ACP also recommended that proportionality considerations remain at the core of the impact assessments that accompany the regulatory products and guidance. In the area of securitisation and covered bonds, the ESAs provided a report on the securitisation framework under Article 44 of the Streamlined Energy and Carbon Reporting (SECR) Directive. Prioritising this request led to the deprioritisation of three monitoring reports. The EBA has also started working on a call for advice from the Commission to support the revision on the performance of the EU covered bonds framework, mandated in Article 31 of the Covered Bonds Directive, and expects to deliver it in Q2 2025. 

Work continued to respond to a call for advice for the purposes of a second benchmarking of national loan enforcement frameworks (insolvency benchmarking). The EBA launched an update of the first benchmarking exercise in 2020 to publish a report in 2025. This allowed for a considerable reduction in the burden for euro area banks, as the related ad hoc data collection was limited to data needs not covered by the AnaCredit dataset.

In the area of investment firms, the EBA focused on the remaining mandates stemming from the new regulatory regime set out in the IFR/IFD. This led to the publication of guidelines on the application of the group capital test, for investment firms setting harmonised criteria to address the observed diversity in the application of such tests across the EU. Progress was made on the response to the European Commission’s call for advice, with a discussion paper published in June 2024 to gather stakeholder feedback and ad hoc data collection. The feedback will inform the response that the EBA and ESMA intend to provide jointly, and which will include a broad assessment of the provisions of the IFR and IFD and their interaction with other regulations.

Reaping the benefits of the Single Rule Book

The EBA updated the list of Common Equity Tier 1 (CET 1) instruments in December 2024, addressing bank liabilities. It also monitored developments in capital and capital issuances (Additional Tier 1 (AT1), Tier 2 and total loss-absorbing capacity /minimum requirement for own funds and eligible liabilities (TLAC/MREL) instruments), and published its monitoring report in June 2024, with new guidance on the prudential valuation of non-CET1 instruments and other aspects related to the terms and conditions of issuances.

Furthermore, the EBA continued its work on implementing the EBA opinion on legacy instruments (including in the context of the CRR II grandfathering provisions) and, after providing guidance on one specific issuance of legacy Tier 2 instruments in January 2024, addressed a further case in December 2024.

As a result of reviewing the stacking orders of capital, leverage and MREL/TLAC requirements and related capital buffers, in July 2024 we published a report describing the role of regulatory stacks, summarising the differences between the EU, UK and US frameworks, and highlighting institutions’ practices on management buffers. The findings contributed to other EBA regulatory products, such as the mandate on the interplay between the output floor and Pillar 2 (Article 104a(7) CRD6), which was also the topic of an EBA opinion published in January 2025, as well as the updated supervisory review and evaluation process (SREP) guidelines planned for 2025.

A report on liquidity measures published in December 2024 set out the findings of the monitoring and evaluation of the liquidity coverage requirements currently in place in the EU. It highlighted that, between June 2023 and June 2024, EU banks’ liquidity coverage ratio (LCR) increased by three percentage points to reach 167%, and also reveals changes in the composition of banks’ funding deposits, while banks’ holdings of liquid assets steadily increased.

At the beginning of 2024, the EBA published a report about specific aspects of the net stable funding ratio (NSFR) framework. The report provides an evaluation of the materiality of the specific items analysed, as well as an assessment of the impact of possible changes to the current prudential treatment. All analysed items appear to have limited materiality in terms of contribution to the total required stable funding, and this situation is confirmed for major as well as smaller banks. A change in the regulatory treatment of such items is not expected to have material effects on institutions but would generate compliance costs. Moreover, the current treatment appears to be aligned with other jurisdictions, which means that any changes would jeopardise the level playing field. The EBA therefore concluded that no changes are needed to the current legislation.

As part of Pillar 2 work, the EBA monitored the impact of the interest rate environment on own funds and eligible liabilities aspects, as set out in its heatmap following scrutiny of how the interest rate risk in the banking book (IRRBB) standards are being implemented in the EU. The heatmap published in January 2024 set out policy areas that would be subject to further scrutiny, and corresponding actions in the short to medium and long term. An initial follow-up report reflecting on the short/medium term objectives of the heatmap was prepared during 2024 and published in early February 2025.

The EBA continued to monitor implementation of the GL for the SREP, with particular consideration of the recommendations made by the ACP. This work also relied on the EBA’s ongoing assessment of supervisory practices through the European Supervisory Examination Programme (ESEP) and the monitoring of its implementation, and through participation in supervisory colleges. The report on the convergence of supervisory practices, published in July, shows that there is still room for further consistency in the identification and treatment of risks covered by Pillar 2 requirements across the EU, while supervisory college monitoring confirmed that the annual college cycle is functioning well.

As in previous years, the authority continued its benchmarking activities in both credit and market risk models (inclusive of IFRS 9-related considerations) in order to support Competent Authorities (CAs) in assessing the internal approaches used for the calculation of own funds requirements and for remuneration practices.

In the area of governance, the ESAs (EBA, EIOPA, ESMA) published joint guidelines on the system for exchanging information relevant to fit and proper assessments, with a view to enhancing the information exchange between supervisory authorities in a dedicated system across different parts of the financial sector.

On the topic of remuneration, in July the authority published its report on the application of gender-neutral remuneration policies by institutions subject to the CRD and the IFD, based on information collected from institutions, investment firms and CAs. The report shows that the industry faces no major hurdles in adopting and implementing gender-neutral remuneration policies, but that some entities lag behind.

Separately, in July 2024, the EBA published a report on the application of derogations from the requirements on deferral and payout in instruments under the CRD. This work aimed to assess the implementation and application of derogations within the EU, their impact on costs, the risk alignment of variable remuneration vis-à-vis the risk profile of the institution, and their impact on the ability to recruit and retain staff.

The annual report on high earners, based on 2022 data (covering entities subject to both CRD and IFD), was published in April 2024 and the report based on 2023 data was published in December 2024. The reports show an increase in the number of individuals working for EU banks and investment firms who received remuneration of more than EUR 1 million between 2021 and 2022. This increase is linked to the overall good performance of institutions, with the expansion of business and salaries adjusted for inflation. Later on, in 2023, the number of high earners remained stable overall, with an increase in high earners in banking and a decrease in high earners in investment firms. These changes were mainly caused by the more volatile business model of investment firms and reduced profitability in 2023 compared to 2022, while banks, on average, continued to perform well.

In 2024, the EBA simplified its regular annual report on high earners’ remuneration into a dashboard to visualise data in a more appealing way for interested stakeholders. 

Figure 4: Number of high earners (data for 2023) by Member State and payment bracket of one million euros for institutions and investment firms

In May 2024, the EBA received a mandate from the Commission to each year develop a set of indicators about the market share of non-EU entities operating in the EU banking sector and the concentration of their business models in specific countries or sectors of activity. The mandate also requires the EBA to analyse EU banks’ asset and liability exposures in foreign currencies. In response to the second part of the mandate, the EBA delivered a report in December 2024 analysing EU banks’ funding structure, their reliance on foreign (significant) currencies for funding, and the breakdown of EU banks’ exposures by domestic and foreign currency.

KPIs

Monitoring financial stability and sustainability in a context of increased interest rates and uncertainty 

Within this priority, the EBA placed increased focus on the impact of slow growth and high interest rates on the real economy in general, and on the banking sector in particular, in a context of inflationary pressures and against the background of unstable geopolitical and economic circumstances (see Section Work on proportionality).

