Response to consultation on revised Guidelines for common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing
Q1. What are the respondents’ views on the overall amendments and clarifications made to the revised guidelines (across Titles 2 – 12)?
We welcome the update of the SREP guidelines and the associated efforts to increase the transparency and clarity of the SREP. The consolidation and clarification of the requirements are helpful for planning purposes and for the dialogue with the supervisory authority. However, we generally would like to see greater simplification, less complexity, and elimination of parallel requirements, i.e. a more holistic, principle-based supervisory approach including a limitation of regulatory "layers", with a focus on efficiency and proportionality (see our discussion paper on competitiveness from November 2025).
In supervisory practice, greater attention should be paid overall to reducing the operational burden and costs of supervision for institutions as well. Despite the stronger emphasis on the principle of proportionality, there is a risk that the burden for institutions will increase again due to the large number of referenced regulatory requirements that need to be integrated by supervisors. We question therefore whether the numerous references to EBA guidelines are necessary (e.g. paragraphs 76, 127, 163, 195, 248, 365) or simply create an additional impediment for proportionality.
In our view, the principle of proportionality still lacks sufficient specificity and operationalization, while the reviewed SREP guidelines remain highly detailed. Although the number of pages was reduced, the content has been expanded in some areas. Many requirements continue to be tailored to larger institutions, which further limits the practical relief for smaller institutions. Practicality and proportionality should be consistently applied in supervisory practice.
For all institutions, there remain a number of ambiguities and redundancies that should be clarified or removed. In order not to overload our answers to the questions asked, we have moved some comments on individual text passages to an appendix (see part 2 of the uploaded file).
Regarding the supervisory scoring: With regard to the level of ambition for a score of 1, the general question arises as to whether it makes sense to define a “degree of perfection” that is rarely or never achievable in practice. This means that the best scores must be basically achievable in all supervisory view areas (Table 20) for an overall SREP score of 1. In addition, the derivation of the overall SREP score from the individual sub-scores should be specified in more detail, i.e., how the overall SREP score is calculated.
Regarding the presentation of potential supervisory measures: Some of the tables contain proposals that would interfere with business and risk policy decisions. However, the strategies are the responsibility of the institution and its management body. The supervisory authority may issue specific intervention measures in exceptional cases only. The tables in question (3, 5, 7, 9, 11, 13, 16, and 18) should therefore be omitted and be replaced by more general references to the supervisory powers under Article 104 CRD to avoid unnecessary complexity of the guideline or be clarified in that respect.
Q2. What are the respondents’ views on the integration of ESG risks and factors across the existing SREP elements in the revised guidelines?
The integration of ESG risks into the SREP process is fundamentally understandable and in line with regulatory developments.
However, there are considerable challenges in terms of feasibility and proportionality given the demanding requirements of the CRD and the CSRD. The integration of ESG risks into the SREP, on the other hand, must not entail any additional challenges. This said, supervisory attention to E, S, and G factors should be phased in line with the availability of robust data, and only where these factors have a demonstrable impact on the institution’s financial risk profile. In any case, ESG risks should be integrated into the existing risk assessment as risk drivers without special weighting. In addition, clearly defined proportionate requirements for less significant institutions (LSIs) and particularly for small institutions would help to enhance SREP efficiency in the supervisory practice. It is important to exercise sound judgment: ESG risks should be treated like other risk drivers and not be addressed in excessive detail without risks being material or established as a separate "special pillar"; methodological maturity levels (data/methods) must be taken into account, in particular for small institutions.
The integration of ESG risks must not lead to disproportionate capital add-ons and supervisory expectations must be transparent and comprehensible. Proportionality should of course apply to any supervisory measures, ensuring that interventions are commensurate with the materiality of the financial risks arising from ESG factors and the impact of ESG-related deficiencies on individual SREP scores should be limited to cases where there is clear evidence of material financial risk to the institution. In this respect, it should also be clarified that only material ESG risks are concerned throughout the guidelines in any case:
Please see uploaded file for comments on specific paragraphs.
Q3. What are the respondents’ views on the enhanced simplification and proportionality aspects?
We welcome the efforts to strive for further simplification and proportionality as part of the SREP guidelines. This is indeed a very positive development, as the ever-increasing granularity of regulatory and supervisory requirements carries the risk of losing sight of the principles of risk-based supervision.
