Chair’s introduction

JOSÉ MANUEL CAMPA

Another challenging year reinforced the urgency to act collectively in a more decisive and timely manner. In 2022, we operated in a rather challenging and uncertain environment with many disruptive factors to grapple with. First and foremost, we were confronted with the Russian invasion of Ukraine, which not only fuelled unprecedented humanitarian needs around the globe, but it was also a major blow to the global economy, hurting growth and raising prices. We also had to deal with the lingering effects of the Covid-19 pandemic, the inflationary pressures and increasing supply chain concerns, the interest rate volatility, and the fallout from Brexit. The war also rekindled and even galvanised the debate on several long-standing European Union (EU) initiatives, including the EU climate strategy, and the digital finance strategy, and reinforced the collective urgency to act more decisively and more quickly. We cannot afford to wait until it is too late.

The Russian war against Ukraine has dented the economic recovery and heightened uncertainty. Besides the heavy human toll and subsequent humanitarian crisis, the ongoing war in Ukraine had and is still having significant economic knock-on effects throughout Europe ranging from direct costs from sanctions and trade disruptions, rising inflation due to higher energy and commodity prices. In addition, the mounting uncertainty about the end of the war and its aftermath has deteriorated consumers and investors’ confidence. As I write this foreword, we are witnessing the effects of such a confidence crisis rippling throughout the global financial system. The recent bank failures in the US and in Switzerland indeed unfolded at times of heightened uncertainty, geopolitical risks and major societal transformation in response to the energy crisis and climate change.

More attention is needed to measure, monitor and actively manage interest rate risk, in the new high interest rate environment. While a low-interest-rate environment dominated the last decade, we are now confronted with a gradual increase in rates, which has impacted valuation of financial assets and expectations of potential deterioration of credit quality and made bank deposits more sensitive and susceptible to be moved at short notice. Inflation in the euro area has reached heights not witnessed since the 1970s and it is important to remember how it directly affects banks’ balance sheets through multiple channels. It is crucial that all banks, regardless of their size or complexity, properly manage this new environment. From our side, we already published technical standards on the management of interest rate risk in the banking book and increased our scrutiny of the way banks are managing such risk by launching a quantitative impact study late last year. We will also be publishing the results of our 2023 EU-wide stress test at the end of July. Given the rather uncertain economic environment, this exercise will be crucial to assess the robustness of the EU banking sector.

A full, faithful, and timely implementation of the Basel 3 framework is crucial to ensure resilience in the banking sector. A faithful and timely implementation of the EU banking package matters now more than ever. In the past few days, as I already recalled, we have been reminded that strong rules lead to strong banks, and strong banks are better able to serve firms, citizens and the economy at large. More than a decade of regulatory work has put us in a better position, with EU banks holding more and better capital and liquidity positions. The regulatory framework and the Single Rulebook we have developed so far has provided a consistent and robust regulatory framework across EU Member States and added a layer of resilience to the banking sector. That is precisely why I have been, and I am, particularly vocal on the need to speed up a full and faithful implementation of the internationally agreed Basel standards to all banks operating in the EU to further ensures resilience of the financial sector. However, for a successful implementation of these rules, given the interconnectedness of the global financial system, it is crucial that we achieve an international level-playing field through better convergence and transparency of this implementation in all other jurisdictions.

A positive attitude towards the application of innovative technologies is needed but institutions should innovate in a responsible manner, carefully weighing the inherent risks and opportunities. Another important area where we have initiated significant work is related to the digital transformation of the EU banking and payments sector. Here I firmly believe that financial institutions should have a culture that encourages a positive attitude towards the application of innovative technologies, but they should also foresee all possible safeguards to mitigate any associated risk. And for that, I see a crucial need for balanced regulation to facilitate the use of technologies that show a positive impact, whether based on process efficiency, risk management, consumer choice and experience when accessing financial services. Much of our focus this year will be on activities related to the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets (MiCA) Regulation. With the DORA-related activities, we aim at making sure that the financial sector in the EU is able to stay resilient through a severe operational disruption. With the MiCA-related activities, we aim at protecting investors and preserving financial stability, while allowing innovation and fostering the attractiveness of the crypto-asset sector. Finally, I would like to mention our important contribution to the future regulation of the European payments industry with the review of the Payment Services Directive (PSD3). I think this review will be a great opportunity to ensure further harmonisation on the payments market and avoid regulatory arbitrage and unlevel playing field.

Our key objective is to contribute to developing a sound regulatory and supervisory framework to support the transition towards a more sustainable economy, while ensuring that the banking sector remains resilient. Financial institutions and capital markets are seen as an important facilitator of the change needed to tackle climate change and encourage sustainability in all its aspects. Banks and other financial institutions have a key role to play in facilitating the transition to a greener and more sustainable economy, while managing financial risks stemming from environmental, social and governance (ESG) factors. We have been actively supporting the integration of ESG aspects in the EU banking sector, with a focus on risks, and the broader objective of contributing to the stability, resilience and orderly functioning of the financial system. ESG is indeed one of our priorities, and ESG aspects will be increasingly embedded across our products and activities. At the end of last year, we published our roadmap outlining the objectives and timeline for delivering our mandates and tasks in this area. There are many ongoing projects on how to best incorporate ESG risks in the regulatory framework focusing on five key areas, such as risk management, disclosures, supervisory practices, climate stress testing and possible adjustments to the prudential framework, as well as work to avoid greenwashing. Moreover, we are also pushing our agenda to develop not only the environmental component of ESG, but also its social and governance aspects, which are key to a sustainable future.

Executive Director’s interview

2022 was another challenging year for the European Banking Authority (EBA) and for the global economy, more generally. Can you tell us how you managed to deliver on your priorities?

2022 was indeed another intense year. Global challenges have forced us to adjust our core activities while we were already evolving our way of working to create a more sustainable, efficient, and innovative environment. Around this time last year, when we were just recovering from the COVID-induced economic crisis, like everybody else, we were taken aback by the war in Ukraine. It is still raging on and takes a very heavy humanitarian and financial toll across Europe and globally. The economic outlook remains fragile, downside risks predominate, and high uncertainty lingers.

Despite the unexpected circumstances, we managed to execute 95% of the tasks in our 2022 work programme, which is quite an achievement! The motivation, commitment and agility of our staff, the more efficient and streamlined business and operational processes we have put in place in recent years, the new internal mobility policy, are among the key drivers of our ability to deliver to the highest standard on both our planned and unforeseen activities. The latter made up a good 14% of our work.

FRANÇOIS-LOUIS MICHAUD

Let me just single out the progress made in 2022 on one of our key priorities: making the most of banking and financial data. Data plays a crucial role in our activities. We need it to produce an evidence-based rulebook, to perform impact assessments and risk analyses, and to develop a harmonised and proportionate supervisory reporting system for banks and other financial entities. Since our creation, we have been using and receiving a wealth of data, and we came to realise that we needed not only to continue doing this in the most efficient manner, but that we also had a responsibility for making these data available as much as possible to our stakeholders. In order to be a trusted source of data and analytics services – a data hub – we were very busy in 2022 rolling out the multi-year comprehensive data strategy adopted in 2021. This will allow us not only to achieve our mandates more effectively, to enhance our capability to monitor the status of the financial system. It will also facilitate the sharing and use of banking and financial data with and for the entire community. Last year, we expanded the scope of our unique European Centralised Infrastructure for Supervisory Data (EUCLID) platform to investment firms. I am pleased to note that our work in this area is a key building block in the Commission’s data strategy for the whole financial sector and will lead to further synergies and increased consistency benefitting institutions, authorities, and financial entities.

Sustainability has always been at the heart of your actions and work. Can you tell us how you have been contributing to that objective and how the organisation is changing in that respect?

Our commitment to sustainability is indeed at the heart of what we do. Our ESG goals and policies span from our core work to our everyday operations. Supporting the transition to a more resilient and sustainable European banking sector is a key objective for the entire EBA. The banking sector should also play an important role, as a catalyst, in this transition. To that end, the authority has raised its game in this area. It is investigating ESG risks, informing risk assessment and policy making, participating in international discussions on this agenda, and ultimately incorporating such risks into the Rulebook from various angles, including risk management, supervision, and reporting. At the end of last year, we published a comprehensive roadmap outlining the objectives and timeline for delivering our ESG mandates and tasks for the years to come. ESG considerations are now systematically embedded in our products and activities, and we believe we have started providing a significant contribution in this area.

On the organisation front, 2022 has been a breakthrough year for the establishment of our Eco-Management and Audit Scheme (EMAS). We achieved the environmental objectives and targets that we had committed to in our single programming document for 2022. The effectiveness of our EMAS was checked and complimented by independent external auditors, who concluded that environmental matters and concerns are fully taken into account by the EBA at its premises management, in its activities, including its missions. Throughout the year, we have communicated a lot internally to raise awareness within staff and stakeholders. In March 2022, exactly two years since the beginning of EMAS implementation, an internal survey showed that EBA staff does value the management of environmental aspects in our organisation and is very motivated to improve our environmental performance further. This is very encouraging.

Another area where I am particularly happy with the progress made is gender equality. This is also critical to sustainability. Since I started my mandate, with a small internal team, we have been discreetly but consistently very active fostering equal chances for men and women in our organisation as well as through our policy and convergence work for the banking and financial sector. As I often mention, it is indeed the responsibility of a public sector organisation to represent the society it is embedded in. Our systematic and ambitious action over the past two years has allowed us to ensure that gender equality is observed in all our processes. Our workforce is equally distributed between men and women at all levels of the organisation, and we could also swiftly rebalance the situation in our management team. Change is possible in this regard, and one does not have to force the distribution as there is talent. More broadly, we are committed to creating equal opportunities for all staff members. In all this, we work closely with other European agencies to raise awareness, share good practices, and create a positive environment.

Technological innovations are changing the way we live and work. Can you tell us about the innovation projects at the EBA as well as the new ways of working within your organisation?

Staying at the forefront of technological innovation is essential. In particular, new information and communications technologies (ICT) allow us to remain faithful to the inspiration that led to the creation of the European supervisory authorities (ESAs) – that is, we aim to have maximum impact in everything we do, in a most cost-efficient manner.

In 2022, we were massively engaged in further rolling out and enriching our collaboration tools and techniques. This has already significantly transformed our organisation, and we will continue innovating. Our staff can now work seamlessly from anywhere, at any time, using any type of device, in a paper-less mode. It has transformed the way we communicate and collaborate both internally and with our external stakeholders, making us more efficient and effective. We also embarked on a project to evolve our workspaces in the wake of our move to hybrid work last year: it should fully support those tasks that colleagues and teams will need or chose to do at the premises.

Another key objective is our cloudification program. It is expected to be finalised in 2023 and will enable us to take full advantage of the scalability, agility, security, and cost-effectiveness of cloud-based technologies. I am confident that this move will help us deliver better services, while also reducing our environmental footprint.

One word on security and data protection. In 2022 we have also continued raising our setup to the highest standards, including multi-factor authentication, data encryption, and customized access controls to ensure that only authorised users can access sensitive information.

What are the operational priorities for the years to come?

We are very fortunate to have a solid list of new frontiers to reach. Life is never boring at the EBA. We will of course continue our work in the traditional areas of prudential regulation, to bring it to the next level, both from a content and from a format perspective. The banking package will in this regard mobilise our policy teams, as will the ESG roadmap. Risk identification tools and techniques, especially in the area of stress-testing will also remain front and centre, not only for the “traditional” EBA stress-test, which we expect to refine further, but also expanding to the area of climate.

On top of this, we are now working at full steam preparing for the application of DORA in 2025, and MiCA, which we also expect to be applicable over the same horizon. This means not only developing a brand new chapter of our Single Rulebook, but also setting oversight and supervisory functions at the EBA, in close liaison with a number of other European and national authorities. This is a new and fascinating task. At the same time, we will be helping our European partners to set up a fully integrated anti-money laundering (AML) authority in the EU, drawing on EBA’s recent experience. This is also very exciting.

Current economic conditions also mean that banks and financial entities will keep navigating difficult waters in 2023 and beyond. With our members, we are of course fully mobilised to monitor the situation, inform policy discussions, and prepare any necessary responses.

The new organisation put in place in 2021 has already served us very well, and together with our ICT modernisation, will continue to help us address all these challenges. We are fortunate at the EBA to have a very talented and motivated team, and we will keep up our efforts to best support and develop them!

2022 key figures

General context

As the world began to recover from the COVID-19 health and economic crisis in the start of 2022, the Russian aggression against Ukraine presented yet another significant humanitarian and financial challenge for Europe and the rest of the world.

The invasion of Ukraine led the EBA to consider challenges and uncertainties arising from that conflict for areas within the EBA’s remit and to address these within the above priorities. This heightened the focus on assessing the risks that derive for banks and the financial sector. Here focus was on the likely adverse financial consequences of the Covid pandemic and the Russian war against Ukraine in the form of higher interest rates due to inflationary pressures and heightened uncertainty due to higher energy prices. The conflict also led the EBA to help with the enforcement of sanctions imposed on Russia but also to help people directly affected by the conflict by providing guidance on how to best facilitate their access to the financial system.

Notwithstanding the challenges presented by geopolitical and economic events during 2022, the EBA continued to adapt its operations and processes to establish a more effective and sustainable workplace.

During 2022 the EBA continued its efforts to strengthen the prudential framework including with respect to supervision and resolution, enhancing the EU-wide stress test, leveraging its platform for banking and financial data (EUCLID), deepening analysis and information-sharing on digital resilience, financial innovation, anti-money laundering and terrorism financing.

The EBA has shown resilience and adaptability not only by adjusting its workload and priorities but also by aligning its organisation with the upcoming challenges to be faced by the EU financial sector - in particular with regards to sustainable finance and financial innovation. New mandates from the Digital Operational Resilience Act (DORA), Markets in Crypto-Assets Regulation (MiCA) and the implementation of the ESG roadmap published by the EBA in December 2022 illustrate the broadened scope of the EBA’s activities as they align with an ever-changing financial sector.