Findings from the EBA’s risk assessment work were reflected in deliverables such as the quarterly risk dashboard and the joint committee (JC) spring and autumn risk presentations, as well as the JC report on risks and vulnerabilities. Starting from 2024, the EBA evolved its annual Risk Assessment Report into a spring and an autumn edition, with the latter linked to the publication of the results of the 2024 EU-wide transparency exercise (discussed below).

The RAR is complemented by the regular MREL monitoring conducted by the EBA and publicised in the form of a dashboard summarising the state of play in resolution planning for all banks with a resolution strategy in the EU, stating the level of MREL requirement, the level of resources and resulting shortfalls and roll-over needs.

The introduction of top-down elements for NFCI in the previous exercise helped to shape the approach and methodology for the 2025 exercise. This gave rise, in July 2024, to an informal consultation on the draft methodology, templates and guidance for the 2025 EU-wide stress test, with important changes worthy of note, namely the integration of the Capital Requirements Regulation (CRR3), the Commission’s announcement to postpone the application date of the fundamental review of the trading book (FRTB), the centralisation of net interest income (NII) projections, but also advancements in the market risk methodology to increase risk sensitivity. Expanded geographical reach and the incorporation of proportionality features aim to boost efficiency while ensuring the relevance and transparency of the results, with the latter addressing the recommendations of the ACP.

Drawing on the feedback received, the EBA then proceeded to publish the final methodology, draft templates and template guidance for the 2025 EU-wide stress test, along with the milestone dates for the exercise in November 2024.

In addition to the work on the regular stress test exercise, the EBA undertook a one-off Fit-for-55 climate risk scenario analysis jointly with ESMA, EIOPA, the ECB and the ESRB, the results of which were published in November 2024. The exercise, which is part of mandates received under the European Commission’s Renewed Sustainable Finance Strategy, was aimed at assessing the resilience of the financial sector in line with the Fit-for-55 package, and to gain insights into the capacity of the financial system to support the transition to a lower carbon economy under stress conditions.

In addition, the EBA has been working on incorporating climate-related risks into the EU-wide stress test in order to address the mandate in our founding regulation (Articles 23 and 32). A proposal was presented at the BoS meeting in December 2024, receiving support from the members.

The proposal outlines the EBA strategy, and distinguishes between a short-term module to assess capital adequacy and a long-term module to evaluate banks’ business model resilience, leveraging scenario analysis. According to this strategy, the incorporation of climate risks into the EU-wide stress-testing framework should be gradual, starting with a partial integration (‘combined approach’) in 2027, with more climate risk-related elements being added in subsequent stress tests. The combined approach will leverage the processes and infrastructure (e.g. timeline, FAQs, data collection and data quality checks) and some core methodological assumptions (e.g. static balance sheet, three-year time horizon) of EU-wide stress test, allowing for economies of scale and reducing the burden, both for banks and for supervisors. However, a clear separation between the results of the climate stress test and the results of the EU-wide stress test should be ensured, at least for the first application, for communication and supervisory action purposes.

Following the guidance provided by the BoS Members in December, work in the coming months will focus on developing concrete proposals for the implementation of the combined approach, while starting to discuss the possible high-level framework for the long-term module. Efforts will be made to ensure adequate coverage and assessment of physical risks (including their acute dimension), in addition to transition risks, for instance through the development of ad hoc scenarios. Efforts will also be made to ensure the principle of proportionality is included, as well as promoting alignment with the EU-wide stress test technical framework as far as possible.

KPIs

Source of information KPI A, KPI B: EBA WP monitoring tool and publications.

Providing a data infrastructure at the service of stakeholders

The EBA continued implementing its data strategy to improve the way regulatory data are acquired, compiled, used and disseminated to relevant stakeholders, thereby strengthening analytical capabilities. Its EUCLID platform enables data flows between diverse endpoints and provides access to high-quality, curated data and insights to internal and external stakeholders by employing advanced technical capabilities, with the objective of fostering the ingestion and dissemination of critical data assets, insights and analytics policies, as well as implementing the Pillar 3 data hub requested by the Level 1 legislation. In the last quarter of 2024, planning started for a 2025 review of the EBA’s data strategy, keeping in mind the 2026–2028 horizon and a close alignment with the EBA’s ICT Strategy for the same period.

Table 1: EUCLID in numbers

* Data for ~50 Key Risk Indicators from Q4 2008 onwards is available at the EBA for ~50 institutions from 20 EU countries, covering at least 50% of the total assets of each national banking sector. Numbers are based on non-harmonised prudential and financial reporting standards applicable in the EU before 2014. From Q1 2014 onwards, the data available at the EBA for the sample of largest credit institutions and banking groups accounted for more than 80% of EU banking sector total assets.

** Long-term expectations.

As it did in 2023, the EBA contributed to fostering transparency and market discipline in the EU banking sector. In December 2024, the authority published the annual transparency exercise, together with the autumn 2024 edition of the Risk Assessment Report (RAR). This provided transparency on around 9 500 data points per bank, in a comparable and accessible format, for 123 banks from 26 countries across the EU and EEA, complementing banks’ own Pillar 3 disclosures, as required by the EU’s CRR. The EBA provided users with a variety of interactive tools to visualise and compare data over time, both by country and by individual banks on capital positions, financial assets, risk exposure amounts, sovereign exposures and asset quality of the EU banking sector covering the latter half of 2023 and the first half of 2024. To reduce the reporting burden for the entities, the exercise was exclusively based on supervisory reporting data submitted to the EBA via EUCLID.

The EBA also carried out a number of data-driven analyses and it supported calls for advice, providing insights and comprehensive analyses that significantly enhanced decision-making processes and increased transparency. In 2024, the EBA provided a draft report in response to the CfA on EU banks’ funding and exposures in foreign currencies and a CfA on the market share of non-EU entities operating in the EU banking sector and the concentration of their activity in specific countries or sectors. The EBA leveraged existing FINREP data to create an EU-level set of indicators.

In the field of data collection, in 2024 the EBA began adapting EUCLID for receiving data from new types of reporting entities (MiCA/DORA) and new directly reported data flows (MiCA, Pillar 3). Regarding data dissemination, the EBA Risk Dashboards publication process was streamlined, resulting in more timely publication and increasing the value of the reported data. The EBA offered more visualisation tools and digitalised the RAR to provide better data insights and easier use of data. The EBA also expanded its offering to competent and resolution authorities of its EBA Data Access Portal (EDAP) with master data and report monitoring and data quality indicators.

The EBA continued to implement the Pillar 3 data hub envisaged by the Level 1 legislation. Building on the feedback received on the discussion paper launched in 2023, a pilot exercise with voluntary institutions to test the process for large and other institutions was completed in 2024. Conclusions from this pilot exercise, together with the feedback received during the consultation, were taken into account when finalising the draft ITS covering IT solutions, data exchange formats and technical validations. The final draft ITS were submitted to the Commission for adoption in February 2025.

The Pillar 3 hub will ultimately be connected to the European single access point (ESAP), on which the ESAs published the final draft ITS specifying certain tasks of the collection bodies and functionalities in October 2024. The published ITS represent the first milestone for the successful establishment of a fully operational ESAP.