The proposed measures, such as the extended review cycle and the risk-focused approach, create additional flexibility and make it possible to take low-risk business activities into account to a more appropriate extent when planning and implementing supervisory intensity.[1]
However, we observe that the approach to proportionality relies predominantly on a reduced frequency of supervisory assessments. While paragraph 2.4 rightly clarifies that proportionality should also apply to the level of detail and scope, this perspective is only partially reflected in the remainder of the draft guidelines. There are no concrete proposals for how proportionality can be operationalised in practice – beyond the aspect of frequency. As a result, the intended purpose is overshadowed by numerous, highly detailed lists of elements that competent authorities are expected to assess.
New regulatory requirements (e.g., ESG, DORA) are even leading to considerable additional costs despite the low relevance for small institutions with low-risk business models in terms of financial stability. The implementation of new regulatory requirements also poses the risk that small and non-complex institutions in particular will receive higher capital add-ons as a result of worse sub-scores if they do not fully meet the requirements. In our view, adjustments regarding simplifications and proportionality aspects do not go far enough.
Hence, the guidelines could emphasize more clearly which topics can be scoped out for small institutions, e.g., due to a low-risk business model that may be subject to less intensive assessments (and how those could be achieved, i.a. due to associated lower information requests). Finally, the entire section contains no or too few exceptions for small institutions and therefore does not operationalize proportionality sufficiently, which would be required to enhance efficiency of the SREP for small banks.
Overall, the approaches to simplification and proportionality are fundamentally positive, but are neither specific nor sufficient to provide noticeable relief for small institutions. Consistent implementation in supervisory practice and clear operationalization are crucial to upholding the principles of risk-based supervision. Introducing a set of concrete examples for SIs/LSIs and/or small banks would help to illustrate how to implement proportionality by competent authorities.
At the same time, for very large institutions, a wider perspective of the supervisory analysis may even be necessary. This applies where they are in competition with peers, the fairness of which must also be enshrined in the SREP assessment.
Please see uploaded file for comments on specific paragraphs.
Q4. What are the respondents’ views on the introduction of a high-level escalation framework?
We welcome the introduction of a high-level escalation framework.
The proposed structure contributes significantly to transparency and clarity in the SREP process. A clear communication of the escalation mechanisms to the institution in question, including escalation triggers and timelines, is fundamentally sensible and creates planning certainty for institutions, which should hence be informed of the respective possible escalation path. The broader use of structured escalation paths instead of ad hoc measures is also welcomed in the interests of transparency and constructive supervisory dialogue.
In our view, the proposed escalation framework, which focuses on dialogue before imposing immediate capital surcharges, is a sensible approach and increases acceptance of the SREP results. The principle-based nature of the framework is welcomed and should be firmly anchored in the SREP. The introduction of a high-level escalation framework is an important step towards strengthening transparency and improving supervisory practice. We support the proposed structure and recommend further operationalizing the principles to ensure consistent application.[1]
Please note the comment on the measures listed in Tables 3, 5, 7, 9, 11, 13, 16, and 18, some of which interfere with business policies of the institutions and need to be critically reviewed (see Q1).
Please see uploaded file for comments on specific paragraphs.
Q5. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?
NA
Q6. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?
We consider the coverage and level of detail of the proposed design to be appropriate in principle, particularly in the context of risk-oriented supervision. We welcome the focus on materiality as this supports targeted and efficient supervisory practice. The option of using previous year's assessments, provided that no significant changes have occurred, is sensible and helps to reduce the burden on institutions.
The focus on materiality and efficiency should be further strengthened through targeted adjustments to the text. These include defining material assessment areas, deleting or clarifying unclear terms and redundancies, and providing specific guidelines on the use of results from previous audits, provided there are no material changes, and on the use of financial reporting as a basis, provided that information can be derived from it.
Please see uploaded file for comments on specific paragraphs.
Q7. What are the respondents’ views on the updated section 5.7 “ICT systems, risk data aggregation and risk reporting”?
NA
Q8. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?
The title's coverage is generally comprehensive, but the proposed expansion of the scope of the assessment leads to a considerable level of detail. Title 6.2 includes a significant expansion of the requirements for the competent supervisory authorities, including regarding ESG and climate risk factors, and more granular reviews of credit processes and stress tests.