List of figures

Abbreviations

ACHIEVEMENTS IN 2022

Evaluating the robustness of EU banks

Analysing risks and vulnerabilities

One of the key EBA mandates is assessing risks and vulnerabilities in the EU banking sector to ensure the stability, transparency and orderly functioning of the sector.

A vast amount of information needs to be monitored and examined on a regular basis, as the EBA evaluates potential risks arising from EU banking activities. In doing this, the EBA examines quantitative and qualitative information, including supervisory data reported by banks and closely monitors market developments, such as banks’ debt issuances, their equity offerings, pricing and growth of loans and deposits and credit standards.

Several aspects are considered when evaluating banks’ resilience. These include the assessment of banks’ robustness in terms of solvency, liquidity and funding, credit risk, profitability, as well as the viability of banks’ business models. Other risks are also significant. These include market and interest-rate risks, operational risks, as well as ESG considerations. The EBA’s assessment of risks and vulnerabilities in the EU banking sector is discussed regularly at the EBA’s Board of Supervisors.

In 2022 EU banks maintained high capital ratios and average CET1 stood at 15.3%

The annual risk assessment report, which was published in December 2022, brought together these discussions, the analyses performed and the overall assessment of the EU banking sector.

Despite the difficult macroeconomic environment and the challenging conditions during 2022, EU banks maintained high capital ratios while re-starting the distribution of dividends and running share buyback programmes. EU banks reported an average fully loaded Common Equity Tier 1 (CET1) ratio of 15.3% in December 2022, slightly lower than a year earlier (15.8% in December 2021). The capital headroom above regulatory requirements (i.e. overall capital requirements and Pillar 2 Guidance) was almost 500 basis points. The average leverage ratio for EU banks is comfortably above the minimum regulatory requirement (5.5% in December 2022).

In the last few years, European banks have increased their available liquidity to historically high levels. European banks have reported strong liquidity positions above regulatory minimums. Even banks at the lowest end of the distribution have maintained ratios above regulatory requirements, with the lowest quartile at 158% for the liquidity coverage ratio (LCR) and 123% for the net stable funding ratio (NSFR) in December 2022. Yet, this should not lead to complacency. Some banks have recently seen large withdrawals due to a lack of confidence.

Central banks have tightened their monetary policies at an unprecedented level in response to the rising and persistent inflation across Europe. This has resulted in an increase in banks’ funding costs, albeit from a very low historical base. As monetary tightening policies are deployed, banks will also need to repay substantial amounts of central bank loans by 2024. At the same time, banks also need to meet minimum requirements for own funds and eligible liabilities (MREL). This can increase banks’ funding costs. Banks may be able to rely on existing liquidity buffers – including central bank deposits – to pay back central bank loans. Some banks however may need to issue additional debt or attract new deposits, while volatile markets may continue to challenge banks’ ability to obtain market funding.

 

Banks’ funding plans reveal intention to increase market-based funding

To further analyse funding and liquidity risks, the EBA publishes a Funding Plans Report annually. In 2022, 159 banks submitted their funding plans for a forecast period from 2022 to 2024. The report highlighted strong deposit growth and an increase in public sector sources of funding in 2021. Banks’ funding plans revealed intentions to increase market-based funding over the forecast period, while the gap between planned debt issuances and maturing targeted longer-term refinancing operations (TLTRO) in the coming two years remains significant. The report also estimated that the shift in economic and monetary developments will reduce banks’ liquidity coverage ratios (LCRs) and net stable funding ratios (NSFR) going forward.

In 2022 asset encumbrance ratio decreased to 25.8 %

In addition to the Funding Plans Report, the EBA published the asset encumbrance report, which also looks into liquidity risks. The report shows that banks continued to make extensive use of central bank funding in 2021. As a result, the overall encumbrance ratio rose by 2.2 percentage points in 2021 to 29.1%. More than 50% of their central bank eligible assets and collateral were encumbered. Increasing encumbrance ratios might lead to adverse feedback loops of higher encumbrance and higher funding costs.

The increasing encumbrance levels reported since the outset of the pandemic have now reversed to their pre-pandemic average levels. According to data at the end of 2022, the asset encumbrance ratio decreased during 2022 to 25.8%. The trend reversal is attributed to the decrease in encumbered assets and collateral received by 7.3% or EUR 640 billion. At the same time total assets and collateral received increased by 4.6% or EUR 1.4 trillion.

Key risks identified in 2022 risk dashboards

In addition to the solvency and liquidity risks, the quarterly EBA Risk Dashboard also reports trends in asset developments and quality. Overall, EU banks expanded their loan exposures during 2022, but with some differences among segments. While loans to non-financial corporates increased by almost 8% (driven mainly by large corporates), loans to households increased by almost 4% (driven mainly by mortgage loans). In addition, most of the increase took place during the first half of the year. Increasing interest rates, the persistence of inflationary pressures and heightened uncertainty due to the energy crisis during the second half of the year not only limited borrowers’ demand for loans, but resulted in banks significantly tightening their credit standards. This requires monitoring due to the role of banks as lenders in the economy.

Part of the increase in loans to non-financial corporations (NFCs) was due to the increase in banks’ exposures to the energy sector. The increased price volatility of oil and gas markets created unprecedented liquidity needs for energy-related firms in autumn 2022. Banks have been actively engaging with energy companies to provide a wide range of services to manage volatility in derivative energy markets. As a result, banks have substantially increased their overall exposures to the sector, both in terms of loans as well as derivatives. These exposures are concentrated in a small number of banks (please see interview box on this).

The asset quality of EU banks improved in 2022, yet credit risk needs to be closely monitored. The non-performing loan (NPL) ratio continued on a downward trend and its dispersion across banks tightened significantly. Although new NPL inflows remained significant, overall, banks managed to decrease NPL exposures as a solution and outright sales of NPLs (or securitisations) played a significant role. During 2022, the share of stage 2 loans stood at its highest level since implementation as banks recognised an increasing volume of loans in this stage. Banks also substantially increased provisions for performing loans. Nonetheless, the overall cost of risk has fallen below pre-pandemic lows presumably because of current substantial NPL outflows and the release or the reallocation of unused COVID-19 provisioning overlays.

The worsening macroeconomic environment due to the increase in inflation rates, the abrupt increase in interest rates, the consequences of the Russian invasion of Ukraine such as the energy crisis and the heightened geopolitical uncertainty, have amplified downside risks for economic growth and exposed vulnerabilities in several portfolios.

This mix of developments primarily affects vulnerable households that need to allocate an increasing share of their budgets to food, energy and debt repayments. Against this backdrop, debt servicing capacity, especially for highly indebted households and non-financial corporates, could be impaired. In the aftermath of the pandemic, non-financial corporates were the main driver behind the increase in the share of stage 2 loans. However, this changed in the second half of 2022, when banks started increasing the allocation of household loans (both mortgages and consumer credit) in stage 2. In addition, EU banks reported a marginal increase in the volumes of NPLs for consumer credit. These exposures are particularly sensitive to economic growth and especially unemployment rates and they are usually the first to react in economic downturns.

Bank exposures to SMEs remained significant in the current macroeconomic environment. SMEs have not only been challenged by rising interest payments, but also by higher energy costs. The access to capital markets has also been difficult for larger companies which have in response sought funding from banks. This raises the risk of crowding out SMEs as banks tighten their credit standards and limit the expansion of their balance sheets.

The abrupt increase in borrowing costs has also affected real estate markets. EU banks are highly exposed to residential real estate, with EU banks reporting more than EUR 4.2 trillion outstanding loans as of December 2022. The abrupt increase in borrowing costs has also affected real estate markets. EU banks are highly exposed in residential real estate, with EU banks reporting more than EUR 4.2 trillion outstanding loans as of December 2022. This is their biggest portfolio which makes up around 25% of total loans to households and NFCs. To explore the risks of the EU banking sector to residential real estate exposures, the EBA published a thematic note in October 2022. The note identifies that during the pandemic and its aftermath, the demand for housing accelerated rapidly, also propelled by historically low interest rates and the liquidity accumulated during the pandemic, which helped borrowers to meet down payments for mortgage loans. Although exposures to mortgage loans increased rapidly in the post-pandemic period, rising interest rates, heightened uncertainty and the slowdown in economic growth curbed the demand for loans. At the same time, banks started tightening their credit standards. As a result, the growth in outstanding mortgage loans halted during the second half of 2022, while there have already been some indications that house prices began to correct themselves in some areas of the EU. This could impair consumer confidence and their overall expenditure, dampening economic activity further. Although an increasing share of mortgage borrowers have a fixed-rate loan – at least for a predefined period of their loan – those with variable rates will be challenged by higher interest-rate payments. In this regard, their repayment capacity may be impaired, given also the unprecedented inflationary pressures in the cost of living. As a result, banks may be challenged not only with increasing default rates, but as housing prices correct, the collateral valuation is lowered. To some extent banks have taken precautionary measures against such a downturn, as loan-to-value ratios are lower compared to previous years (partly due to rising valuations). This was also a result of stricter credit standards, partly due to guidelines on loan origination and partly because of macroprudential borrower-based measures applied in various jurisdictions.

Another area of concern has been commercial real estate exposures. Although EU banks’ exposure to this segment is smaller (around EUR 1.4 trillion as of December 2022), it has grown significantly during 2022 (around 9% YoY growth in outstanding volumes). This sector displays procyclical behaviour and has therefore concentrated significant investment in previous years, benefiting from the low-rate environment. The pandemic particularly impacted the sector. In fact, it was one of the segments that made extensive use of COVID-19-related support measures, such as moratoria on loan repayments. Pockets of risks could be exacerbated for the segment as higher interest rates add pressure to these corporates while they tackle rising energy costs and subdued demand due to the post-pandemic impact of lower office demand. Commercial real estate exposures have one of the highest NPL ratios (3.7% at end 2022), as banks still struggle to clean up legacy assets from previous crises. This could deteriorate because of the rise in construction and financing costs and lower demand due to changes in work practices with the increase in working from home.

Banks have raised their provisions against future credit losses due to an increasing credit risk. Thus, the cost of risks has marginally increased during the second half of 2022. However, it remains lower than pandemic levels (43 basis points as of December 2022). The strong profitability tailwinds due to strong lending growth of previous years and higher net interest margins (NIM) helped increase banks’ return on equity (RoE) year on year (YoY) and absorb the increase in provisioning needs. Banks reported the highest level of RoE during 2022 for many years. In December 2022, EU banks’ RoE was reported at 8% (7.3% in December 2021). This creates a first line of defence against rising risks for EU banks. The expected macroeconomic deterioration will likely result in slower lending growth and rising impairments, and higher inflation may increase operating costs. Lower GDP growth and rising rates could also result in lower fee income from asset management and payment services. Finally, banks that are more reliant on wholesale funding may face more rapid increases in funding costs.

As the recent banking crisis has proved, other sources of risks cannot be overlooked. The EBA has been monitoring these either through supervisory data, where available, as well as using qualitative surveys such as the Risk Assessment Questionnaire (RAQ), which surveys banks and bank sector analysts twice per year on a variety of risks, not only in risks such as business model viability, profitability, asset quality and funding risks but also it includes conduct risk, ESG considerations, Fintech and questions for anti-money laundering.

Operational risk has become increasingly relevant in the past years. With the pandemic, digitalisation and the use of ICT by banks and their customers further accelerated and became indispensable. Digital transformation continued unabatedly even after many containment measures related to the pandemic were relaxed. In response to ICT risk, the incoming DORA aims to provide a framework for the mitigation of ICT risks and to enhance operational resilience of financial entities across sectors. According to the Autumn 2022 RAQ, a large majority of retail banking and corporate banking customers are now primarily using digital channels for their daily banking activities.

Reliance of banks on digital and remote solutions to perform their daily operations, to deliver their services to customers, and to conduct business has resulted in an enhanced exposure and vulnerability to increasingly sophisticated cyber-attacks and to fraud. Scope and relevance of operational risk further broadened along with technological advances and underlines the importance of ensuring operational resilience.

Moreover, banks are facing increased operational challenges since geopolitical tensions are playing an increasing role in the technological and digital space, with impacts felt across geographies. The Russian war of aggression against Ukraine has led to further heightened cyber risks, including threats to information security and business continuity.

Exposure to reputational and operational challenges, including business conduct and organisational change, for example, have neither diminished with the pandemic. To RAQ respondents, conduct and legal risk is the second most relevant driver of operational risk. The Russian war of aggression and sanctions implemented at an EU and global level in response may give rise to further legal and / or reputational risks. Against this backdrop, an enhanced monitoring of sanctions compliance by banks and supervisors is essential.

EBA stress test activities

Preparing for the 2023 EU-wide stress test

Given the uncertain macroeconomic environment and rising probability of risks materialising for the EU banking sector, the need for stress testing the solvency of banks is even more important. The EU-wide stress test is part of the supervisory toolkit used by CAs to assess the resilience of EU banks to severe shocks, identify residual areas of uncertainties, as well as feed into the supervisory decision-making process to determine appropriate mitigation actions. The stress test also allows CAs to assess if the capital banks have accumulated in recent years, is sufficient to cover losses and support the economy in stressed times. Moreover, the exercise fosters market discipline through the publication of consistent and granular data on a bank-by-bank level, as it shows how balance sheets are affected by common shocks.

The stress-test exercise requires a substantial amount of preparatory work which concluded during 2022 with the publication of the stress-test methodology and templates. Part of the preparatory work consisted of a discussion with the industry (including a workshop and public consultation) where stakeholders were able to discuss their questions on the exercise. By leveraging the discussion with the industry, the methodology was published in November and templates were published in mid-December 2022, allowing time for banks to familiarise themselves with templates and the methodology.