In the area of integrated reporting, the governance structures were set up in 2024, following the finalisation and publication in March of the MoU signed with the ECB. The Joint Bank Reporting Committee (JBRC), which is the forum for collaboration between European and national authorities on reporting topics, had its first meeting in May. The JBRC will cooperate with the industry through the Reporting Contact Group, which was established with 22 members and had its first meeting in November. Furthermore, one of the main tasks of the JBRC – achieving semantic integration – was also launched, with the creation of an expert group on semantic integration that started its work based on the roadmap and methodology for semantic integration developed jointly by the ECB and the EBA during the first half of the year. This work will increase efficiency in reporting by streamlining and aligning definitions, as well as removing overlaps and redundant requirements.

In 2024, the EBA announced the implementation of the enhanced Data Point Model and methodology, DPM 2.0, to ensure the EBA data dictionary is fit for future challenges of reporting and digital processing. DPM 2.0 was used for the reporting release 4.0 framework, published in December 2024. In parallel and in preparation for the migration to DPM 2.0 and for the work on integrated reporting, the EBA has conducted a quality review of its DPM data dictionary definitions to improve its semantic glossary, and the way the latter is used to define the reporting variables included in the EBA’s regulatory frameworks. Release 4.0 incorporates the revised glossary. Finally, the EBA started using the new Digital Regulatory Reporting tool, DPM studio, to produce the reporting frameworks, including the DPM releases, the complete validation rules lifecycle, and the creation of XBRL taxonomy packages. Both the DPM standard 2.0 and DPM studio were developed jointly with EIOPA. 

Furthermore, the publication of guidelines on the resubmission of historical data under the EBA reporting framework provided a common approach for financial institutions in case there are errors, inaccuracies or other changes in the data reported in accordance with the supervisory and resolution reporting framework developed by the EBA. This will enhance the quality, consistency and completeness of reported data. They deliver on one of the remaining open recommendations set out in the 2021 Cost of Compliance report and thus conclude the work on the related roadmap. Policy work on reporting and transparency is covered under Sections Implementing the Basel framework in the EU and enhancing the Single Rulebook, Developing an oversight and supervisory capacity for DORA and MiCA and Risk assessment and data.

As part of the EBA’s continued efforts in the field of supervisory disclosure, in November 2024 the EBA updated the centralised information disclosed by EU CAs, in accordance with their ITS on supervisory disclosure under CRD and IFR, which provide for the information being accessible in one single electronic location. This includes information regarding the laws, regulations, administrative rules and general guidance adopted by the Member States in the field of prudential regulation and supervision, aggregate statistical data on key aspects of the implementation of the prudential framework in each Member State, but also information on options and national discretions available in EU banking legislation and general criteria and methodologies used by national authorities in the SREP.

KPIs

* Target for KPIs have been adjusted from: KPI A > 85%, KPI B < 1%, KPI C < 0.25, KPI D <30.

Source of information KPI A to D: EUCLID.

Developing an oversight and supervisory capacity for DORA and MiCAR

DORA and MiCA are part of the EU Digital Finance Strategy, which aims to ensure that the current legal framework does not pose inadvertent obstacles to the use of new technologies and the emergence of new products while ensuring effective risk mitigation.

In 2024, the EBA, together with other appropriate ESAs, finalised the MiCA and DORA policy mandates, thereby contributing to the ICT risk management dimension of the Single Rulebook and to a consistent framework for the regulation and supervision of crypto-asset activities.

DORA Policy

DORA, which entered into force on 16 January 2023, has applied from 17 January 2025, with the ESAs collectively delivering 13 legal instruments in January and July 2024 in relation to ICT risk management, incident reporting, third-party risk management, testing and oversight. In doing so, the ESAs took into consideration the feedback from the market and recommendations of the Joint ESA ACP. On 7 March, in response to the Commission’s rejection of the draft ITS on the registers of information, the ESAs published and submitted an opinion on these ITS to the Commission.

With the delivery of the regulatory mandates, there was additional focus on preparing for the taking up of the new roles and tasks assigned by DORA.

DORA oversight

The EBA, together with EIOPA and ESMA, advanced its preparations for oversight over CTPPs. This included the establishment of the new governance structures, namely the Oversight Forum (a new JC subcommittee) and the Joint Oversight Network (ESAs), as well as the arrangements to set up and operate the Joint Examination Teams. The ESAs have also been preparing the methodologies and processes to support the oversight activities. New IT systems are being developed to support the designation of CTPPs and future collaboration when performing oversight tasks.

To jointly tackle their new oversight responsibilities over CTPPs, the ESAs set up a joint directorate to pool the resources allocated by the legislation to carry out the oversight tasks with the support of NCAs in the Joint Examination Teams (JETs). This will ensure maximum consistency in the oversight approach towards CTPPs, optimise the use of resources (avoiding redundancies), including for their allocation over time, and facilitate the development of a common oversight culture in largely uncharted territory. The director leading the new joint directorate was recruited in October 2024 and is responsible for implementing and running the oversight framework for CTPP at European level, contributing to the smooth operation and stability of the EU financial sector.

To build operational and ICT risk capacities internally during the execution phase of the implementation plan, the EBA offered training in-house, via the EU Supervisory Digital Finance Academy, and other means with a view to building competencies at the ESAs and CAs for managing DORA-related activities. The EBA also offered training for staff on oversight techniques, policies and procedures.

One of the essential components of the DORA framework is the designation of CTPPs. To support this first step of the oversight activity, in November 2024 the ESAs published a decision providing a general framework for the annual reporting to the ESA of the information necessary for CTPP designation, including timelines, frequency and reference dates, general procedures for the submission of information, quality assurance and revisions of submitted data, as well as confidentiality and access to information. In particular, the decision requires CAs to report by 30 April 2025 the registers of information on financial entities’ contractual arrangements with ICT third-party service providers. While the ITS on the registers of information was adopted late by the Commission, the essential part of the requirements for registers of information has been available since April 2024.

To support industry preparations, the ESAs shared the draft templates, DPM and reporting technical package in May 2024 and carried out a voluntary dry run exercise on the reporting of registers of information, with the participation of around 1 000 financial entities across the financial sector in the EU. As part of the exercise, the ESAs have published numerous supporting documents, organised three industry workshop with a wide reach of participants, and provided data quality feedback to the participating financial entities. The support offered by the ESAs did not stop with the publication of the dry run summary report in December 2024, as the ESAs have continued updating supporting explanatory documents and the frequently asked questions on the dedicated web page throughout 2024 and 2025.

Other DORA tasks

In line with the relevant ESRB recommendation, the ESAs announced in July 2024 the establishment of the EU Systemic Cyber Incident Coordination Framework (EU-SCICF) in the context of DORA, which was accompanied by the publication of a factsheet. This framework will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.

With the completion of the policy mandates and the approaching DORA application date, the ESAs also intensified their work to help converge supervisory practices in the implementation of the new framework. This led to the publication in December 2024 of a joint ESA statement, to ensure that financial entities are prepared for the new requirements, particularly on the register of ICT third-party providers and on the reporting of ICT incidents.

MiCA policy

For MiCA, which entered into force on 29 June 2023, and the provisions relating to asset-referenced tokens (ARTs) and electronic money tokens (EMTs) applying from the end of June 2024 (the remaining provisions applying from the end of December 2024), the EBA delivered 20 technical standards and guidelines in 2024 (two of which were joint with the ESMA, and one with the ESMA and EIOPA), and one set of own initiative guidelines to address reporting gaps under MiCA. The policy mandates under MiCA expanded the common Single Rulebook for crypto-asset issuance in the EU, with the aim of enhancing consumer protection (e.g. with clear rules on complaints handling), governance (e.g. measures to identify and address conflicts of interest), prudential resilience (e.g. regarding reserve, recovery and redemption arrangements), and reporting requirements.