This expansion could lead to a one-sided focus on documentation requirements, which would dilute the principle of a risk-based supervisory approach. The risk-based approach of the SREP should also be emphasized more strongly in Title 6.2 to ensure that the requirements do not lead to a disproportionate expansion of audit and documentation obligations. Clear prioritization based on materiality is crucial. In our view, the proposed level of detail is only appropriate if it is applied in a consistently risk-oriented manner. As recommend with regard to Question 1 the guideline should be clarified accordingly and the principles of proportionality and materiality should be clearly operationalized.
Please see uploaded file for comments on specific paragraphs.
Q9. Do you agree with the treatment proposed to account for transfer pricing risk in the context of trading book activities? Please elaborate.
NA
Q10. What are the respondents’ views on the integration of the EBA GL on ICT risk assessment under the SREP (EBA/GL/2017/05) and DORA aspects?
The integration of ICT risks and DORA aspects into the SREP guidelines is generally welcomed, as it underscores the importance of digital resilience. Competent authorities are able to utilize an array of supervisory instruments to inform their SREP and determine the ICT risk in a financial institution. However, it is unclear how these instruments feed into each other, lead to the SREP score, and how they are chosen throughout a year. The SSM can force a financial institution to submit an ITRQ, a DORA RMF Review and/or a substantive Request for Information via a Deep Dive or a targeted review request. This could include a further On-Site Inspection, a DORA Threat-Led Penetration Test and participation in a Cyber Stress Test. A competent authority is required to ensure that the SREP is proportionate to the risk in a financial institution and, while there are numerous instruments available, they should not all be utilized throughout a single year. Financial institutions, in addition, do not have transparency concerning how each instrument respectively influences their SREP score and would welcome more transparency concerning their role in a competent authorities’ risk assessment. Therefore, more aspects of the ICT-related SREP should be open for industry consultation. While the EBA Guidelines provide transparency regarding considerations for risk, they do not account for how SREPs are operationalized by competent authorities. RFIs, ITRQs, CSTs all could benefit from increased input from the industry and the use of cybersecurity expertise within financial institutions to increase their effectiveness. Financial institutions would welcome an additional level of engagement before SREP scores are provided and the ability to speak to Joint Supervisory Teams if there are aspects of misinterpretation. Financial institutions are often caught unaware of risks perceived by the JST and expressed with supervisory letters.
Individual aspects of the new guidelines go beyond the requirements of DORA, e.g.: para. 216 i), para. 218 (the required assessment of potential impacts is not provided for in DORA, where assessment only takes place in the event of specific incidents) and para. 219 (the subcategorization of material risks (Annex III ICT risk) is not defined in DORA, which leads to classification and delimitation problems).
We recommend greater harmonization of the SREP guideline with DORA to avoid double checks and room for interpretation.
Q11. What are the respondents’ views on the introduction of operational resilience (section 6.4.5)?
The EBA plans to introduce operational resilience as a subchapter within the SREP Guidelines despite no existing operational resilience regulatory framework within the EU. The introduction of new regulatory concepts in supervision, without any basis in regulation or legislation, is inappropriate and should be subject to Commission legislation or consultation with industry participants. Furthermore, the application of a holistic operational resilience approach to the banking sector only would not reflect that covering insurance, pensions, capital markets, asset management, asset management, financial market infrastructures, credit rating agencies, benchmarks or crypto-asset providers would not be supervised on this basis. A banking sector and supervision-only introduction of operational resilience does not follow the standard practice for the development of policy within the EU and we encourage its deletion from the SREP Guide.
Even if there was a regulatory framework to leverage on, the implementation within the SREP guidelines should not lead to additional requirements, particularly for smaller, less complex institutions with a low risk profile and limited resources and e.g. a central service provider. We therefore recommend that clearer proportionality measures are included in paragraph 244 and specific proportionality examples are provided to ensure that operational resilience requirements remain adequate for small institutions (focusing on controlling disruptions instead preventing each individual risk). More generally, we call for a proportional scope, using existing elements (e.g. BCM, third-party risk, incident management) and avoidance of additional reporting/testing burdens beyond DORA also as part of the SREP on operational resilience.
Q12. What are respondents’ views on the additional section on CSRBB and the combined score for IRRBB and CSRBB?