Along with the enhanced sample of banks included in this year’s exercise (70 vs 50 in the previous stress-test exercise), the methodology has also undergone some significant enhancements compared to the one used for past stress-test exercises. These enhancements include the incorporation of lessons learnt from the previous exercise, introducing top-down items for net fee and commission income (NFCI), more detailed sectoral analysis, and an increased sample with larger coverage. The changes are part of the medium-term plan of revising the stress-test framework. The EU-wide stress test remains a predominantly bottom-up exercise with a gradual implementation of top-down items.

COVID-19, the war in Ukraine and subsequent consequences created the need for a more targeted sectoral analysis. As part of the more detailed sectoral analysis for credit risk, for the first time, banks will have to provide a breakdown of their exposures to firms and the related impairment by sector of economic activity. The main purpose of the breakdown by sector is to ensure that the results of the stress test reflect banks’ exposures to different sectors, thereby increasing the credibility and realism of the exercise. Furthermore, the reference rate pass-through on sight deposits from households and non-financial corporations (NFCs) has been recalibrated to increase the realism of the exercise.

Further developing and implementing top-down stress-test capacity

Following the EBA decision to move to a hybrid framework in a step-by-step approach, the EBA worked together with the European Central Bank (ECB) and the CAs to design the top-down models. In 2022 the focus was on reviewing and validating existing top-down models for projecting the net interest income (NII) and NFCI in the stress test. It was decided to postpone the implementation of the NII top-down model, while the NFCI model was deemed ready for implementation in the 2023 EU-wide stress test.

The initial NFCI model was developed by the ECB and has been validated by the EBA and National Competent Authorities to ensure its suitability for the purposes of the EU-wide stress test. To reduce model risk, the raw model projections are subject to a model overlay. The overlay takes the form of a “corridor” with a maximum and minimum permissible decrease of cumulative NFCI (cap and floor).

Using this type of model applies a different philosophy for completing the stress-test submissions. During previous stress tests, banks had to use their internal models to project the NFCI amounts over the 3-year horizon for both the baseline and the adverse macroeconomic scenarios subject to some methodological constraints. The 2023 methodology departs from this approach as the NFCI top-down model is used to communicate projections to participating banks.

Introducing top-down items for the projections of NFCI is part of the EBA work on the future changes to the EU-wide stress test. This methodological change aims to reduce banks’ reporting and computational burden during the exercise, minimising the quality assurance for this area and ensuring a level playing field across banks.

The EBA will continue working to improve the current framework and maximise the information value of the results. In addition, and considering the experience gained during the 2023 EU-wide stress test on top-down models (i.e. NFCI), the EBA will further investigate the role of top-down aspects in the EU-wide stress test. More efforts should be made to implement additional aspects for future stress tests and further expand the top-down approach to some other risk areas, such as NII or credit risk.

Work on climate risk stress-testing

Climate risk stress testing is one of the EBA’s top priorities and the EBA is planning to address the new mandates from the Renewed Sustainable Finance Strategy of the EC in the short term. The mandates include running a regular climate change stress-test exercise and developing guidelines for banks and supervisors to assess the impact of ESG risks under adverse conditions. Furthermore, the ESAs, with the support of the ECB and the European Systemic Risk Board (ESRB), have been invited by the European Commission to cooperate on a one-off system-wide climate risk stress test to assess the resilience of the financial sector in line with the Commission’s Fit-for-55 package.

In 2022, the EBA discussed the strategy on climate risk stress testing with the EBA Board of Supervisors. One of the conclusions was to separate, at least in the short term, the climate risk stress test from the EU-wide stress test and perform the climate stress test in a pragmatic way, relying as much as possible on existing synergies.

Furthermore, in 2022 the EBA started internal work on the mandates for the one-off exercise and coordinated with the ESAs, the ECB, the ESRB and the EC on the precise planning of the necessary tasks to perform the exercise. This exercise will require close coordination among all parties.

Moreover, in 2022 the EBA worked on the preparation of a workshop on climate risk stress test to discuss possible practical solutions for adapting or changing the current stress-testing framework to accurately assess the effects of climate-related risks on the banking sector. The insights from the workshop will be key inputs for shaping the EBA regular climate risk stress-test framework in the 2023.

Finally, the EBA is planning to review its Guidelines on institutional stress testing to provide guidance for institutions on how to test their resilience to climate change and the long-term negative impacts of ESG factors. This work will be carried out in accordance with the mandate proposed by the EC in its revision of the Capital Requirements Directive (CRD), draft Article 87a(5)(d). Nevertheless, the timeline for the publication of the consultation paper and final guidelines will depend on the outcome of the legislative process.

The EBA’s response to the Russian invasion of Ukraine

The Russian invasion of Ukraine has taken a heavy toll on the Ukrainian state, society and economy. Following the restrictive measures against Russia and rising energy prices and inflation, the conflict has transformed the macroeconomic landscape creating several challenges for European citizens, the economy and the financial sector. In this context, the EBA has rapidly assessed the potential implications for the banking sector by evaluating the readiness of the regulatory framework to deal with the specific features of the conflict and the relevant disruptions visible in the markets and by deploying the tools available to ensure a coordinated response among prudential supervisors.

 

Volatility in energy derivatives market

Achilleas Nicolaou
Bank sector analyst

Andrea Romero
Policy expert

On 13 September, the European Commission sent two letters to the EBA and the European Securities and Markets Authority (ESMA) on possible responses to excessive volatility in energy derivatives markets and unprecedented increasing level of margin requests.

Q1: What triggered the Commission request for an urgent response?

Achilleas: The Russian invasion of Ukraine (please see 1.1 on impact of Russian war on EU banks) prompted a significant increase in all major commodity prices, which skyrocketed for EU energy prices. The use of energy derivatives is essential for energy companies when planning their operations. Trading in EU energy derivatives, normally conducted on regulated markets and centrally cleared, involves the posting of margin (highly liquid collateral) as a performance guarantee. Margin calls at CCPs have risen in line with the sharp rise in energy prices and energy companies needed access to collateral to meet these calls, resulting in fast-growing liquidity problems. Some Member States quickly reacted providing public guarantees to energy firms, while also calling for amendments to the requirements for margin calls to ease stress situation for the energy sector.

Q2: What did the Commission request the EBA to focus on?

Andrea: The Commission asked the EBA to reflect on the role played by banks, assessing their provision of collateral transformation services, whether the provision of guarantees to be posted as collateral by non-financial counterparties could be facilitated and whether other measures would be possible to minimise the liquidity challenges faced by energy companies. In addition, the EBA was asked to cooperate on ESMA’s work on temporary amendments to Commission Delegated Regulation (EU) No 153/2013, to facilitate the provision of collateral by energy firms.

Q3: What was the role played by banks until that point?

Achilleas: Banks have always played a key role for energy firms, not only providing to them clearing services for derivative products, but they also extent short-term credit supporting energy firms to meet their collateral obligations.

Credit towards energy firms has been on the rise since the early signs of the energy crisis. Banks have always been providing significant support to energy firms by facilitating the posting of collateral towards CCPs, including by means of collateral transformation services. During the spike in energy prices, higher usage of existing credit lines was offered to banks’ clients, as well as an expansion of various forms of collateral transformation. Although support from banks to energy firms was growing to meet demand for credit, we saw that as only a handful of banks are active in these markets, their internal risk limits started to constrain banks’ capacity to further support energy firms to their needs.

Q4: Which elements have been considered to bolster banks’ capacity to assist energy firms?

Andrea: Let me start by saying that the increase in the level and volatility of energy prices was driven by the significant disruptions to the EU energy supply markets, therefore reflecting a significant increase in real economic risk. The prudential framework is exactly in place to protect banks from excessive risk undertaking and in turn the overall financial stability, including from possible spill-over effects from the energy to the banking sector. Therefore, its soundness and risk-sensitiveness should not be eroded, also considering that most of the binding constraints for banks to further assist energy firms arose from existing internal risk management limits.

However, the EBA flagged the importance of increasing transparency around margin calls, to facilitate banks’ liquidity management – in fact, sudden significant margin requests can easily exacerbate the liquidity shortage experienced in a crisis.

With respect to banks’ guarantees, the EBA noted their use as collateral for clearing members, rather than as collateral for CCPs. In their uncollateralised form, their use as eligible collateral at CCPs was considered as possible temporary measure to alleviate liquidity strains, subject to certain restrictions as outlined by ESMA.

Q5: What is the latest follow-up on the energy crisis?

Achilleas: EU banks reported in the fourth quarter of 2022 around EUR 340 billion of exposures towards energy firms, slightly lower than in the previous quarter. Towards the end of the year, energy prices had eased considerably from their peak levels. For this reason, exposures towards commodity derivative retreated back to end-2021 levels. Volatility, however, remains elevated in energy markets compared to previous years, warranting close monitoring of the developments in this sector, since commodity prices are closely linked to geopolitical developments and therefore remain highly volatile.

Source: EBA Supervisory reporting data

Regulatory and supervisory actions taken

Readiness of the regulatory framework and evaluation of the potential impacts

Since the inception of the conflict, the EBA began identifying and listing possible related prudential issues arising from the prudential framework under the mutated circumstances. The framework has proven robust in past crises and equipped to deal with such situations. Nonetheless, a close assessment of specific features of the deteriorating environment and the extraordinary global and EU response was warranted to evaluate any potential loopholes to be potentially addressed from a regulatory perspective. The areas investigated were manifold, ranging from the application of the prudential consolidation requirements to the credit risk and market risk area, as well as some specific accounting requirements potentially impacting the prudential requirements. Even if no immediate actions have been deemed necessary from a regulatory perspective, continuous monitoring of the situation vis-à-vis the prudential and accounting aspects is still ongoing.

Ensuring a consistent supervisory approach to the macroeconomic events that affected the financial situation of banks

All competent authorities, with very few exceptions, undertook supervisory activities to assess the direct and indirect implications of the Russian aggression against Ukraine, the asset concentration in energy sensitive sectors, as well as the consequences of interest-rate rises, inflation risk and related asset price corrections. Banks were required to report regularly to the competent authority the direct exposures to Russia, Ukraine and Belarus, which were further analysed in a proportionate manner. The highest attention to the indirect implications was warranted as CAs undertook vulnerability assessments, monitored second-round effects, conducted walk-away scenarios and examined ICT security implications.

In line with its mandate to foster the efficient, effective and consistent functioning of supervisory colleges, from the onset of the Russian aggression against Ukraine, the EBA has proactively facilitated information sharing on the direct and indirect implications on the banking groups and its subsidiaries/branches and for coordinating supervisory actions. In some cases, the EBA had to initiate interactions and recall the importance of colleges as a forum for coordinating supervisory responses to an adverse event.

The EBA aims to include its experiences from the monitoring of supervisory colleges in 2022 in the update of the regulatory and implementing technical standards on the functioning of supervisory colleges¹., In particular it will include its experiences on college interactions in the context of the Russian aggression against Ukraine by strengthening the identification of early warning signs, potential risks and vulnerabilities, and increasing information exchanges if there is an adverse material effect on the risk profile.

Derisking аnd financial inclusion in the context of the war in Ukraine

In April 2022, the EBA published a statement setting out what financial institutions and their supervisors can do to provide refugees from Ukraine with access to the EU’s financial system. The EBA also indicated what financial institutions and supervisors can do to protect vulnerable persons from abuse by criminals, to prevent human trafficking and called on financial institutions to ensure that compliance with the EU’s restrictive measures regime does not lead to unwarranted de-risking.

The outbreak of the war in Ukraine coincided with the EBA’s preparation of new guidelines aimed at tackling the adverse impact of de-risking on vulnerable customers such as refugees and human relief efforts. In December, the EBA consulted on two new sets of guidelines: the guidelines on effective money laundering (ML) and terrorist financing (TF) risk management and access to financial services; and the guidelines on the risk factors to consider to manage risks associated with customers that are not-for-profit organisations. Together, these guidelines foster a common understanding throughout the EU on what institutions should do to tackle ML/TF risks effectively, while taking care not to deny customers access to financial services without good reason. The final guidelines will be published in Q1 2023.

Supporting the implementation of sanctions

To assist the EC and the national authorities in monitoring the deposits under the Russian and Belarusian sanctions, the EBA designed templates for the reporting of deposits falling under the economic sanctions. The templates and associated instructions published in May 2022 were meant for voluntary use by the relevant national authorities responsible for then monitoring the sanctions in the Member States. While leveraging the EBA’s expertise in designing common European supervisory reporting frameworks, these templates do not form part of the EBA reporting framework.

Updating the prudential framework

The Single Rule Book

Ensuring consistency

1. Finalising the framework for the IRRBB

   In October 2022, the EBA delivered on its CRD mandates to amend the framework for the interest rate risk in the banking book (IRRBB). The EBA developed an improved set of guidelines and two final draft regulatory technical standards (RTS) specifying technical aspects of the revised framework capturing IRRBB positions. These regulatory products complete the enacting into EU law of the Basel standards on IRRBB and are of crucial importance given the current interest-rate environment.

   The Guidelines on IRRBB and credit spread risk arising from non-trading book activities (CSRBB) will provide continuity to the current guidelines published in 2018, which it will replace, while including new aspects, particularly the criteria to identify non-satisfactory internal models for IRRBB management and those to assess and monitor credit spread risk arising from non-trading book activities.

   The final draft RTS on the IRRBB standardised approach specify the criteria to evaluate the risks arising from potential changes in interest rates that affect both the economic value of equity (EVE) and the NII of an institution’s non-trading book activities. They will also provide a simplified standardised approach for smaller and non-complex institutions.

   The final draft RTS on IRRBB supervisory outlier tests (SOT) specify the modelling and parametric assumptions and the supervisory shock scenarios to identify institutions for which the EVE would decline by more than 15% of Tier 1 capital, as well as to evaluate if there is a large decline in the NII.

   The EBA committed to closely monitor their implementation and more generally the impact of the evolving interest rates on the management of IRRBB by EU institutions and on other related prudential aspects.