MiCA supervision and other tasks

MiCA confers on the EBA supervision tasks with regard to ARTs and EMTs that are determined by the EBA to be ‘significant’. In 2024, the EBA took preparatory steps for these tasks and developed its framework for significance assessments and supervisory policies and procedures and forms, templates for the exchange of information between all relevant parties (including supervised issuers, national CAs, the ECB and other relevant central banks). In parallel, the EBA developed the IT capabilities needed to support the EBA’s supervision function. The EBA also established the CASC to support the authority in the performance of its supervision tasks^[1], as a replacement of its temporary CSCG, which met throughout 2024 to facilitate knowledge-sharing between CAs and support supervisory convergence efforts in the initial phase following the application of MiCA. In 2024, the EBA also worked towards strengthening its supervisory capacity, in particular by further extending training for staff, and by organising workshops with NCAs on techniques for the supervision of issuers of ARTs and EMTs.

As part of its convergence efforts, in July 2024 the EBA published a statement addressed to issuers, consumers and other relevant stakeholders. In the statement, the EBA reminded (prospective) issuers of ARTs and EMTs of the new requirements under MiCA, and drew attention to the relevant technical standards and guidelines. The EBA also drew attention to factors that consumers can check before deciding whether to acquire an ART, EMT or other type of crypto-asset, and reminded consumers of the risks of acquiring crypto-assets that have not been issued in accordance with the applicable provisions of MiCA. Additionally, in July 2024, the EBA published the key topics for supervisory attention across the European Union for issuers of ARTs/EMTs in 2024/2025. Both documents were prepared with a view to promoting the timely and consistent application of MiCA.

Beyond supervisory preparedness, in 2024 the EBA completed preparedness actions for its other tasks under MiCA, specifically regarding its tasks of preparing non-binding opinions on the classification of crypto-assets under MiCA^[2], and its task of exercising temporary intervention powers^[3].

KPIs

Source of information KPI A: EBA WP monitoring tool and publications; KPI C: DORA /MiCA milestones tracker.

Increasing focus on innovation and consumers (including access to financial services) while preparing the transition to the new AML/CFT framework

In 2024, the EBA further enhanced the focus on innovation, on the conduct of financial institutions and on consumer protection mandates (including those given by MiCA and the Credit Servicers and Credit Purchasers Directive (CSD)) and also contributed to ensuring that citizens have access to financial and banking services. The authority also worked to strengthen CAs’ ability to tackle financial crime across its regulatory and supervisory remit.

Innovation

The EBA continued to monitor financial innovation, to identify opportunities and risks, promote knowledge-sharing and capacity-building among supervisors, and identify any areas where specific regulatory or supervisory responses may be needed. Crypto-assets, tokenisation in relation to new financial products and services and decentralised finance and the application of AI/ML in financial sector, as well as digital identity management, digital platforms, supervisory and regulatory technologies (SupTech and RegTech), are examples of innovations that are currently on the EBA’s innovation monitoring radar. Keeping a close eye on developments via targeted surveys of industry and CAs, as well as information exchanges with industry, CAs and other EU and international organisations help to identify emerging risks and provide guidance on areas where further work by the EBA may be needed. 

As part of its innovation monitoring work, the EBA published a factsheet on the uses of distributed ledger technology (DLT) in the EU banking and payments sector. The EBA also published, in December 2024, a report on tokenised deposits which assesses potential benefits and challenges of tokenised deposits, and aims to promote convergence in the classification of such deposits in contrast with EMTs issued by credit institutions under MiCA.

Regarding crypto-asset market developments, the EBA, jointly with the ESMA, prepared a thematic report on recent developments (published in January 2025) including decentralised finance (DeFi) and crypto-asset staking and lending. This report contributes to the Commission’s report to the European Parliament and Council under Article 142 MiCA (the Commission report on the latest developments in crypto-assets).

Importantly, in 2024 the EBA commenced work regarding the implementation of the EU’s AI Act. The EBA commenced an assessment of the interplay between the AI Act and sectoral legislation applicable to the EU banking and payments sector, with a view to informing further mapping, assessment and discussion in 2025, to identify any actions needed to secure regulatory consistency and supervisory convergence. Additionally, the EBA took actions to assess AI Act implications, providing inputs to the Commission to inform the Commission’s guidelines on the AI System definition^[4] and to support knowledge-sharing among CAs regarding the designation in the Member States of ‘market surveillance authorities’ for the purposes of the AI Act.

More generally, the EBA continued to monitor adoption of AI applications in the EU banking and payments sector, and assess potential opportunities and risks (including via a workshop in April 2024 on General Purpose AI (GPAI)), publishing its findings in the Autumn Risk Assessment Report.

Earlier in 2024, the ESAs published a joint report with the findings of a stocktake of BigTech’s provision of direct financial services in the EU. The report identifies the types of financial services currently carried out by BigTechs in the EU pursuant to EU licences, and highlights inherent opportunities, risks, regulatory and supervisory challenges, and recommends steps to enhance the monitoring of these activities. Additionally, the EBA commenced work on a thematic report (to be published in 2025) on white labelling, as part of its wider efforts to monitor the implications of value chain evolution.

Finally, the EBA, together with the ESMA and EIOPA, further contributed to the European Forum for Innovation Facilitators (EFIF) and guided and steered development of the EU Supervisory Digital Finance Academy (SDFA) training curriculum to ensure it is tailored to the CAs’ needs and contributes to the SDFA’s aim to strengthen supervisory capacity in innovative digital finance.

Consumer protection

More specifically with regards to consumer protection, the EBA continued its efforts to enhance the monitoring of financial institutions’ conduct of retail activities across the authority’s regulatory and supervisory remit.

As a follow-up to the Consumer Trends Report published in April 2023, the EBA undertook a fact-finding exercise on the creditworthiness assessment (CWA) practices of non-bank lenders (NBLs). The exercise, the results of which were published in August, was aimed at gaining insight into the extent to which NBLs contribute to over-indebtedness and arrears. It revealed that, while some NBLs might service segments of the population that may have limited opportunities to access traditional banks for credit, a significant number of the surveyed NBLs appear to apply inadequate practices for information gathering and verification during their CWAs.

The ESAs published a joint report in July 2024 following their workshop on the use of behavioural insights by supervisory authorities in their day-to-day oversight and policy work. The report provides a high-level overview of the main topics discussed during the workshop held on 14 and 15 February 2024 for national supervisors and other CAs, where participants explored the added value of behavioural insights in their work by exchanging experiences and discussing the challenges they face.

In addition, the authority, in coordination with the ESMA, developed technical standards (published in April 2024) setting out complaints handling procedures for complaints from holders of ARTs and other interested parties (including consumer associations that represent those holders) to issuers of such assets under MiCA – specifying the requirements, templates and procedures for handling complaints received.

In addition, in July, the EBA published final guidelines that extend the existing joint committee guidelines on complaints handling (JC Guidelines) to credit servicers under the new Credit Servicers Directive (CSD), ensuring that, when handling complaints from borrowers, credit servicers are required to apply the same effective and transparent procedures that have been applied for more than a decade to other firms in the banking, insurance and securities sectors. Further reflecting the authority’s concerns about simplification, the EBA introduced non-substantive changes in order to align the guidelines with the amendments made to the EBA Regulation in 2020, allowing the EBA to delete procedural requirements, directed towards national authorities, that are no longer required.