The combination of IRRBB and CSRBB into a single score is fundamentally understandable and can contribute to simplification. CSRBB methodologies are typically less mature, therefore we call for a pragmatic and proportionate approach, without mechanistic link to capital add-ons; focus should be given to controllability and consistency with existing IRRBB processes.
Q13. What are the respondents’ views on the proposed assessment of the interaction between Pillar 1 and Pillar 2 requirements and on the proposed approach for operationalizing concerning cases where an institution becomes bound by the output floor?
Whilst the draft guidelines contain some elementary recognition of interaction and double counting between P1R and P2R in case institutions become bound by output floor, this is not sufficient to cover the complexity of the topic.
The draft guidelines identify only one possible case of double counting, namely that of model deficiencies, but it is unclear if there are other possible cases of double counting, as P2R is still not transparent to institutions. We are therefore in favour of the integration of the EBA Opinion on the output floor and the more general provision on the interaction between P1R and P2R (“option 2”). Yet, there needs to be more transparency on general interaction between P1R and P2R and how competent authorities determine the P2R in the light of output floor and beyond. To ensure institutions have a clear understanding of the SREP assessment and the interaction between P1R and P2R, considering the output floor, the components of P2R need to be transparent to institutions in the SREP assessment. To this end, we welcome and emphasize the EBA's addition in paragraph 297, which states that competent authorities should assess the impact of relevant changes to the regulatory framework for determining P1R on P2R. To further strengthen this principle, the SREP methodology could be more comprehensively revised to embed the avoidance of double counting throughout the framework, rather than addressing it in isolated/individual paragraphs.
As concluded by EBA, there is no assurance that on the EU level, competent authorities have comparable or aligned practices in assessing the P2R.[1] Therefore, more transparency and guidelines on P2R components for large institutions should be put in place going forward.
[1] EBA’s report on convergence of supervisory practices in 2023: https://www.eba.europa.eu/sites/default/files/2024-07/84952d29-8217-4a06-9ea2-f05be3898f06/2023%20Convergence%20Report.pdf
Q14. What are the respondents’ views on the merger with the ‘SREP liquidity assessment’ and the merger of the scores into a combined liquidity and funding adequacy score?
The combination of the two assessments into a single score is generally viewed positively, as it offers the opportunity to reduce the audit burden and to simplify supervisory practices. An integrated assessment of liquidity and refinancing adequacy can create synergies and avoid duplication.
However, the combination should be designed in such a way that the transparency of the individual assessments is maintained to ensure a clear traceability for the institutions. We recommend clearly defining the methodology of the combined score and ensuring that the weighting of the two components (liquidity and refinancing) is transparent and risk oriented.
Q15. What are the respondents’ views in relation to enhanced communication aspects?
The proposed improvements to communication between supervisors and institutions are highly welcome. Clear, structured, and timely communication is crucial to ensuring transparency and planning certainty for institutions. Improved communication supports the traceability of supervisory expectations and facilitates the implementation of requirements. Early and clear communication on escalation triggers, timelines, and assessment logic contributes to the acceptance of SREP results and reduces room for interpretation.
In order to get a clear and comparable picture of the assessment outcome and taking into account the various components that are included in SREP assessment and P2R determination, institutions should be given an adequate level of transparency on the composition of P2R, so that they can effectively steer their efforts to remediate deficiencies and understand its drivers, also in the light of a highly complex capital stack.
Please see uploaded file for comments on specific paragraphs.
Q16. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?
NA
Q17. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?
The coverage and level of detail of the title are generally considered appropriate. The streamlining is positive.
The proposed adjustments are a step in the right direction towards strengthening the principles of proportionality and practicability. Supervisory stress tests still cause high costs for supervisors and institutions, which are not always proportionate to the insights gained. Title 11 should include additional guidance on how to achieve greater proportionality. We recommend that these approaches be consistently implemented and further expanded in supervisory practice. In doing so, it must be made transparent to institutions at all times how their respective results are arrived at, i.e., supervisory stress tests must not be a black box. We generally recommend a top-down approach instead of resource-intensive bottom-up approach for small institutions, stronger proportionality in scenario complexity, and the avoidance of overlaps with ICAAP stress testing to reduce unnecessary complexity.[1]
[1] See also our discussion paper on competitiveness from November 2025.
Q18. Do respondents consider the guidance for the assessment of third-country branches appropriate and sufficiently clear?
NA