2. Monitoring work on capital

   In 2022 the EBA continued its monitoring work under its mandate as per Article 80 of Regulation (EU) No 575/2013 (Capital Requirements Regulation – CRR)². In this chapter, three of the main streams of work performed are described: i) monitoring of the implementation of the Opinion on the Legacy Instruments; ii) closing of the pre-CRR CET1 review; and iii) monitoring of total loss-absorbing capacity and minimum requirement for own funds and eligible liabilities (TLAC/MREL) and reinforcement of the consistency of capital and eligible liabilities (TLAC/MREL).

   Legacy instruments

   In 2020, the EBA issued an opinion to clarify the prudential treatment of legacy instruments after the ending of the CRR1 grandfathering rules in December 2021³. Starting from 2021, CAs, in close cooperation with the EBA, worked to identify potential infection risk and discussed the way forward on the basis of the EBA Opinion.

   In July 2022, an analysis of how the opinion was implemented⁴ was published. It showed that many instruments were already resolved through either calling, redeeming or repurchasing, or by amending their terms and conditions. In a few cases, the infection risk was addressed through the transposition of Article 48(7) of the Bank Recovery and Resolution Directive (BRRD), while for a limited number of instruments, actions are still ongoing or under consideration. Finally, a few instruments have been kept in a lower category of own funds, as eligible liabilities or in the balance sheet as non-regulatory capital.

   Going forward, the EBA expects institutions and CAs to consistently apply the guidance and principles of the EBA’s opinion for the new generation of legacy instruments stemming from CRR2. In the course of 2023, the EBA together with CAs will scrutinise the remaining legacy instruments.

   Closing of pre-CRR CET1 review

   In 2017, the Board of Supervisors mandated the review of pre-CRR CET1 instruments. The exercise concluded in 2022 after the EBA, in cooperation with the CAs, assessed almost 70 types of instruments and 240 single issuances. All in all, this exercise resulted in strengthening the collective knowledge of the different instruments in each EU jurisdiction with significant impacts on the quality and loss-absorbing capacity of the CET1 instruments via improved consistency between the CRR/RTS provisions. Finally, this exercise reinforced the EBA’s monitoring role as per Article 80 of the CRR.

   The analysis of the pre-CRR instruments built on the CET1 list as published in May 2017, and it has been regularly updated. In December 2022, an updated CET1 list was published. Since the previous list of December 2021, the new version includes instruments issued by institutions from Iceland, Liechtenstein and Norway and a new type of instrument issued by Spanish investment firms. Furthermore, a few instruments no longer used by institutions were deleted and minor amendments were applied to reflect legislative changes or to provide further clarifications.

   Monitoring of TLAC/MREL and reinforcement of the consistency of capital and eligible liabilities (TLAC/MREL)

   In 2022, the EBA published an updated TLAC/MREL monitoring report⁵. Overall, the recommendations of the first TLAC-MREL monitoring report were well implemented. However, the EBA identified some new provisions to be recommended and some others to be avoided. In light of the new observations on certain features of the issuances, new parts were included in this report, namely on make-whole clauses (to be disallowed), clean-up calls (to be allowed) and substitution and variation clauses (for which prior approval is needed in certain circumstances).

   Furthermore, to ensure consistency, where appropriate, across instruments with similar loss-absorption features, the report contributed to the alignment of the own funds and the eligible liabilities instruments frameworks, in particular on:

   1. tax gross-up clauses, which can be accepted if they are activated by a decision of the local tax authority of the issuer, and if they relate to interest and not to principal under both frameworks;
   2. the exercise of substitution and variation clauses in both own funds and eligible liabilities instruments should as a minimum be subject to receiving prior consent from the relevant authority and where these clauses would lead to material changes that would affect the eligibility criteria of the instruments, to the prior approval of the relevant authority;
   3. the incentives to redeem have been established consistently across the two regimes even though their presence triggers different consequences.

   In general, the vast majority of eligibility criteria are fully aligned for own funds and eligible liabilities and only isolated deviations exist. In this context the EBA plans to publish a report that merges the contents of the recent Additional Tier 1 (AT1) monitoring report⁶ published in June 2021 and the above-mentioned EBA report on the recent monitoring of TLAC-/MREL-eligible liabilities instruments.

   Monitoring the high-quality and consistent application of the IFRS 9 expected credit loss frameworks

   The EBA continued to work on monitoring and scrutinising the implementation of International Financial Reporting Standards (IFRS) 9, as well as its interaction with prudential requirements following the publication of the EBA report on the IFRS 9 implementation by EU institutions⁷ published in November 2021.

   In line with the staggered approach presented in the IFRS 9 roadmap⁸ the benchmarking exercise on IFRS 9 gradually extended. In 2022, the EBA worked on the integration of the high default portfolios (HDPs) into the benchmarking exercise to assess relevant drivers of variability and related impacts on the prudential ratios arising from the implementation of the IFRS 9 expected credit losses model.

   In June 2022, a third data-collection activity was launched to test new quantitative templates on HDPs. The data analysis is still in progress and will be completed in the first half of 2023. The preliminary findings and data quality checks issues have been considered in the development of the HDPs portfolios IFRS 9 templates of the ITS on supervisory benchmarking 2024⁹, leveraging to the extent possible credit risk benchmarking infrastructure and methodology.

   The new ITS seeks to: (i) widen the scope of the IFRS 9 benchmarking analysis to a higher share of financial instruments subject to the IFRS 9 impairment requirements; and (ii) get a broader view of the existing variability of the expected credit loss outcomes and the related impacts on the amount of own funds and regulatory ratios.

   Full extension to HDPs is expected to be achieved in the ITS on supervisory benchmarking 2025.

3. Finalising the development of an all-inclusive large exposures regime in the EU

   In 2022, the EBA directed part of its efforts to finalising the large exposures framework. Under a host of new mandates in the risk reduction measures package adopted by European legislators in 2019, the EBA developed RTS to identify shadow banking entities for the purposes of reporting large exposures and RTS to identify groups of connected clients (GCCs).

   Entities that offer banking services and perform banking activities but are not regulated and are not being supervised in accordance with any of the acts set forth in the technical standards forming the regulated framework are identified as shadow banking entities. These technical standards take into account international developments and internationally agreed standards on shadow banking entities. The status of entities established in third countries is also assessed to provide for a treatment that distinguishes between banks and other entities. When identifying shadow banking entities, any transaction with such an entity is subject to the limits set out in the EBA Guidelines on limits on exposures to shadow banking entities.

   Meanwhile, the EBA developed technical standards to set out criteria for the identification of a GCC. The objective of the definition of a GCC is to identify two or more natural or legal persons who are so closely linked by idiosyncratic risk factors that it is prudent to treat them as a single risk. For such cases, the EBA has developed criteria that aim to set out clear circumstances where interconnections by means of a control and/or an economic dependency relationship can lead to a single risk and thus a grouping requirement. In addition, these technical standards set out rebuttable provisions for the assessment of situations where control and economic dependencies coexist and thus one overall GCC, as opposed to two or more separate GCC, needs to be formed. In conjunction with the EBA Guidelines on connected clients, a complete framework is provided for the identification of two or more natural or legal persons who are so closely linked by idiosyncratic risk factors that it is prudent to treat them as a single risk.

4. Updating the framework on securitisation

   During the year, the EBA contributed to the completion of the capital market recovery package facilitating the use of securitisation to support Europe’s recovery from the COVID-19 crisis. Among the key measures included in this package was the extension of the simple, transparent and standardised (STS) label to on-balance sheet securitisation aimed at supporting small and medium-sized enterprises (SME) lending and the removal of existing regulatory obstacles to the securitisation of non-performing exposures enabling banks to free their balance-sheets of non-performing exposures. In relation to these changes the EBA has been mandated to develop a number of technical standards which were published last year. In first place, further clarity on the securitisation risk retention rules was provided, ensuring better alignment of interests and reducing the risk of moral hazard, thus contributing further to the development of a sound, safe and robust securitisation market in the EU. The EBA has also made progress in the finalisation of the STS framework for synthetic securitisation which is one of the most prominent segments of the EU securitisation market. Here the triggers for switching the amortisation system from pro-rata to sequential were specified and a set of criteria were provided ensuring the homogeneity of the underlying exposures, which are key requirements related to standardisation and simplicity of STS transactions.

5. Ensuring consistency of market and credit valuation adjustment risk framework

   In 2022, in the area of market risk, the EBA continued to deliver on its fundamental review of the trading book (FRTB) roadmap by finalising the RTS on advanced economies for equity risk. With that, the EBA closed all RTS falling under phase 3 of its roadmap, and accordingly started its work on phase 4 deliverables. Closing phase 3 regulatory standards marks an important point in the FRTB regulatory cycle – in particular, banks opting for calculating the own funds requirements for market risk with a standardised approach are now provided with all aspects needed to perform its practical implementation.

   The regulatory framework that applies to internal models under the FRTB was mostly implemented in the EU by means of the EBA RTS. Therefore, in 2022, the EBA significantly invested in the support of upcoming internal model investigations. In particular, the EBA organised a series of training sessions that were held at the beginning of 2023 to train on-site inspectors on the new regulatory requirements for internal models. [Furthermore, the EBA developed the consultation paper on draft RTS on the assessment methodology that was published in early 2023. In this way, CAs were provided with techniques to assess the applicable regulatory requirements before the investigations start].

   The EBA continued to support a consistent application of the Single Rulebook in the area of market risk, as well as credit valuation adjustment (CVA) risk by means of Q&As. Notably, on the application of intragroup CVA exemptions by EU subsidiaries of third-country groups, the EBA published a Q&A¹⁰ clarifying that currently there are no jurisdictions outside the EU qualifying for those exemptions. In 2022, the EBA also started monitoring the implementation of the Structural FX Guidelines and the impact resulting from it.

6. Finalizing the EBA roadmap for investment firms (IFs)

   In 2022, the EBA has worked on completing the remainder of the open regulatory products in order to close the EBA roadmap for IFs (apart from the mandates relating to ESG risks): the RTS on liquidity risk measurement, the GLs to specify the criteria when exempting Article 12(1) IFs (class 3) from the liquidity requirements, the RTS on Pillar 2 add-ons and the GL on procedures and methodologies for the SREP. Given the complex topic, the RTS on prudential consolidation for investment firms, which is also the item closing the EBA roadmap, could not be finalised during 2022.

   COVID-19: After two unprecedented years of pandemic, 2022 was the year of progressive reductions in government support and a return to the pre-pandemic regulatory state.

   The swift reaction in the early days of the pandemic ensured no disruption in the flow of lending to the real economy. More importantly, it allowed the EU banking sector to provide short-term liquidity support to firms and individuals affected by temporary income losses unrelated to their longer-term viability. This was done through the use of all the flexibilities embedded in the prudential framework, via a number of statements, guidelines, technical standards and reports (see Figure 1). This wide range of policy measures made it possible to strike the right balance between mitigating the effect of the pandemic, while at the same time ensuring no distortion in the true identification of risk and related bank capitalisation. As such, prompt actions taken at EU level, coupled with efficient coordination with Member States and the flexibility left at the national level, proved successful in addressing the crisis.

   With the effects of the COVID-19 pandemic fading away, the next step was naturally to return to a steady state regulatory framework and implement the internationally agreed Basel III reforms. It started by phasing-out the EBA Guidelines on the prudential treatment of general payment moratoria as of 1 April 2021 and ended on 16 December 2022 when the EBA published its closure report on COVID-19 measures and repealed its Guidelines on COVID-19 reporting and disclosure. As a way forward, the EBA will continue its monitoring of the impacts of COVID-19 on credit risk models (i.e. internal-rating based approach and IFRS 9) and provide further clarifications on potential upcoming implementation issues related to EBA COVID-19 measures.

   

   Note: The full timeline of EBA actions can be found in the Annex, as well as on the EBA website.

7. Work on market infrastructure

   In 2022in the area of market infrastructure, the EBA continued to work toward the delivery of the RTS on Initial Margin Model Validation (IMMV). The RTS was published for consultation at the end of 2021, with the consultation ending in February 2022. The feedback received was extensive and required substantial reviews of the proposal, which was finalised by the end of 2022 and published at the beginning of 2023.

   In addition, in 2022, the EBA, jointly with the other ESAs, proposed amendments to the RTS on over-the-counter (OTC) derivatives not cleared to extend the temporary exemptions regime for intragroup contracts. This has been a significant step in accommodating the ongoing assessment of third-country equivalence and allows for a review of the intragroup exemptions framework under the European Market Infrastructure Regulation (EMIR) review.

   Finally, the EBA continued contributing to the discussions at the global level on market infrastructure, notably in the Working Group on Margin Requirements, and further enhanced consistency in the application of the Central Securities Depositories framework by publishing Q&A¹¹ on the matter.

Future-proofing the regulatory framework

1. EU implementation of Basel III

   The finalisation of the Basel III accord creates a clear and solid regulatory framework and ensures a global level playing field. It is a key achievement at the international level and its full and consistent implementation is key for its success. Implementing Basel III will further underpin the trust in the banking sector and lead to tangible macroeconomic benefits.

   The EBA and the EU institutions sat at the negotiating table at the Basel Committee on Banking Supervision and defended the specificities of its banking market. Therefore, the final Basel III accord incorporates many suggestions that make the Basel Framework suitable to be adopted in the EU. With the EU co-legislator finalising the CRR III and the CRD VI in 2023 or early 2024, the EBA stands ready to start working on the relevant draft technical standards.

   The EBA believes that banks should be ready to implement the reforms faithfully and on time. This should be a key objective and requires the banking prudential framework reforms to be implemented quickly by co-legislators, the EBA and market participants.

   Under the current Banking Package proposals, the EBA will be asked to develop around 70 technical standards and 30 guidelines. Most of these will require consultation and finalisation within the two-to-three years after the entry into force of CRR III and CRD VI. Most of these technical standards focus on the main risk areas (credit, market and operational risks), as well as market access and banks’ internal governance. A small number of broad-scope implementing technical standards will cover the essential areas of reporting and disclosure.

   Furthermore, the EBA will be asked to provide technical advice developing around 30 technical reports on a broad range of areas related to the banking framework, covering, in addition to the above-mentioned areas, several other aspects including systemic risks and ESG factors.