In June 2024, the EBA furthermore amended its guidelines on arrears and foreclosure to address the changes introduced in the Mortgage Credit Directive (MCD), following an assessment of the impact of revision of Article 28(1) of the Directive, and concluded that Guideline 4 on ‘resolution process’ needs to be removed, given that its content had been embedded in E U Law.

Again in the context of the CSD, the guidelines on national lists or registers of credit servicers, published in March 2024 and aimed at CAs managing such lists or registers, specify i) the content of the lists or registers; ii) how they should be made accessible; and iii) the deadlines for updating them. To further enhance transparency for credit purchasers and borrowers, and to establish a level playing field across the EU, the lists or registers should also make it easier for borrowers to access information on complaint-handling procedures offered by CAs.

In accordance with Articles 39(2) and 41(1) MiFIR, the EBA also monitors the market for structured deposits. This mandate, in combination with a Commission request for the EBA to issue recurrent reports on the cost and past performance of structured deposits, led to a report published in July 2024 on structured deposits in the EU. The report highlighted that, in more than half of the 27 national markets in the EU, structured deposits do not exist, and that the EU market remains very small at an aggregate level, with only EUR 16.7 billion of structured deposits sold during the reference period of the report of 1 January to 30 September 2023 – the report’s reference period. 95% of these were concentrated in just four EU Member States. These four countries reported increases in the number of products offered and volumes sold, albeit at a very low level. Across the EU, the total value of structured deposits sold in each Member State ranges from EUR 2 million to EUR 10 billion, showing a disparity in market penetration and investor interest.

As regards cost and past performance of structured deposits – covered as per the Commission request – the limited performance data that are available indicate that the annual net returns for structured deposits vary significantly, with some structured deposits offering no return, while others showing positive returns, in one case of up to 24%.

In 2024, the EBA acted as lead organiser of the Joint ESAs’ Consumer Protection Day, which took place on 3 October 2024 in Budapest. The event followed the theme of ‘Empowering EU consumers: fair access to the future of financial services’ and featured three panels covering the topics of AI in financial services, access to consumer-centric products and services, and sustainable finance. Speakers and panellists included leaders from consumer organisations, regulatory authorities, EU institutions, academia, and market participants from across the European Union, with 300 in-person participants and more than 600 viewers online. Highlights from the day were shared publicly later in October.

AML/CFT

Through 2024, the EBA continued to lead, coordinate and monitor the EU financial sector’s AML/CFT efforts. As part of this, it continued to set common standards in line with its legal mandate where warranted and necessary, highlighted and acted upon emerging ML/TF risks, and supported the effective implementation of robust approaches to tackling ML/TF, sanctions and other financial crime risk across the EU.

Work to deliver the EBA’s mandates in Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (the Funds Transfer Regulation – FTR) was a particular focus. In 2024, the EBA issued:

• Guidelines on the so-called ‘travel rule’, i.e. the information that should accompany transfers of funds and certain crypto-assets. These guidelines, which were issued in July 2024, serve to tackle the abuse of such transfers for ML/TF purposes. They updated and replaced guidelines on the travel rule that the EBA had issued in 2017.
• Two sets of guidelines on internal policies, procedures and controls to ensure the implementation of EU and national sanctions. These guidelines, which were issued in November 2024, set out, for the first time, common EU standards on governance arrangements, and on the policies, procedures and controls that financial institutions should have in place to be able to comply with EU and national restrictive measures.
• A public consultation launched in December 2024 on draft technical standards specifying the criteria according to which crypto-asset service providers (CASPs) should appoint a central contact point to ensure compliance with local AML/ CFT obligations of the host Member State. These RTS amend the RTS the EBA had issued previously, by extending their scope to CASPs.

In addition, the EBA worked to include specific provisions on identifying and tackling ML/TF risks in 10 MiCA instruments, and published an ‘explainer’ to provide a comprehensive overview of the holistic approach to tackling ML/TF risk in crypto to an emerging sector.

The EBA continued to monitor and disseminate information on emerging ML/TF risks and coordinated CAs’ actions where necessary to tackle those risks. This included:

• Using the EBA’s EuReCA database to inform CAs of risks that were relevant to them concerning individual institutions under their AML/CFT supervision, and concerning their overall approaches to tackling ML/TF risk. For example, submissions suggested that across the EU, ML/TF risks associated with the ineffective use of RegTech solutions were increasing. By the end of 2024, EuReCA contained information on 2 542 material weaknesses and corrective measures concerning 517 institutions submitted by 44 CAs from all Member States.
• Assessing the risks and impact of the use of virtual IBANs (vIBANs) and publishing the findings in a report in April 2024. The report highlighted the lack of a common definition at EU level and divergent approaches, both by CAs and by the industry, which raise challenges not only from an AML/CFT perspective, but also from consumer and depositor protection, authorisation and passporting, and regulatory arbitrage perspectives. The EBA provided recommendations in that respect.
• Hosting meetings of EU supervisors to coordinate actions and ensure a robust approach to tackling crystallised ML/TF risks in individual CASPs. Over the course of 2024, the EBA hosted three such meetings, in addition to advice it also provided on tackling ML/TF risk in specific situations. As a result of the EBA’s work, CAs reassessed the fitness and propriety of senior managers and beneficial owners in three cases, and triggered other supervisory actions in seven cases.
• Raising awareness of specific risks it had identified by publishing factsheets for financial institutions on terrorist financing and derisking.

As was the case in previous years, the EBA continued to support the effective implementation of its standards through targeted reviews and training. In 2024, the EBA:

• Completed its reviews of EU/EEA CAs’ approaches to tackling ML/TF risk in the banking sector. By December 2024, the EBA had assessed all 40 CAs in the EU and provided them with feedback and recommendations for change where necessary. For the final round of reviews, as set out in a report the EBA published in December 2024, the EBA found that AML/CFT supervisors had taken important steps to implement a risk-based approach to AML/CFT, but that challenges continued to exist in relation to prudential supervision and risk assessments in particular. The EBA will now conduct a final stocktake of all the actions taken by CAs in response to the EBA’s recommendations and publish a final report in 2025 as part of the EBA’s handover to AMLA.
• Continued to monitor the effective functioning of AML/CFT colleges. The fourth report on the functioning of AML/CFT colleges, which was published in December, highlights that AML/CFT colleges worked well in the period under review, but further progress was necessary in two areas: adjusting the functioning of AML/CFT colleges to specific ML/TF risks to which the underlying firm is exposed, and discussing the need for a common approach or joint action.
• Provided training to 350 staff from CAs on crypto, EuReCA, and on the effective assessment of ML/TF risk.

The EBA worked closely throughout 2024 with CAs and the Commission to prepare for the transition to the EU’s new legal and institutional AML/CFT framework. The publication of the new AML/CFT package in June 2024 started a transition period whereby the EBA continues to be responsible for AML/CFT until 31 December 2025 while the new AML/CFT Authority, AMLA, is being set up. As part of this, the EBA has started to prepare the transfer of data, knowledge and powers to AMLA, supported national CAs in their preparatory work to adjust to the new framework, and contributed to safeguarding effective cooperation between prudential and AML/CFT supervisors and regulators in future.