   In these times of high uncertainty, the finalisation of the CRR III and CRD VI and the development of technical standards are essential for strengthening banks’ prudential framework.

2. Making the securitisation framework more consistent and allow securitisation to support a greener economy

   Helping banks to lend more to the real economy is a key component of the commission actional plan on capital market union and here securitisation has a prominent role including in financing the transition to a more sustainable economy. Ensuring a properly functioning securitisation market is therefore a key objective which has driven our recent works in the area.

   We have recently contributed to the debate on how to revive the EU securitisation market in a prudent manner by providing a joint advice with the ESAs on the performance of the EU securitisation prudential framework. A conclusion of the report is that that the capital and liquidity framework for banks do not constitute a key obstacle to the revival of the securitisation market in the EU., Other factors beyond the prudential framework should also be considered. such as the need for increased proportionality of the current transparency and due diligence requirements and of a tightening in monetary policy, without which a revived interest of investors and originators in securitisation should not be expected.

   There is nonetheless still room for improvement of the prudential rules applying to securitisation. We have focused our efforts in assessing how we can improve the consistency, clarity and risk sensitiveness of the bank’s capital framework. In this spirit, we have proposed to start with a set of technical quick fixes to the prudential framework aiming at improving its consistency and clarity. In addition, we have proposed a targeted reduction of the risk weight floor for originators recognising their associated reduced agency and model risk. This would encourage banks to originate resilient transactions to shed and diversify their risks. and may provide a modest help to reviving the market, without raising prudential concerns. The possibility to reduce further the conservativeness in the framework via a reduction of the so-called p-factor has been evaluated but not supported on the basis of concerns on creating cliff effects in the capital requirements. We have acknowledged that an alternative design of the securitisation risk weight formula might remove these constrains, however, this would require a more fundamental and comprehensive review. In the spirit of commitment to international standards we suggested to move this discussion at the Basel table.

   These considerations on the prudential framework matter as securitisation can offer a key risk management tool in the transition to a greener economy. In March 2022, the EBA has published a report which analyses the recent developments and challenges of introducing sustainability in the EU securitisation market. The outcome of this analysis also served as a key input in the context of the policy and technical discussions on the EU green bond standard regulation (EU GBS).

   The EBA’s analysis has shown that it would be premature to establish a dedicated framework for green securitisation based on the green credential of the collateral. Rather, ensuring to have a common label should be the priority. The EBA analysis suggest that the upcoming EU GBS regulation, which focus on the use of proceeds, should also apply to securitisation, provided that some adjustments are made to the standard. In this regard, the EBA recommended that in case of securitisation, and generally any bond issued via SPV, the use of proceeds requirement should be shifted from the issuer to the originator.  EBA also recommended that additional disclosures would be necessary to ensure that investors are made aware of the green characteristics of the underlying securitised assets. It also called for further EBA work on green synthetic securitisation and social securitisation.

   Pragmatism has been one of the drivers of the report’s recommendations, which acknowledge the immaturity of the present EU sustainable securitisation market and the need for consistency with existing and still-evolving ESG standards. The recommendations also seek to be reasonable as to what can be achieved while being mindful of greenwashing risk. Therefore, at this stage the EBA recommends a transitory approach to ensure that regulation encourages the growth of green assets, specifically financing new green assets rather than refinancing existing ones.

 

Supervisory practices

2022 European Supervisory Examination Programme

“The common supervisory impetus across the EU met its goal but digital transformation and ESG will call for more attention.”

In line with its mandate, the EBA proactively drives the convergence in supervisory practices through the selection of topics deserving European traction based on its expertise in EU-wide risk analysis, policy development and practical experience of CAs, and its role in supervisory colleges by establishing yearly the European Supervisory Examination Programme (ESEP)¹². The selection of the key topics for supervisory attention is closely aligned with the Union Strategic Supervisory Priorities (USSPs), stipulated in the EBA’s founding regulation¹³, to ensure that the supervisory work undertaken on a day-to-day basis is driven by the strategic and long-term priorities. The two overarching and forward-looking priorities for 2020-2022 were set on “business model sustainability and adequate governance structures”.

The five key topics, introduced in the EBA’s 2022 ESEP, namely the impact of the COVID-19 pandemic on asset quality, Information and Communication Technology (ICT) risks, digital transformation, as well as Environmental, Social and Corporate Governance (ESG) and Money Laundering/Terrorist Financing (ML/TF) risks, were overall adequately incorporated into competent authorities’ supervisory priorities, supervisory assessments and colleges’ work. However, competent authorities are still in the process of building up their capacity to review the risks associated with the digital transformation and ESG, and supervisory intention on these topics was not always homogeneous, in particular when compared to attention given to the review of the asset quality/provisioning, and ICT and ML/TF risks.

Monitoring of colleges

“Overall good operation of supervisory colleges, though further enhancement is expected in certain areas.”

Based on the EBA 2021-2023 college-monitoring approach, the EBA continued to closely monitor a limited but diverse group of colleges, in terms of business model, origin, geographical spread and size.

In 2022, the interactions and the organisation of the supervisory colleges were of a high quality overall, with refinements and some good practices compared to 2021. Improvements were observed in the document distribution and the exchange of the values of the list of early warning indicators. For 2023, improvements in some procedural aspects of joint decisions in accordance with the ITS on the Joint Decision¹⁴ will be sought. The EBA fosters the sharing of good practices observed, for example when there is mutual engagement among members and observers, including third-country observers, to develop an overall assessment of the bank’s situation across borders or a joint inspection which is beneficial for both the home and host supervisors.

ICT peer review

“Challenges in the supervision of ICT risks still exist, though competent authorities have incorporated the EBA Guidelines on ICT risk assessment under the SREP into their supervisory practices.”

The EBA peer review on the ICT risk assessment under Supervisory Review and Evaluation Process (SREP¹⁵) looked at the supervisory practices in ICT risk assessment in the context of the SREP and the application of the EBA Guidelines on ICT risk assessment under the SREP¹⁶ that promote common procedures and methodologies for this assessment.

The peer review revealed that CAs have largely applied the EBA Guidelines on ICT risk assessment under the SREP and implemented them in their supervisory practices. The CAs generally apply a risk-based approach to the supervision of ICT risk where the frequency and depth of the assessments correlate with the level of ICT risk of the banks. However CAs experience challenges in building the necessary ICT supervisory capacity and expertise, applying proportionality in the assessment, and incorporating the ICT risk assessment and scores into the overall SREP.

Through the peer review, good supervisory practices and recommendations were shared, such as the establishment of dedicated training curricula and mentoring for ICT risks or setting up internal networks. CAs were recommended to perform horizontal comparisons and IT landscape analyses.

Work on governance and remuneration

1. Remuneration benchmarking

   Following the separation of the regulatory frameworks for institutions and investment firms with the introduction of Directive 2019/2034/EU, the EBA updated and further improved its remuneration benchmarking and high earner data collections. The analysis of data will benefit from templates that are tailored to the different business models of such firms. The data collection will be enriched by the collection of data on the application of the derogations to the requirements to pay out variable remuneration of identified staff in instruments and under deferral arrangements when specific conditions are met. As a new element we will benchmark the gender pay gap for all staff and for identified staff under the revised guidelines. As part of the collection of data on high earners, we will in future receive information on the number of high earners (staff receiving EUR 1 million in total in remuneration or more) per gender. Both data on the gender pay gap and data on high earners will, together with the EBAs diversity benchmarking, aim to identify and make transparent inequalities on the employment conditions for staff of different genders.

2. Remuneration of high earners

   In the data collected for the financial year 2021, the EBA identified an increase in the number of high earners who received remuneration of more than EUR 1 million. The number of high earners increased by 41.5%, from 1 383 in 2020, to 1 957 in 2021. This increase is linked to the overall good performance of institutions, in particular in the area of investment banking and trading and sales, continuing relocations of staff from the UK to the EU and a general increase in salaries.

   

   

3. Improving the cooperation of CAs when assessing the fitness and propriety of members of the management body

   The three ESAs are jointly developing a database and guidelines that will form a system for the exchange of information relevant to the assessment of the fitness and propriety of holders of qualifying holdings, directors and key function holders of financial institutions and financial market participants by CA in accordance with the legal acts referred to in Articles 1(2) of the founding regulations. The database will hold information on such assessments made by all CAs in Member States, so that relevant information for additional assessments to be made can easily be identified, exchanged and used. This process will increase the supervisory efficiency.

   The EBA is benchmarking the diversity of the management bodies of institutions, considering the age, gender, geographical, educational and professional background of members. As gender equality is a core value of the EU, some focus is given to the aspect of gender, including the EBA’s benchmarking of the gender pay gap at the level of the management body. Where imbalances still exist, more transparency on diversity policies and practices is thought to foster improvements in this area.

   The EBA gathered and analysed data of 662 credit institutions and 129 investment firms selected by NCAs of all Member States. Despite the legal requirements, a significant proportion of 27.05% of institutions (2018: 41.61%) still have not adopted a diversity policy.

   The gender balance is improving gradually, but too slowly. The representation of women and men on boards is still insufficiently balanced. Only 18.05% of executive directors, including the CEO, are female (2018: 15.13%; 2015, 13.63%). In the supervisory function of the management body, women previously held 27.75% (2018: 24.02%; 2015: 18.90%) of the non-executive director positions (including those of chairperson and staff representative.) Female executive directors are paid on average 9.43% less than their male colleagues even if CEO remuneration is excluded; for non-executive directors the average gender pay gap is at 5.90%.

   More diverse management bodies can help to improve their decision-making on strategies and risk-taking by incorporating a broader range of views, opinions, experiences, perceptions, values and backgrounds. A more diverse management body reduces the phenomena of “group think” and “herd behaviour”. We found that credit institutions with a gender-diverse management function have on average a RoE of 7.88%, while credit institutions with executive directors of only one gender have on average a lower RoE of 5.27%.

   The EBA will continue to monitor diversity in management bodies and issue periodical benchmark studies on diversity and on the gender pay gap at the level of the management body and follow up with CAs on the measures taken to remedy identified shortcomings in institutions’ compliance with the underlying regulatory requirements.

Resolution framework

Crisis preparedness

As part of its role in crisis preparedness, with the objectives of further enhancing the usability of recovery planning and making crisis preparedness more effective, the EBA undertook a dedicated effort to develop draft guidelines on overall recovery capacity. This is a summary measure of institutions’ capability to restore their financial position after a significant deterioration. The issued consultation paper aims to harmonise the observed practices in overall recovery-capacity determination and assessment respectively by institutions and CAs.

In the field of resolution preparation and monitoring of implementation, the EBA has been advancing the following objectives in line with its founding regulations and relevant BRRD mandates: 

• contribute to the harmonisation of rules in the EU¹⁷, in particular in the area of resolvability;
• increase transparency of the resolution framework;
• monitor the progress of resolution planning and the related build-up of MREL resources in the EU;
• drive convergence in resolution practices.

To further harmonise the resolution framework across the EU, the EBA published its final guidelines on resolvability in January 2022. The guidelines provide a common set of resolvability standards for all resolution banks in the EU to follow. Those were complemented in September by the Guidelines on transferability , setting out the steps institutions and authorities should take to facilitate transfers in resolution. In December, the EBA launched a consultation on its Guidelines on resolvability testing to frame how institutions and resolution authorities should approach the testing phase of their resolution planning efforts, to ensure that the capabilities developed to comply with the two sets of guidelines mentioned earlier are in fact fit for purpose.

In accordance with the transparency of the resolution framework, the EBA has taken several initiatives to ensure progress from institutions and authorities. In June, the EBA launched a consultation on a set of guidelines for authorities to publish their approach to the implementation of bail-in. In line with FSB standards these guidelines ask authorities to specify the timeline of the bail-in and how they intend to convert instruments and deliver them, e.g. using interim instruments. The EBA has also initiated work with its members on setting a roadmap for authorities and institutions to improve transparency of the framework, with a particular focus on predictability and resolvability.

The EBA also published its annual MREL shortfall report and impact assessment on the progress of resolution planning monitoring and the related build-up of MREL resources. As of 31 December 2021, the report estimated that 70 banks reported an MREL shortfall of EUR 33 billion out of a sample of 245. This is down by 42% compared to last year’s quantitative report on MREL on a comparable basis. The report shows progress in closing MREL shortfalls, albeit at a lower rate for smaller banks, and concludes that the impact of MREL on banks’ profitability is manageable, although disparate across types of banks and Member States.

In 2022, the EBA set out the first set of priorities for resolution practices convergence under the European Resolution Examination Programme (EREP) to draw resolution authorities’ attention to matters deserving a common and coordinated approach as well as a European traction. The priority areas for 2022 were MREL shortfalls, a management information system (MIS) for valuation, and liquidity and funding in the resolution context. Overall, the EREP is intended to achieve a high level of sharing of information and practices among authorities, provide a calibration level for resolution work programmes and foster the coordination and collaboration between authorities. In 2023, the EBA is going to assess how the priorities set out in 2022 were followed throughout the year. Very importantly, the EBA will share with the authorities the good practices it observed in monitoring the implementation of the 2022 EREP items in order to spread awareness of the various practices across the EU and increase preparedness and readiness of resolution authorities.

Strengthening deposit guarantee schemes

In July 2022, the EBA launched a public consultation on its draft revised guidelines on deposit guarantee schemes (DGSs) contributions. The revised guidelines aim inter alia to enhance the proportionality between the risk of a credit institution and its contributions to the DGS, streamline and simplify the original guidelines, improve the risk sensitivity of the calculation methods for contributions, and improve the formula for determining the risk adjustment factor of each member institution. Following a public consultation during which the EBA received helpful suggestions for further clarifications, the final guidelines were issued in February 2023.

In August 2022, the EBA also published on its website extensive data on the financial means available to DGSs, the amount of deposits across the EU that are covered by DGSs, and, for the first time, qualified available financial means that stem from contributions, other available financial means and outstanding liabilities¹⁸.

Leveraging EUCLID: making the most of banking and financial data

EUCLID: population expanded significantly and breakdown available on size/significance, ensuring more nuanced analysis

After the EBA finalised its implementation in 2021, 2022 was again remarkable for the EUCLID ecosystem. The EBA started collecting a limited set of supervisory data in 2011 from a sample of 55 EU banks. In 2014 the EBA reporting sample already covered the largest 200 EU/EEA credit institutions and the whole supervisory reporting framework. In 2019 the EBA began preparing for EUCLID by onboarding resolution groups (200) and credit institutions (1 600) subject to resolution reporting. With the deployment of EUCLID, the EBA started collecting data for the entire population of banks, made up of around 650 banking groups (500 banking groups at the highest level in EEA and an additional 150 sub-groups) and around 4 300 credit institutions. With EUCLID the resolution onboarding was also finalised, covering additional 200 resolution groups. The reporting population was further expanded in 2022 to cover 2 500 investment firms and more than 250 groups of investment firms. Consequently, the number of reporting files transmitted to the EBA through EUCLID has grown exponentially, from around 10 thousand files in 2014 to around 62 000 files for 2020 reference dates (quarterly or monthly), reaching over 244 000 files for 2022 reference dates.

Looking to banking groups and credit institutions in EUCLID, as of March 2023, 164 are considered largest institutions from all EU/EEA countries and contribute to EBA statistical publications, including the EBA Risk Dashboard; around 700 EU credit institutions belong to these banking groups. The banking sector also comprises further 500 banking groups, with 500 subsidiaries, and the remainder being independent institutions reporting on solo-level. Regarding small and non-complex institutions (SNCI), as identified by national authorities, EBA’s EUCLID shows a large diffusion of such institutions, with around 2 500 entities. Smaller institutions are the largest component also of the EUCLID newly added population of investment firms (IF), with less than 10 being classified as Class 1 minus entities, 1 000 as Class 2 entities and 1300 as smaller Class 3 entities, all which constituting a lower bound1 for the final IF population in the EU/EEA.

The abovementioned EUCLID-enabled breakdowns allow the EBA to conduct finer and comprehensive analysis for its several reports, dashboards and impact assessment studies supporting, for example, EBA replies to Call for Advice or regular policy work when drafting technical standards or guidelines.

With the view of achieving as seamless as possible implementation of workflows and integration of quality assurance processes across the reporting chain, the EBA has continuous interactions with national authorities and reporting agents. Several national authorities were onboarded by the EBA for the first time in 2022 into the EUCLID ecosystem, namely concerning the reporting to EBA of data from investment firms (IF) and payment fraud, while also increasing the quality assurance process for the reasonably new resolution reporting.

As a data-based and insight-driven institution, the EBA has incorporated data and analytics as a key element in its strategic areas, leveraging the enhanced technical capability for performing flexible and comprehensive analyses. In its Data Strategy the EBA defines its data-driven vision and the strategic ambition to extend the range of data collected, enhance the usability of its underlying systems, and strengthen its analytical capabilities. Building on its data infrastructure (EUCLID), the EBA continues developing data services and sharing data and insights with internal and external stakeholders.

 

Enhancing transparency

The EBA considers the transparent provision of continuous information on banks’ exposures and asset quality to market participants as a key part of its mission. The EBA believes that this is crucial, particularly in moments of increased uncertainty. Financial information is a public good that facilitates the proper functioning of financial markets. The dissemination of banks’ data is an integral part of the EBA’s responsibility of monitoring risks and vulnerabilities and preserving financial stability in the single market. In that light, in 2022 the EBA published several products to disclose banking information to the wider public, such as its EU-wide transparency exercise, remuneration and governance data and data on diversity practice.

The 2022 exercise

The EU-wide transparency exercise, which has been carried out by the EBA since 2011, aims to promote market discipline and foster consistency in EU banks’ figures. The exercise relies solely on supervisory reporting data – financial reporting (FINREP) and common reporting (COREP).

Results of the 2022 exercise were released at the end of the year in the form of the disclosure of around 1 million data points for data at the highest level of consolidation from 122 banks of 26 EEA countries. The results disclosed at the granular bank level covered several areas such as capital, leverage ratio, risk exposure amounts (REAs), profit and loss, market risk, securitisation, credit risk, sovereign exposures, non-performing exposures (NPEs) and forborne exposures (FBEs).

The templates were mainly unchanged with respect to the previous years’ exercises, with minor adjustments to the mapping, due to the latest ITS framework release. The consistency of the templates over the years and the broadly stable sample allows the users to build time series on the main banking indicators which range from 2015 to 2022, collating overall 10 million datapoints.

The transparency exercise results are extensively used by banks, market analysts, academics, international organisations and journalists for their assessments of the EU banking sector. To facilitate analysis of the transparency figures, the EBA has made available, along with the individual banks’ results and the full database, a set of interactive tools to access the data.

Remuneration and governance data

The EBA has been collecting and publishing data since the end of 2010 on staff members who have received remuneration of EUR 1 million or more in the previous financial year (high earners) in payment brackets of EUR 1 million, including the business area involved and the main items of salary, bonus, long-term awards and pension contributions. This data is collected from all institutions, but the collection applies only to staff whose activities are carried out predominantly within the EU. The CAs are responsible for collecting the relevant information from credit institutions and investment firms and for submitting it to the EBA. In this respect, the EBA publishes the aggregated data on high earners at the EU level in the visualisation tools for data exploration.

Additionally, the EBA collects detailed information annually, in particular on the remuneration of identified staff from more than 130 institutions at the highest level of consolidation. In this regard, the EBA benchmarks remuneration trends biennially through a benchmarking analysis report. The collection of both sets of data aim to ensure a high level of transparency of the remuneration practices within the EU.

Data on diversity practices

Since 2016, the EBA has been collecting data triennially for the benchmarking of diversity practices on an ad hoc basis under Article 35 of the EBA foundation regulation.

During the course of 2022, the EBA analysed information on the diversity policies drawn up by individual credit institutions and investment firms, including the targets set for the underrepresented gender, together with data on the composition of management bodies as of the end of 2021. In addition, data were collected on the gender pay gap for members of the management body in the management and in the supervisory function, separately for each gender, for the performance year 2021.

The exercise was based on a representative sample of 662 credit institutions and 129 investment firms selected by NCAs of all EU Member States, Liechtenstein and Iceland, on the basis of common criteria set out by the EBA in accordance with CRD and Investment Firms Directive (FD) requirements.

Presently, the EBA is developing new EBA guidelines in order to integrate this exercise into its regular reporting, including the technical package and specifications, and regular processes to enhance disclosure and monitoring in this regard providing these alongside with self-exploration tools to market participants.

Supporting NPL markets

Selling NPLsin secondary markets represents one of the tools available to credit institutions to manage and reduce the NPL amount on their balance sheets.

In 2022, following the mandate received by the Directive on loan credit servicers and purchasers (Directive (EU) 2021/2167) and leveraging the experience gained with the voluntary use of the NPL transaction data templates (first issued in 2017), the EBA developed implementing technical standards (ITS) specifying the templates to be used by credit institutions to provide information to credit purchasers when selling or transferring NPLs. The final draft ITS were published by the EBA and submitted to the Commission for their final adoption in 2023 on 16 December 2022.

Through these draft ITS, the EBA promotes data standardisation for NPL transactions, which aims to reduce information asymmetry between sellers and buyers of NPL, to increase the efficiency of secondary markets for sales of NPLs, by ensuring a better price for sellers and by attracting smaller investors with less negotiation power. The benefits of data standardisation in facilitating the NPL transactions were calibrated against the costs for banks of preparing and collecting the data, especially for smaller banks. In this regard, the EBA provided for a flexible and proportionate approach, identifying a minimum set of mandatory information and allowing, for certain types of transactions, to treat all data requirements as not mandatory.

The NPL templates do not form part of the EBA supervisory reporting framework, but their content, where possible, refers to definitions in other EBA regulatory and reporting requirements, to promote consistency and harmonisation and facilitate implementation by credit institutions.

Supervisory reporting

In 2022, the EBA continued to engage in increasing the efficiency of its supervisory reporting framework along the lines identified in the feasibility study on integrated reporting; keeping the reporting requirements meaningful and relevant for authorities; improving market discipline by setting Pillar 3 disclosure requirements on ESG risks. The EBA’s role in promoting market discipline will be further enhanced with the upcoming project for a centralised Pillar 3 Data Hub.

Proportionality remained a key focus in the EBA’s reporting work. The EBA continued implementing recommendations from its cost of compliance study to reduce compliance costs of institutions, in particular of SNCIs. The EBA has applied proportionality by reducing requirements for SNCIs and promoted use cases for RegTech and provided examples and supporting background to the reporting requirements among others.

In 2022 the EBA continued the joint work with the European Insurance and Occupational Pensions Authority (EIOPA) to improve the Data Point Model (DPM) Standard with the DPM ReFit project. A draft common metamodel was developed which upgrades the current DPMs to be fit for future reporting with increasing volumes, complexity and integration. The EBA and EIOPA will use this new common model “DPM Standard 2.0” for all their reporting frameworks going forward. The new DPM Standard 2.0 includes a common approach to implementing the glossary, the definition of data concepts, the rendering of data in templates and the same metadata formats for data validation and data calculation. DPM Standard 2.0 will also enable a higher level of and scope of data integration, collaboration on data definitions and take advantage of new technologies en route towards a fully digitalised regulatory data chain. The new DPM standard 2.0 is an important step towards building an integrated reporting framework for banking.

Laying the foundations for a more integrated and efficient reporting landscape

Building an integrated reporting system that would cover prudential, resolution and statistical requirements represents a long-term vision for increasing efficiencies and reducing reporting costs while keeping the reporting framework meaningful and relevant for supervisors.

During 2022, following the priorities identified in the EBA feasibility study¹⁹ published in December 2021, the EBA worked on establishing the governance of the future integrated reporting system and the features of a common data dictionary in close collaboration with the ECB, the EC and prudential, resolution and statistical authorities. The discussions were also sounded out with the banking industry in a workshop in December 2022²⁰.

The governance of the future integrated reporting system would rely on the Joint Bank Reporting Committee (JBRC), an advisory body with the task of analysing aspects related to “how” the integration of statistical, supervisory and resolution reporting could be achieved, while the definition of these reporting needs (“what”) would still be the prerogative of the current authorities and institutions under the established processes.

The involvement of the banking industry would be ensured via a stakeholder contact group of industry reporting experts, the Reporting Contact Group (RCG), which would closely cooperate with the JBRC and its expert groups, providing advice and feedback on subjects related to integrated reporting.

In line with the feasibility study, a cornerstone of an integrated reporting system should be a common data dictionary that would facilitate the objective of “define once, report once”. In 2022, the work on the data dictionary focused on the two major components:

1. The syntactic layer (the container) that ensures the content is organised in a standardised and harmonised way. The EBA worked together with the ECB and assessed that the DPM ReFit (the planned upgrade to the DPM model) could be used to model and host the Integrated Reporting Framework (IReF), which would be the future harmonised statistical reporting framework. This is a major step towards building a common data dictionary based on a common metamodel (common syntactic layer).

2. The semantic layer (the content) that describes the integrated reporting requirements. The EBA, and the ECB together with some NCAs, ran a pilot project by comparing selected concepts from FINREP and AnaCredit. They gained practical experience on how to integrate frameworks serving different needs, using separate processes and separate data dictionaries.

In parallel with the work towards a more integrated and efficient reporting landscape, the EBA continued with the ongoing work of keeping the supervisory and resolution reporting framework meaningful and relevant for authorities. Notable pieces of this work include the development of reporting requirements on market risk, in particular on the FRTBand the development of a new IRRBB reporting framework, building on the new policy package published and submitted to the EC in Q4 2022 and on the Pillar 3 disclosure requirements on IRRBB currently applicable. This latter package was published for Consultation in January 2023, and it is particularly relevant in the current context of inflation and high interest rates. Finally, the EBA is also implementing as part of the reporting framework the data needed for the purposes of benchmarking of remuneration practices, high earners and gender pay gap for credit institutions and investment firms, to facilitate the collection of this data and to further facilitate the monitoring of diversity in management bodies and issue periodical benchmark studies.

ESG disclosure standards

The supervisory reporting is currently built on the traditional categories of financial risks. Nevertheless, the financial sector has started to be exposed to new risks (and opportunities), as ESG could impact institutions’ profitability and solvency by affecting them directly or affecting their counterparties.

A first step in monitoring the ESG risks is represented by the disclosure of relevant, meaningful and comparable information, which is a vital tool to promote market discipline, allowing stakeholders to assess credit institutions’ ESG risks and their sustainable finance strategy.

In January 2022, in line with the requirements laid down in the CRR, the EBA published the final draft ITS on Pillar 3 disclosures on ESG risks, which were adopted by the EC in November 2022. The draft ITS set out comparable qualitative information on how credit institutions are taking into account ESG factors in their governance, business model, strategy and risk management framework, as well as quantitative disclosures on climate change-related transition and physical risks and mitigating measures, and on the ratio of exposures financing taxonomy-aligned activities.

The required comparable disclosures will lead to a better understanding of how climate change-related risks may exacerbate other risks faced by credit institutions. Considering the challenges in providing all the required information, a phase-in approach for the entry into force of the ITS was established, starting from December 2022.

To ensure consistency with this new Pillar 3 Framework on ESG risks and the provision of all information needed by credit institutions’ counterparties, the EBA also followed the developments of the first draft sustainability disclosure standards at both European and international levels, by answering the respective public consultations. In addition, in accordance with Directive (EU) 2022/2464 (Corporate Sustainability Reporting Directive), the EBA prepared an opinion on the European Financial Reporting Advisory Group’s (EFRAG) technical advice on draft European sustainability reporting standards (ESRS), which was submitted to the Commission in January 2023. In its opinion, the EBA welcomed the level of alignment of the draft ESRS with the Pillar 3 disclosure requirements and their interoperability with the draft international sustainability disclosure standards. In addition, at the international level, the EBA is also actively participating in the work currently being developed by the Basel Committee on Banking Supervision as regards the Pillar 3 Framework and possible extension to ESG risks.