An important aspect of this work relates to the preparation of the EBA’s response to a Call for Advice the EBA received from the Commission on 12 March. In this Call for Advice, the Commission tasks the EBA with the preparation of several technical standards that will be key to the new AML/CFT regime. The EBA is due to respond to the European Commission by the end of October 2025. Specifically, the Commission asked the EBA to prepare a common ML/TF risk assessment methodology for AML/CFT supervisors in line with Article 40(2) of the Sixth Anti-Money Laundering Directive (AMLD6) and the methodology that the AMLA will use to select institutions that will be directly supervised by it pursuant to Article 12(7) of AMLA. The EBA’s input will also cover customer due diligence aspects under Article 28(1) of AMLR and the criteria that supervisors will use to determine pecuniary sanctions or administrative measures under Article 53(10) AMLD6 and to consider possible guidance on the base amounts for such sanctions under Article 53(11) AMLD6. The EBA organised an industry roundtable in October 2024 to obtain the views of the private sector on these mandates with a view to informing its approach. A consultation was launched in Q1 2025.

KPIs

Source of information KPI A and KPI B: EBA WP monitoring tool and publications; KPI C: EBA WP monitoring tool and report to SDFA; KPI D: EBA WP monitoring tool and EBA transition workplan.

Additional achievements in 2024

Work on proportionality 

Since its creation in 2020, the ACP has been providing recommendations to the EBA on how to foster proportionality in its activities and missions. Its core mandate is to assess the EBA draft WP for the upcoming year and make recommendations to enhance its proportionality. It is also tasked with reviewing how the EBA has addressed its advice.

In 2024, the ACP followed up on its previous recommendations in the areas of Recovery and Resolution, ESG in supervision and regulation, and reporting and transparency, and recommended that the EBA also pay particular attention to proportionality in its work related to payment services, consumer and depositor protection.

The EBA took the recommendations into account in the preparation of these activities, recognising the value of enhancing proportionality where possible.

In the area of Recovery and Resolution, the work on revision of the RTS on resolvability assessments has been ongoing and the EBA engaged extensively on the topic with an aim of reviewing existing EBA products to increase optionality and the development of alternative strategies in the resolvability assessment process, reflecting the ACP’s recommendations. Similarly, considering the ACP’s advice, EBA has been reviewing the RTS on the content of resolution plans to streamline these plans, simplify them, amend the update frequency and help authorities focus on testing. Furthermore, the EBA’s review aimed at standardising resolution planning and a streamlined MREL section of the plan.

Addressing the continuous focus on proportionality in the EBA’s work, the EBA has started preparatory work on the inputs for the upcoming review of the SREP Guidelines, in particular regarding the management of ESG risks and transition plans. The simplification of Pillar 3 reporting templates for SNCIs, including the alignment of Pillar 3 disclosures with supervisory reporting, has been progressing throughout 2024, with further work expected in 2025.

The EBA finished implementing the recommendations from the study on the cost of compliance with supervisory reporting (2021), which aimed to reduce compliance costs for institutions by 25%, particularly for small and non-complex institutions. Reducing the overall reporting burden for SNCIs has become an integral part of all the EBA’s reporting work and, in addition, the EBA has considered proportionality in all new and amended reporting requirements, not only for SNCIs but also for medium and large institutions. As part of changes resulting from CRR3 and related to liquidity and FINREP, the EBA is also reviewing, existing data points and their relevance. The new JBRC and its units have been working on integrating supervisory, resolution and statistical reporting.

Considering the ongoing legislative discussions on PSD3 and PSR, the EBA actioned the ACP’s recommendation on payment fraud prevention, by publishing an opinion with legislative proposals for how to enhance payment fraud rules in April, and an inaugural joint report with the ECB on payment fraud data for 2022 and 2023 in August (see the Section Engaging with stakeholders for details).

Recovery and resolution

The Commission’s proposals for a strengthened CMDI framework, issued in April 2023, are aimed at enabling authorities to organise an orderly resolution for failing banks of any size and business model, including smaller players, drawing from lessons learned during the initial years of application of the existing rules. The proposals, to which the EBA has contributed in previous years through responses to various calls for advice, anticipate amendments to the Bank Recovery and Resolution Directive (BRRD), the Deposit Guarantee Schemes Directive (DGSD), and the Single Resolution Mechanism Regulation (SRMR). Whereas the proposals contain requirements for the EBA to issue standards on provisions and to report to the Commission on the framework’s effective and harmonised implementation, the uncertainty around the package’s finalisation has impacted and delayed the start of work on these resolution and deposit insurance mandates.

Notwithstanding this delay, the EBA worked on a number of related mandates, including one on recovery stemming from MiCA. This work led to the guidelines on recovery plans under MiCA issued in June 2024, which set out the requirements with respect to the format of the recovery plans and the information to be included in those plans, as well as supervisory expectations for issuers to be able to identify and understand the risks they face and formulate possible actions for restoring compliance with regulatory requirements.

In addition, the EBA launched a public consultation on its draft ITS, overhauling the resolution planning reporting framework, with the aim of further harmonising reporting on these plans in the EU and avoiding duplication of data requests, thus reducing institutions’ cost of compliance. Proportionality was a key driver of this work and led to a streamlining of datapoints to avoid overlaps based on the size and complexity of institutions.

The objective of the European Resolution Examination Programme (EREP) is to drive convergence. In August 2024, the EBA published its findings on the progress achieved with respect to the priorities set for 2023. The report found that convergence had increased within the EU with regards to resolution planning practices and objectives.

More specifically:

• On MREL, only four banks did not meet their target as of 1 January 2024. RAs have used their powers to impose sanctions and have extended deadlines for 22 institutions. They have also increased their monitoring of MREL eligibility and quality, especially for contracts governed by third country law.
• On the operationalisation of the bail-in tool, most RAs have now published their bail-in mechanisms and take the view that challenges remain concerning the identification of holders of instruments, suspension from trading or requirements for issuing prospectuses for the new instruments, and are particularly prominent in relation to third country stakeholders.
• While some progress has been observed in the area of liquidity in resolution, RAs plan to further increase the intensity of their testing and to challenge the severity of banks’ scenarios.
• Finally, RAs have performed more testing of management information systems for valuation, as some banks showed significant gaps in data quality, automation, granularity and timeliness of report delivery.

With the report, the EBA also set three priorities for RAs and banks for 2025: operationalisation of their resolution tools, liquidity strategies in resolution, and management information system for valuation. The 2025 priorities confirm and complement the focus areas set for 2024, given their relevance and the fact that work on those complex topics takes time.

Also with a view to fostering convergence, the EBA worked on a handbook on independent valuers for resolution purposes published in December 2024, with a specific objective of improving the process of selecting independent valuers and of facilitating its implementation by RAs. The handbook provides best practices, high-quality methodologies and processes for the selection and appointment of independent valuers for resolution purposes, gives examples on the application of these methodologies under certain scenarios, and identifies safeguards which could mitigate the effects of a potential conflict of interest hampering the fitness of the valuer.

Depositor protection 

Beyond this, the EBA has a statutory obligation to collect data on deposit guarantee schemes (in accordance with Article 10(10) of the DGSD) and has committed to publishing this information annually, to enhance the transparency and public accountability of DGSs across the EEA for the benefit of depositors, markets, policymakers, DGSs and Member States. The 2023 data related to two key concepts and indicators in the DGSD, namely available financial means (AFMs) and covered deposits, were published in May 2024.

Payment services

The Commission’s retail payments strategy envisages a single payments market which fully leverages innovation and benefits its citizens and firms. The Commission’s June 2023 proposals for a revised Payment Service Directive (PSD3), a Payment Services Regulation (PSR) and a Regulation on Open Finance (FIDA) built on technical advice provided by the EBA and contained requirements for the authority to issue standards on provisions and to report to the Commission on the framework’s effective and harmonised implementation. Here again, the finalisation of the package was delayed and this has impacted the start of the work on approximately 35 mandates to be delivered in the coming years.