Digital resilience, financial innovation and consumer protection

Digital resilience

Digital Operational Resilience

Following the legislative procedure, the DORA Regulation and Directive²² was published in the Official Journal of the European Union on 27 December 2022 and entered into force on 16 January 2023. There will be an implementation period of 2 years, therefore DORA will enter into force on 17 January 2025. DORA was published along with two other important EU cybersecurity-related legislative acts: the Network and Information Security Directive 2 (NISD2) and the Critical Entities Resilience (CER) Directive. Together they aim to strengthen cybersecurity and resilience across the EU.

During 2022, the EBA continued evaluating the upcoming legislation and along with the other ESAs, started preparing for the implementation of DORA. During the two years before the application of DORA, the ESAs would need to deliver more than 15 policy products to the EC.

The ESAs are called for the first time to jointly deliver such a large-scale project. To this end, the ESAs coordinate and collaborate on an ongoing basis. The ESAs have prepared internally a joint DORA high-level implementation plan to facilitate the delivery of the relevant tasks during the DORA implementation period.

For the development of the various policy-related mandates, the ESAs have set up a new subcommittee on digital operational resilience under the joint committee (JC SC DOR). This will enable wider coordination among the different EU authorities (as envisaged by DORA), as all EU CAs across the financial sector are members, along with the European Union Agency for Cybersecurity (ENISA), ESRB, the Single Resolution Board (SRB) and the EC as observers. This will facilitate the harmonisation across the three sectors and alignment with the relevant legal frameworks, such as NISD2 and Critical Entities Resilience (CER).

In the context of the DORA preparation, the ESAs have jointly launched a high-level exercise on the ICT third-party providers’ landscape across the EU financial sector, which is due for completion in 2023. An ESAs webinar was delivered on 27 September 2022 to facilitate the ongoing data-collection exercise on ICT third-party arrangements and to allow stakeholders to share any questions they may have. Moreover, the EBA continued its work to ensure that the regulatory framework for ICT, security risk and cyber resilience is well implemented, including with consistent supervisory practices. The EBA continued to provide inputs to the work of international standard-setters in the area of operational resilience (e.g. BCBS).

Digitization of payment services and electronic money

• Review of the Payment Services Directive

  In June 2022, the EBA published its response to the EC’s Call for Advice (CfA) on the review of the revised Payment Services Directive (PSD2). While the EBA has observed that some of the key objectives of the PSD2 had started to materialise, such as the enhancement of competition, the facilitation of innovation, the reduction of payment fraud, and the protection of consumers’ money and data, in its response, the EBA developed more than 200 concrete recommendations for further improvements.

  The proposals aim to:

  • reduce potential exclusion from access to payment services;
  • bring about a harmonised and consistent application of the legal requirements across the EU; merge the PSD2 with the Electronic Money Directive;
  • clarify the scope of application of strong customer authentication (SCA);
  • address new security risks for customers such as social engineering fraud, where customers are tricked into initiating a payment transaction;
  • address obstacles to the provision of payment initiation services (PIS) and account information services (AIS);
  • move from open banking to open finance;
  • address unwarranted de-risking practices by banks affecting payment and e-money institutions;
  • and address the enforcement shortcomings in relation to the implementation and application of SCA for e-commerce card-based transactions.

• Guidelines on the limited network exclusion under PSD2

  In February 2022, the EBA published its final own-initiative guidelines on the limited network exclusion under PSD2, applicable as of 1 June 2022. These guidelines clarify how NCAs should assess whether a network of service providers or a range of goods and services qualify as “limited” and are, therefore, not subject to the PSD2. Payment instruments that might benefit from this exclusion include store cards, fuel cards, public transport cards and meal vouchers.

  The guidelines aim to address significant inconsistencies the EBA had identified as to how this exclusion had previously been applied across the EU. The guidelines therefore contribute to the single market for payment services in the EU and ensure transparency for supervisors and customers by setting out expectations on how a network of service providers or a range of goods and services should be assessed in order to qualify as “limited”; the use of payment instruments within limited networks; the provision of excluded services by regulated financial institutions; and the submission of notification to CAs.

• Amendments to the RTS on strong customer authentication and secure communication

  In April 2022, the EBA published its final draft of the amended RTS on Strong Customer Authentication and Secure Communication (SCA&CSC). The amendment, on which the EBA had consulted at the end of the previous year, inserted a new mandatory exemption to SCA that will require account providers not to apply SCA when customers use an account information service provider (AISP) to access their payment account information, provided certain conditions are met. The amendment aims to reduce friction for customers using the services of AISPs, mitigate the impact that the frequent application of SCA has on AISP services, and achieve an appropriate balance between the at times competing objectives of PSD2 of enhancing security, facilitating innovation and enhancing competition in the EU.

Addressing the extent to which enhanced security requirements have reduced fraud in retail payments

PSD2 requires all payment service providers (PSPs) in the EU to report payment fraud to NCAs, and for NCAs to then provide the EBA and the ECB with aggregated information on that data.

In 2022, the EBA, in close cooperation with the ECB, assessed the data received, with a view to determining the extent to which the security requirements imposed by PSD2 and the Technical Standards on SCA were being implemented. The EBA published a Discussion Paper (DP) in January 2022 with its preliminary observations on selected subsets of data from the second half of 2020. The DP presented the EBA’s preliminary findings in relation to three of the six available payment instruments, which were credit transfers, cash withdrawal and card-based payments; for the latter, the view of both issuers (i.e. the card holders’ PSPs) and acquirers (i.e. merchants’ PSPs) is provided.

The DP found inter alia that, for remote card payments, the share of fraud reported by card issuers is five times higher for non-SCA transactions in terms of volume and three times higher in terms of value. The figures reported by acquirers are similar, with non-SCA transactions incurring fraud levels that are four and five times higher by value and volume respectively.

This finding is of interest, especially considering that in the considered reporting period (H2 2020) many issuers and acquirers as well as merchants in the EU were still not compliant with the SCA requirements.

Similarly, the analysis also showed that fraud is significantly higher for cross-border transactions with counterparts located outside the EEA, where inter alia SCA does not apply, than for those conducted inside this area, as illustrated in Figure XX.

In conclusion, the EBA’s preliminary analysis has confirmed that introducing SCA in the EU has significantly reduced fraud levels.

Financial innovation

Improving the landscape for investors when using crowdfunding platforms

In recent years, crowdfunding has become a significant means through which startups and SMEs have been able to finance their projects. Regulation (EU) 2020/1503 on European Crowdfunding Service Providers (ECSPR) was issued to ensure a level playing field across providers and appropriate safeguards for investors. While ECSPR already requires crowdfunding service providers to disclose a substantial amount of information, investors may be exposed to the risk of having insufficient information, and/or incomplete understanding of the viability of a crowdfunding project. Therefore, in May 2022, in accordance with the mandate in Article 19(7) of ECSPR, the EBA published a draft RTS aimed at reducing potential asymmetries of information between project owners with respect to credit scoring and loan pricing, and ensuring a minimum set of common standards in terms of credit risk assessment, governance, and risk management structures.

Crypto-asset markets

In September 2020, the EC published its legislative proposal for a regulation on markets in crypto-assets (MiCA), which is intended to create a holistic approach to the regulation and supervision of crypto-asset activities that are not already covered by EU law and creates 4 new schemes of regulation for issuance activities and crypto-asset service provision. In particular, MiCA creates schemes of regulation for so-called stablecoins in the form of asset-referenced tokens (ARTs) and electronic money tokens (EMTs). For significant ARTs and EMTs a scheme of EU level supervision is created whereby the EBA will supervise issuance activities for ARTs and EMTs that are classified as “significant” in accordance with the criteria set out in MiCA. The text was endorsed by the Council in October 2022 and the final endorsement is pending. Throughout the co-legislative process, the EBA has provided technical inputs and developed an implementation plan to ensure the timely delivery of the 20 policy mandates (technical standards and guidelines), and to prepare for its supervision and other tasks, such as the new product intervention powers under MiCA.

In addition to taking forward preparatory actions for MiCA implementation the EBA continued the monitoring of crypto-asset market developments and its contributions to the crypto-asset work streams of international standard-setters (notably BCBS and FSB).

In March 2022, the EBA, together with the other ESAs, issued a warning to consumers following increased activity and interest from the public on the topic as well as the growing promotion of those assets. In particular, the ESAs highlighted the reasons why such products may not be suitable for most consumers, among which the possibility of losing invested capital in its entirety, the exposure to misleading advertisements, as well as the promise of fast and/or high returns.

The EBA, through its crypto-assets network (which includes NCAs represented on the EBA’s Board of Supervisors, and observers from the EC, ECB, EIOPA and ESMA), stepped up its work to foster knowledge-sharing between industry and CAs on crypto-asset market developments and supervisory approaches, pending the application of MiCA. This work is essential to promote supervisory capacity-building and convergence in the transition phase, and to mitigate risks of regulatory arbitrage. The work focused on issuances of stablecoins and will expand in 2023 to cover credit institution, payment institution and electronic money institution crypto-asset service providers.

In addition, the EBA commenced monitoring crypto-asset lending and staking activities, including its findings in the 2022 non-bank lending report²³. The EBA also stepped up its monitoring of decentralized finance (DeFi), contributing to the Financial Stability Board’s work in this area²⁴, and participated in the BCBS work to draw up a common standard on the prudential treatment of banks’ exposures to crypto-assets²⁵.

EBA’s new access to data on crypto-assets and blockchain analytics

Alain Otaegui
Policy expert

The EBA has just finalised its public procurement aimed at obtaining access to crypto-asset and blockchain analytics data service providers. When did the EBA recognise it needed access to crypto-assets data, and why did you take the decision to launch a tender procedure?

In early 2022, as negotiations on the MiCA proposal were advancing, at the EBA we started accelerating preparatory work for our future policy mandates and supervisory function. While we had been monitoring the crypto-asset markets for some years already, the sources of data and information for our monitoring activities were rather limited. Access to robust and real-time data is however increasingly necessary for policymakers (and enforcement authorities) to undertake a proper assessment of market developments in the crypto-asset sector and of the potential impact of policy actions. As a consequence, we began exploring the scope and quality of some of the data providers. Acknowledging the fact that in a still developing industry (and sector) there was not a single provider that could cover all our future data needs, we decided to launch this ground-breaking public procurement procedure for financial regulators in the EU. The tender includes two distinct services: blockchain analytics services, which will allow us to monitor and track financial crime and other risks related to specific tokens, crypto-asset service providers, wallets or transactions; and data on crypto-asset markets, which will allow us to understand broader market dynamics, including those linked to specific tokens, distributed ledger technology networks or service providers.

How does the EBA expect to fit that data within its current and upcoming tasks and priorities?

As set out in MiCA, in order to address increased risks from significant ARTs and EMTs, the issuers of those tokens must comply with additional obligations and their supervision is partly or fully assigned to the EBA. The EBA is responsible for carrying out assessments of the significance of ARTs and EMTs and can classify them as significant where they meet certain criteria, as specified in MiCA. As a consequence, the EBA will need to monitor the activities of ARTs and EMTs, which will require comprehensive and robust reporting from the issuers to CAs. However, the data the EBA will be able to access as a result of this tender will help the EBA overcome any limitations of the data reported by issuers under MiCA. As the issuers’ reporting obligations are expected to start to apply by late 2024 at earliest, this data will also help the EBA improve its understanding of the scope of ARTs and EMTs that may fall under its supervision, and thus also the scope of resource needs for its future supervisory tasks.

In addition, data on crypto-asset markets and blockchain analytics services can be useful for the EBA’s monitoring of risks to consumers, assessment of ML/TF risks, impact assessment accompanying the EBA’s policy mandates under MiCA, and any other assessments of crypto-asset markets and their interconnectedness with the banking and payments sectors.

The EU Supervisory Digital Finance Academy

The EU Supervisory Digital Finance Academy (EU-SDFA) is a three-year project sponsored by the EC that was launched in 2022. The EBA, together with ESMA and EIOPA, are partnering with the EC on the activities of EU Supervisory Digital Finance Academy.

The Academy aims to strengthen the supervisory capacity of CAs’ staff in dealing with the risks and opportunities arising from the use of advanced technologies in the financial sector.

The Academy features a comprehensive training curriculum on digital finance and a series of workshops on practical issues stemming from the regulation and supervision of innovations used by financial entities. The EBA, together with ESMA and EIOPA, are guiding and steering development of the Academy’s training curriculum to ensure it is tailored to the CAs’ needs.

Three foundational training sessions took place in the last quarter of 2022, and the topics included Blockchain and DeFi, artificial intelligence and machine learning (AI/ML), Cybersecurity and digital operational resilience, Open Finance, along with introductory sessions for MiCA and DORA, case studies and panel discussions.

In 2023, advanced training sessions will take place covering cyber risk, AI and ML for supervisory technology (SupTech), distributed ledger technology and regulatory topics such as MiCA, DORA and a global regulatory overview related to digital finance. In addition, the ESAs will organise workshops on SupTech, digital business models analysis, and RegTech.

Use of SupTech across the EU competent authorities

What is SupTech? SupTech is the use of technology-enabled innovation by CAs to facilitate and enhance the effectiveness and efficiency of their work.

Digital transformation is affecting not only the financial sector, but also supervision. In 2022 the EBA conducted a comprehensive study on CAs’ approach to the development of SupTech. This made it possible to i) understand how technology is used to support activities of CAs; ii) reveal the main SupTech-related benefits and challenges; and iii) identify areas for knowledge and skill-development initiatives.

Study results show that CAs in the EU have started their SupTech journey. More than half of the respondents have or are in the process of developing a SupTech strategy or plan. Authorities have indicated 553 SupTech tools, of which 216 are tested and deployed, 163 are at the pilot stage and 160 at an idea stage. There has been increased use of SupTech solutions during the last four years – most SupTech tools described in detail were launched in or after 2019.

Technology is leveraged to support supervisory processes in a broad range of areas under the EBA’s remit: microprudential, consumer protection/market conduct, anti-money-laundering and countering the financing of terrorism, resolution and deposit protection areas.

The most common SupTech tools currently in use relate to data analysis, collaboration within authorities and regular reporting. SupTech tools also aim to support supervisors in specific areas, for example, in i) media and social media monitoring; ii) credit, market, liquidity risk management; iii) identification of emerging risks, market surveillance; iv) complaint handling; v) processing of large amounts of documents; vi) risk scoring of individual financial institutions or sectors; vii) preparing for and tracking the progress of deposit compensation in the event of deposit payouts; viii) development of resolution plans.

The most widely used technologies that enable SupTech tools include i) data analytics and big data; ii) text mining/natural language processing; iii) application programming interfaces (APIs); iv) artificial intelligence and machine learning; and v) advanced visualisation.

Going forward, the EBA will continue to facilitate knowledge exchange among the CAs and support targeted training initiatives on SupTech, including, via the EU Supervisory Digital Finance Academy.

Consumer protection

Contributing to better regulated non-bank lending in the EU

While non-bank financial intermediation is not a new phenomenon, the use of new technologies and the digitalisation of financial services are paving the way for new players to enter local EU markets, increasingly making non-bank lending an alternative to conventional provision of lending by credit institutions. However, while the existence of alternative means of financing can increase competition and benefit consumers when credit provision happens outside the EU regulatory perimeter, this may create challenges for all the stakeholders and regulators.

Against this backdrop, and as part of a broader CfA on digital finance, the European Commission asked the EBA to carry out an analysis of the EU non-bank lending sector. The relevant report was published in May 2022. In the area of consumer protection, we recommended to widen the scope of the Consumer Credit Directive to cover some of the business models previously excluded (e.g. Buy-Now-Pay-Later loans, consumer loans offered through crowd-lending platforms), to enhance disclosure requirements and to strengthen requirements for creditworthiness assessment²⁶. Other proposals highlighted the need to strengthen the admission and authorisation procedures and clarify the prudential perimeter and the supervisory responsibilities, especially where lending is provided cross-border. Finally, it is proposed that non-bank lenders be subject to the EU-wide AML/CTF rules. This would help guard against uneven approaches and regulatory arbitrage and enhance the reporting framework, thus increasing the visibility of the risks from non-bank lending activities.

Providing advice to the EU Commission on the current legal framework for residential mortgages

In June 2022, the EBA published its response to the EC’s CfA on the review of the Mortgage Credit Directive (MCD). The MCD had become applicable in March 2016, with a view inter alia to create an EU internal market for residential mortgages and to ensure a high level of consumer protection. The EBA had supported the implementation of the MCD at the time through the development of a RTS and three sets of guidelines.

In its response to the CfA, the EBA observed that, overall, since the application of the MCD, consumer protection had become more effective throughout the EU single market and that creditors’ practices had been increasingly harmonised. Nevertheless, the EBA highlighted several issues that should be addressed through a potential revision of the MCD in order to facilitate smoother functioning of the internal market, foster a level playing field across all types of lenders and ensure an even higher level of consumer protection. To that end, the response recommended that the EU Commission clarify certain aspects of the scope of the MCD, address the impact of digitalisation on the distribution of mortgages, and apply measures to facilitate cross-border mortgages, thus contributing to financial stability and sustainability.

Collecting and publishing consumer trends data

In 2022, the EBA started work on the next edition of its biennial Consumer Trends Report, covering the years 2022/2023. In line with previous editions, the CTR will describe the trends that the EBA observed for retail banking products and services within its regulatory remit. The report will use a wide variety of sources, including consumer associations, national authorities, national ombudsmen, industry associations, and statistical databases, to identify the key issues that cause detriment to consumers across the EU. The report is due to be published in April 2023 and its content will shape the consumer protection priorities that the EBA will set for the subsequent two years.

Fighting money laundering and terrorism financing

 

In 2022, the EBA continued to lead the development of a consistent approach to tackling financial crime risk in the EU’s financial sector, to strengthen supervisory capacity and to coordinate the work of competent authorities and foster EU-wide responses to emerging money laundering and financing of terrorism (ML/TF) risks. It also continued to provide technical advice to the EU’s co-legislators to inform the development of the emerging legal and institutional EU anti-money laundering and countering the financing of terrorism (AML/CFT) framework.

Framework

Strengthening the EU legal and institutional framework

Financial crime cannot be tackled in isolation. This is why the EBA implemented a holistic regulatory framework to ensure a consistent approach to identifying, assessing and managing ML/TF risk across all areas of supervision and across all stages of a financial institution’s life cycle.

In 2022, the EBA completed this framework with new guidelines on core aspects of financial institutions’ AML/CFT governance and internal controls, the Remote Customer Onboarding Guidelines that provide clarity on the application of AML/CFT rules in a digital context, and the AML Compliance Officer Guidelines. Both guidelines set common EU standards in areas where divergent approaches existed that hampered the effectiveness of institutions’ AML/CFT defences and made the sector vulnerable to abuse by financial criminals.

The EBA also published revisions to its SREP Guidelines to specify how prudential supervisors should take ML/TF risks into account, a report on the withdrawal of authorisation that lays down uniform criteria supervisors should use to assess the seriousness of an AML/CFT breach and prepared for the delivery of ten new mandates under the recast Regulation on the transfer of funds and crypto-assets.

Supervision

Building supervisory capacity

The EBA supported the effective implementation of the AML/CFT framework by building supervisory capacity.

The EBA continued its programme of in-depth reviews of CAs’ approaches to tackling ML/TF risks in banks with on-site assessments of 12 CAs in 2022, detailed bilateral feedback and a report on their findings and recommendations from the previous year’s review cycle. The EBA also published a report on CAs’ responses to the Luanda Leaks with several good practices EBA staff had observed and assessed CAs’ approaches to tackling ML/TF risks in the payment institutions sector, with results due in 2023.

1. AML/CFT implementation Reviews – findings from Round 2

   Implementation reviews are EBA staff-led assessments of CAs’ approaches to tackling ML/TF risk in banks. In March 2022, the EBA published the findings from its second round of implementation reviews, which took place in 2020 and 2021.

   Over the course of 2020 and 2021, review teams assessed seven CAs from seven EU/EEA Member States and made recommendations tailored to each CA to support their AML/CFT work. They also assessed how prudential supervisors in these Member States tackled ML/TF risk in line with their supervisory remit and scope.

   Challenges that were common to most CAs in this round included difficulties in the identification and assessment of ML/TF risks associated with the banking sector and with individual banks within that sector, in particular in relation to TF risk; translating ML/TF risk assessments into risk-based supervisory strategies; using available resources effectively, including by ensuring sufficiently intrusive on-site and off-site supervision; and taking proportionate and sufficiently dissuasive enforcement measures to correct AML/CFT compliance weaknesses. The review teams also found that cooperation with FIUs was not always systematic and continued to be largely ineffective in most Member States, though several CAs had started to take steps to address this.

   Overall, while these challenges hampered the effectiveness of aspects of CAs’ approaches to AML/CFT supervision, change was underway and the review teams found that most CAs were on course to tackle ML/TF risks more effectively, holistically and comprehensively.

   Throughout 2022, EBA staff provided training where its findings suggested that this was necessary to strengthen supervisory knowledge and practices either in-house, or by contributing to events hosted by the Commission, the ECB and other EU bodies. For example, in April 2022, the EBA provided AML/CFT training to more than 100 EU life insurance supervisors. It also hosted a three-day training programme on effective, risk-based AML/CFT supervision, drawing on the findings from its AML/CFT implementation reviews. The EBA’s in-house AML/CFT training alone reached nearly 1 500 EU supervisors.

EU cooperation and coordination

The EBA continued to foster cooperation and information exchange among EU financial services supervisors and to coordinate common responses to EU-wide ML/TF risks. Staff continued to monitor and provide hands-on support to nascent EU AML/CFT colleges to strengthen cross-border AML/CFT supervision, led work to tackle unwarranted de-risking with a series of reports and new guidelines, and took the lead on a common response to emerging financial crime risks following Russia’s invasion of Ukraine.

As of 31 December 2022, 244 AML/CFT colleges had been established in the EU. Of these, 105 were established in 2022, including 35 in the banking sector, 18 in the payment/electronic money sector, 32 in the investment sector (collective investment undertakings, fund managers and investment firms) and 20 in the life insurance sector. EBA staff attended 11 of these colleges in 2022 It also published its second report on the functioning of AML/CFT supervisory colleges in the EU. The report highlighted that, although competent authorities were committed to implementing the AML/CFT colleges framework, they need to do more to ensure ongoing collaboration and proactive information exchange within colleges.

1. A new EU database

   On 31 January 2022, the EBA launched its central AML/CFT database EuReCa, which brings together information on serious deficiencies in individual financial institutions’ systems and checks that expose these institutions to ML/TF risk, and the measures CAs took to correct those deficiencies. Throughout the year, EBA staff supported CAs as they set up the internal processes necessary for reporting. By 31 December 2022, the EBA had received nearly 400 submissions from AML/CFT and prudential supervisors in 21 EU Member States, which it analysed and disseminated to CAs as necessary to inform their supervisory tasks.

   Since EuReCa’s inception, the EBA has provided extensive support to CAs to help them adapt their internal processes to meet their reporting obligation. Over the course of 2022, the EBA provided training to 550 supervisors; hosted monthly meetings for 190 CA staff in charge of reporting; answered more than 2 600 emails; prepared a user manual and FAQs; provided access to a test environment to enable users to get used to the platform before submitting real data; and reached out proactively to reporting authorities when inaccurate or incomplete data was identified.

EuReCA – one year on

One year on, EuReCA has become a key tool strengthening AML/CFT supervision and coordinating supervisory efforts across the EU and will keep contributing with its holistic insights to the fight against ML/TF.

Between 31 January and 31 December 2022, CAs reported to EuReCA 259 “material weaknesses” and 129 measures to mitigate these deficiencies. Most material weaknesses were related to credit and payment institutions, but reports were submitted on all types of financial institutions across different sectors. Most submissions were made by AML/CFT authorities and related to material deficiencies in institutions’ customer due diligence framework as well as wider AML/CFT systems and controls. Where prudential authorities submitted reports, these tended to relate to serious weaknesses, including negligence or wilful misconduct of senior management or members of the institution’s management body.

The EBA also received 15 “reasoned requests” from prudential and AML/CFT supervisors to access information from EuReCa, and EBA staff shared information with stakeholders on their own initiative.

Finally, the EBA continued to provide technical advice to the EC and co-legislators to strengthen the EU’s AML/CFT defences through letters, responses to calls for advice on wider financial services topics and bilateral exchanges, highlighting the importance of supervisory cooperation and a holistic, joint approach to fighting financial crime. A coordinated, joint approach will be particularly important as the new institutional AML/CFT framework is set up.

Roles and responsibilities of the AML/CFT compliance officer

Aniko Hrubi
AML specialist

Solene Rochefort
AML expert

Why was it important for the EBA to define the roles and responsibilities of the AML/CFT compliance officer in the form of guidelines?

Throughout the different interactions with AML supervisors across Europe, we understood that different approaches exist in different countries as regards the definition, tasks and hierarchical level of the AML compliance officer. This meant that, for example, senior management of financial institutions did not always prioritise hiring suitably qualified staff for AML/CFT roles, or that the AML compliance officer was simply not sufficiently senior to report to the institution’s senior management body, which then affected the quality of institutions’ AML/CFT compliance measures overall. The EU’s AML Directive requires financial institutions that have a management body to identify the member of the management body who is ultimately responsible for compliance with AML/CFT requirements. The AML Directive also explicitly says that an AML/CFT compliance officer should be appointed at the management level in institutions. But it doesn’t set out in detail how these provisions should be applied. We needed to create a common understanding across the EU about the underlying concept, hence the issuance of our guidelines.

What is the key message of the guidelines?

These Guidelines set clear expectations of the role, tasks and responsibilities of the AML compliance officer and the management body. They specify that financial institutions should appoint one member of their management body who will ultimately be responsible for the implementation of the AML/CFT obligations, and clarify the tasks and functions of that person. They also describe the roles and responsibilities of the AML compliance officer and when this person is appointed by the management body, according to the proportionality criteria. When the institution is part of a group, the Guidelines prescribe that a group AML compliance officer should be appointed and clarify this person’s tasks and responsibilities.

When drafting the guidelines, how did you take into account the huge variety of financial sector stakeholders that will need to implement these guidelines?

For all EBA work, the principle of proportionality is key. These guidelines specify that, depending on the scale and complexity of the financial institution’s operations and its risk exposure to ML/TF, the management body needs to decide if a separate, dedicated AML compliance officer needs to be appointed. Also, the proportionality criteria will determine whether that role will be carried out on a full-time basis or whether it may be carried out by an employee or an officer in addition to their existing functions within the financial institution.

How the AML CO Guidelines fit into the wider EBA Guidelines on internal governance?

We worked closely with EBA experts on internal governance and suitability. The AML Compliance Officer Guidelines complement, but do not replace, other existing relevant Guidelines issued by the ESAs on wider governance arrangements and suitability checks. Our messages are coordinated and consistent.

What feedback did you receive from the industry?

Reactions were in fact very positive! After the publication of the guidelines in June 2022, we participated in several private sector events to raise awareness and promote the new guidelines. Many AML compliance officers told us that they believed the guidelines were useful and actually contributed to enhancing the value of their position and the daily work they do. The EBA received the same message throughout its country reviews on AML/CFT supervision of banks in EU countries. It was great to hear such feedback!

From which date are the guidelines applicable?

The AML compliance officer guidelines are applicable as of 1 December 2022. Since that time, all EU supervisors confirmed to the EBA that they either comply or intend to comply with these guidelines.