Notwithstanding the above delay, the recently enacted Instant Payments Regulation (IPR) led to follow-up work for the EBA, beyond the mandates the authority is expected to deliver under PSD3/PSR and FIDA in 2025/26.

One particularly urgent mandate in this context was the draft ITS on the reporting of data on charges for credit transfers and payment accounts, and shares of rejected transactions. The ITS were finalised in December 2024 and published in early February 2025. The ITS, which deliver on the mandate in the IPR amending the SEPA Regulation, aim to standardise reporting from banks, payment institutions and e-money institutions (i.e. Payment Service Providers – PSPs) to their national CAs. The reported data will help to ensure consumers benefit from access to instant credit transfers, and that the latter are no longer more expensive than regular credit transfers. Following the comments received from external stakeholders during the public consultation on the draft ITS in Q3 of 2024, the EBA decided to postpone the first harmonised reporting from PSPs by 12 months, from April 2025 to April 2026. This enables the Commission to adopt the EBA’s final draft ITS, and the EBA to develop the taxonomy, datapoint model and validation rules, which the industry then needs to implement.

Straddling the EBA’s mandates on consumer protection and contributing to market confidence in payment services is the EBA’s monitoring of payment fraud. In an opinion published in April 2024, the authority assessed recent payment fraud trends and identified new types and patterns of payment fraud. The opinion therefore sets out several recommendations addressed to the EU institutions on how EU law could be further changed to mitigate them. The opinion therefore aims to further strengthen the forthcoming legislative framework under the Third Payment Services Directive (PSD3) and PSR, as these legal texts will enshrine anti-fraud requirements for several years to come and need to be as future-proof as possible.

Further in the area of payment fraud, the EBA and the ECB published a joint Report in August. The report assesses payment fraud reported by the industry across the European Economic Areas (EEA), confirms the beneficial impact of Strong Customer Authentication had on reducing payment fraud, but also found that fraud in the EU still amounted to EUR 4.3bn in 2022 and EUR 2.0bn in the first half of 2023.

Equivalence

As a core instrument to foster the EBA’s international relations, the EBA continued to engage with authorities and jurisdictions globally for assessments of equivalence.

Assessments of the equivalence of confidentiality and professional secrecy regimes of non-EU regulatory and supervisory bodies continued to support the operation of the supervisory college. In 2024, the EBA exchanged with the National Financial Regulatory Administration (NFRA) of China to confirm the equivalence of its professional secrecy and confidentiality regime, as established under its institutional predecessor. The EBA also began additional assessments on the equivalence of confidentiality and professional secrecy provisions in the context of anti-money laundering and digital operational resilience.

The EBA continued to assess the regulatory and supervisory provisions of non-EU countries with the EU framework by providing opinions to the Commission.

Finally, the EBA assessed regulatory and supervisory developments in non-EU jurisdictions which had been assessed as equivalent. The findings of this monitoring exercise are conveyed in a confidential report to the Commission, the Council of the EU and the European Parliament.

Supervisory convergence and independence

The EBA’s activities that contributed to strengthening supervisory convergence range from laying down guidelines and best practices, active participation in colleges of supervisors, and organising dedicated training, performing peer reviews and other EBA independent assessments aimed at evaluating the degree of convergence. One of the EBA’s key tasks is to promote convergence in supervisory practices to a high standard, to ensure that regulatory and supervisory rules are implemented equally across all Member States. Convergent supervisory practices are indeed fundamental to achieving consistent outcomes and a truly level playing field, which are the basis of the single market.

Some of the activities in relation to supervisory convergence have already been discussed under Sections Implementing the Basel framework in the EU and enhancing the Single Rulebook, Developing an oversight and supervisory capacity for DORA and MiCA, Increasing focus on innovation and consumers and Engaging with stakeholders.

Peer review

The aim of the EBA in conducting peer reviews is to further strengthen consistency in supervisory outcomes and to facilitate the identification of supervisory best practices across CAs. Peer reviews can cover, among others, regulations, procedures, enforcement powers and practices. Follow-up measures may be adopted in the form of guidelines and recommendations. Under the amended Article 30 of the EBA Founding Regulation, the EBA must conduct peer reviews of some or all of the activities of CAs in accordance with the two-year EBA work plan.

In continuation of the practice begun in 2023 of undertaking more peer reviews, the EBA carried out three peer reviews in 2024 plus one follow-up peer review (this practice follows a suggestion from the 2020 ESAs review). In addition, the EBA peer review work plan for 2023 to 2024 was designed to support the EBA’s priorities and address current risks. In 2024, the EBA carried out the following peer review reports:

• Peer review – Definition of default (DoD) application, published in July 2024;
• Peer review – Proportionality in the application of SREP, published in early January 2025;
• Peer review – Action plan on dividend arbitrage trading schemes (“Cum-Ex/Cum-Cum”), published in early February 2025.

In terms of follow-up reports, the EBA covered the following peer reviews:

• Follow-up report on the peer review on the supervision of the management of non-performing exposures, published in November 2024

The follow-up to the peer review report on ICT risk assessment under the SREP has been postponed to 2025 (for delivery in early 2026). Similarly, the follow-up on 2022 EBA Peer Review on the authorisation of PIs and EMIs under PSD2 has been rescheduled to 2025.

Engaging with stakeholders

In 2024, the EBA continued to maintain and build strong relationships with its external stakeholders. Over the past year, the EBA has engaged with a broad spectrum of external stakeholders from the public and private sector, including other EU institutions and agencies, CAs in EU Member States, international organisations and regulators and supervisors outside of the EU, as well as industry and non-profit organisations.

EU Institutions

As part of an EU agency’s accountability, the EBA Chairperson presented the EBA’s key achievements to the European Parliament Economic and Monetary Affairs Committee. The EBA also took part in the public exchange of views with Members of the European Parliament on the FRTB.

In addition, the EBA’s senior management has built and maintained relationships with the incoming leadership of the European Parliament following the European elections. Dialogue has also continued with the alternating Council of the EU Presidencies and with the Commission, and with the Directorate-General for Financial Stability, Financial Services and Capital Markets Union in particular.

Beyond this, the EBA strengthened its relationship with other EU institutions such as the ECB, ESRB and SRB. Moreover, the EBA and the ESM established stronger collaboration among senior management and on a technical level.

International cooperation

The EBA continued strengthening its international relationships with regulators and supervisors at institutional meetings and by engaging in bilateral cooperation with third countries. The EBA contributed to the work of the Basel Committee in an observer capacity to safeguard the international banking system and strengthen the global regulatory framework and supervision.

To step up dialogue and foster supervisory effectiveness across borders, the EBA teamed up with ECB to jointly host jointly the first international conference on supervisory convergence and cooperation of its kind. The event took place on 3–4 September 2024 at the ECB premises in Frankfurt. The in-person event welcomed over 150 senior officials over the two-day conference in a bid to explore the multiple dimensions of supervisory cooperation and the current challenges for which supervisory cooperation across borders and sectors is needed.

The joint ECB-EBA conference served as a platform to discuss various dimensions of supervisory cooperation. In particular, panellists and speakers traced back the long journey towards enhanced supervisory cooperation in the EU and internationally. Today’s more globally interconnected financial system offers new opportunities to improve supervisory processes, information and communication while additional challenges also emerge. The specific supervisory challenges to cooperation in light of digitalisation, the green transition and NBFI have also been discussed. Overall, transparency between supervisors and banks remains an essential element for maintaining trust and facilitating cooperation within the EU as well as at an international level.

The conference embodied the spirit of global supervisory cooperation by bringing together representatives from supervisory authorities, EU institutions, central banks, the financial services industry, and other relevant stakeholders both from within and beyond the EU, with representatives from as far afield as the US, India and Singapore.

Finally, the EBA also engaged in bilateral regulatory and supervisory cooperation with third countries.

Member States

Building on continuous cooperation with CAs, the EBA’s senior management also held dedicated country visits to European Member States to discuss regulatory and supervisory priorities with a wide array of stakeholders. In 2024, these events took place in Austria, Germany, Hungary, Ireland and the Netherlands.

Industry and non-profit organisations

The entire EBA staff continued their dialogue with the private sector by organising hearings, attending high-level conferences and meeting bilaterally and through speaking events with industry representatives, consumer associations, academics and students. The EBA publishes a comprehensive overview of staff meetings with external stakeholders, including organisation and participant names.

Furthermore, the EBA continued answering stakeholders’ questions about the Single Rulebook submitted via the Q&A tool. In 2024, 329 questions were submitted and 90 were answered.

Mapping deliverables by activity against the WP

This mapping of deliverables is based on the tables (Section 2) on the EBA 2024 WP with the main outputs for each activity and compares planned against actual outcomes.

Policy and convergence

* Outputs Updated Report on AT1, T2 and TLAC/MREL in June, updated CET1 list in December.

** Planning was adjusted and although work was launched in 2024, output expected to be provided in 2025 in accordance with the legal deadline for the CRR3 mandate.

***Update was not deemed necessary in 2024 and will be reconsidered in 2025.

**** Delivery of GL updated to 2026 in accordance with legal deadline for CRR3 mandate for Guidelines on the definition of ancillary service undertakings.

*****The findings informed work on mandate on the interplay between the output floor and Pillar 2 (Art 104a(7) CRD VI) where the EBA published an opinion in January 2025; this is to be reflected in the SREP GL which will be reviewed in 2025.

* Report on IRRBB heatmap implementation of short/medium term objectives prepared in 2024 and published in early 2025. This report provides an update on the heatmap published in January 2024 which had included been in the 2023 annual report.

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* Slightly late delivery compared to original planning.

** Detail of mandates specified under additional output.

*** Late delivery late compared to original planning due to adjusted planning.

**** Work deprioritised and on hold due to resources constraints. Mandate not subject to legal deadline.

***** Delivery of GL updated in accordance with legal deadline for CRR3 mandate.

****** Work deprioritised due to resources constraints and EC request to work on JC Report on securitisation framework under Art 44 SECR.

******* It was decided to deliver the full call for advice in a single package, which will be published in Q2/Q3 2025.

* Slightly late delivery compared to original planning.

** CP delivered in Q2. Delivery of final draft technical standards in accordance with legal deadline for CRR3 mandate.

*** Detail of mandates specified under additional output.

**** Mandate deliberately delayed, as a result of delay of FRTB implementation; CRR3 changes trading book boundary.

***** Discussion paper published in Q2 to seek industry involvement. Delivery of final response to call for advice now foreseen for Q2 2025.

****** Delivery of technical standards adjusted in accordance with legal deadline for CRR3 mandate. CPs delivered in 2024.

******* CP published in Q1 2024 but put on hold as a result of delay of FRTB implementation.

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* Slightly late delivery compared to original planning. NB: The assessment on the application of gender-neutral remuneration polices by banks for the CRD and IFD were provided in one report.

** GL delivered already in 2023.

*** Delivery of this report took place in Q1 2025 together with the report on remuneration benchmarking.

**** High earners data delivered in Q4 with 2023 data in the form of a dashboard. Remuneration benchmarking report provided in Q1 2025 together with report on gender pay gap.

*****JC Guidelines had not been listed in the published Work programme 2024.

****** Delivery of relevant mandates updated to follow deadlines.

******* Late delivery compared to original planning due to conflicting priorities with other mandates dealt with within the team of experts.

******** Delivery updated to after publication of the CP of the SREP GLs (foreseen for Q3 2025) as this review was part of the follow up actions of the peer review.

* Late delivery compared to original planning. Work not subject to legal deadline.

** From 2024 information delivered in the form of dashboard as part of EBA Risk dashboard.

*** Timeline reviewed due to resources constraints within the team of expertise.

* Joint ESAs products, slightly late delivery of outputs.

** Delivery of report in Q1 2025 to allow for broadened analysis.

*** Delivery 1 year ahead of the legal deadline (Q1 2026).

* Factsheet on DeFi Q2 2024; RAR special feature on AI/GPAI Q4 2024; Report on tokenised deposits Q4 2024; Report (joint EBA-ESMA) on recent developments in crypto-asset markets (DeFi, lending and staking) Q1 2025, accompanied by 2 factsheets.

* Delivery of mandates already reported in 2023 Annual report.

** The mandate to develop RTS to specify information on oversight conduct was split into two separate RTS.

*** Delivery late compared to original planning, but in accordance with the legal deadline of mandate.

* Mandate not listed in published Work programme 2024.

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* No specific output was provided at that stage; the assessment will lead to an update of EBA GL to be prepared in due course.

** Slightly late delivery compared to original planning due to data quality issues.

*** Slightly late delivery compared to original planning to accommodate the legal constraint that the Directive has not been fully brought into the EBA’s remit.

**** Planning updated to deliver follow-up in 2025.

***** Mandate received in Q2 2024 with zero-day deadline but delivered in 10 months.

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* Slightly delayed compared to original planning to accommodate EBA publication and governance schedules.

** Update of RTS necessary following extension of mandate in the FTR.

Risk assessment and data

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* Slightly late delivery compared to original planning.

** CP was delivered in early Q3. Work late compared to planning due to broader scope and resources constraints.

*** Mandates not listed in the published Work programme 2024. Slightly late delivery compared to original planning albeit in accordance with legal deadlines.

**** Delivery now foreseen for Q2 2025.

***** Products will be revised in light of simplification discussions which affects delivery, although legal deadlines are not affected. Current planning aims for Q2 and Q3 of 2025 respectively.

****** Mandate not listed in the published Work programme 2024. Delivery under reconsideration in light of simplification discussions.

* From 2024 delivery of mandate as part of spring edition Risk assessment report (RAR).

** From 2024 Risk assessment report (RAR) is delivered in two editions.

* Delivery updated in accordance with legal deadline. CP was published in Q1 2025.

** Delivery is now foreseen for Q3 2025.

* Slightly late delivery (in early Q4) compared to original planning.

** NSFR report delivered together with LCR report.

*** Call for advice yet to be received. Planned delivery updated to be updated.

+ Tasks marked with a + were possible candidates to be postponed, cancelled or undertaken with less intensive resource input.

* The findings of the fit-for-55 exercise were published in Q4.

** This activity will give rise to an output in 2025.

*** ESG Dashboard first published in Q1 2025.

**** A summary report of the ESAs dry-run exercise was published in Q4.

Coordination and support

* Delivery in one document published in two stages.

* Slightly late delivery of peer review report.

** Late delivery of peer review reports due to issues with data and responses.

***Planning updated to deliver in accordance with legal deadline.

**** Delivery updated to after publication of the CP of the SREP GLs (foreseen for Q3 2025) as this review was part of the follow up actions of the peer review.

Key priorities for 2025