Response to consultation on revised Guidelines for common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing

Go back

Q1. What are the respondents’ views on the overall amendments and clarifications made to the revised guidelines (across Titles 2 – 12)?

The update of the SREP guidelines and associated efforts to increase the transparency and clarity of the SREP are welcome. Yet, greater attention should be paid in supervisory practice overall to reducing the operational burden and costs of supervision for institutions as well. Despite the stronger emphasis on proportionality aspects, there is a risk that the burden for institutions will increase again due to the large number of regulatory requirements that need to be integrated by supervisors.

The principle of proportionality still lacks sufficient specificity and operationalization, while the SREP guidelines remain highly detailed. Although the number of pages was reduced, the content has been expanded in some areas. Many requirements continue to be tailored to large, complex institutions, which might limit the practicability for smaller institutions. 

More specifically, as regards the Scoring, looking at the level of ambition for a score of 1, the general question arises as to whether it makes sense to define a “degree of perfection” that is rarely or never achievable in practice. Moreover, the derivation of the overall SREP score from the individual sub-scores should be specified in more detail.

With regard to the presentation of potential supervisory measures, some of the tables contain proposals that would interfere with business and risk policy decisions. We reject these supervisory practices and policies. However, the strategies are the responsibility of the institution and its management body. The supervisory authority may only issue specific guidelines intervention measures in exceptional cases only. The tables in question (3, 5, 7, 9, 11, 13, 16, and 18) should therefore be omitted and replaced by more general references to the supervisory powers under Article 104 CRD, or clarified in that respect.

Lastly, on Benchmarking, we share the usefulness of “benchmarking with peers”, as proposed by the draft Guidelines, provided that the peer identification cohort is sufficiently relevant. ESBG calls on the EBA to foster a homogeneous approach and, especially, more transparency as to the criteria and the results taken into consideration. This applies to all benchmarking practices: for IRRBB and CSRBB, as well as credit risk.

Q2. What are the respondents’ views on the integration of ESG risks and factors across the existing SREP elements in the revised guidelines?

We support the integration of ESG risks and factors across the existing SREP elements, as this reflects the increasing importance of sustainability in the banking sector and remains in line with regulatory developments.

However, given the demanding requirements of the CRD and the CSRD, there are considerable challenges in terms of feasibility and proportionality. The integration of ESG risks into the SREP must not entail any additional challenges for institutions. ESG risks should be integrated into the existing risk assessment as risk drivers without special weighting. Proportionate requirements for assessing less significant institutions (LSIs) and small and non-complex institutions (SNCIs) are necessary to ensure a realistic SREP. Further, the integration of ESG risks must not lead to disproportionate capital surcharges and must be transparent and comprehensible in terms of supervisory expectations. (It should be clarified that only material ESG risks are relevant in any case, i.e. in paragraphs 149 and 202)

Against this background, we believe it is essential that this integration is implemented in a coherent and proportionate manner. In particular, we recommend:

  • Alignment with other regulations: The ESG requirements in the SREP Guidelines should be fully consistent with other relevant frameworks to avoid regulatory overlaps and ensure legal certainty.
  • Proportionality: Supervisory assessment regarding ESG should be objective, and adaptable to the specific risk profile and business model of each institution.
  • The approach should consider the size, complexity, and business model of each institution, ensuring that requirements are proportionate and do not create unnecessary burdens.
  • Avoiding duplication: Looking at existing ESG or sustainability requirements, the Guidelines should avoid introducing additional or conflicting obligations.

Overall, we welcome the EBA’s efforts to address ESG risks within the SREP, but emphasize the need for clarity, consistency, and proportionality in the final implementation.

Q3. What are the respondents’ views on the enhanced simplification and proportionality aspects?

We welcome the efforts to strive for further simplification, usability and proportionality within the SREP framework. This is indeed a positive development, as the ever-increasing granularity of regulatory and supervisory requirements hinders a risk-based supervision. Indeed, the proposed measures, such as the extended review cycle and the risk-focused approach, create additional flexibility and make it possible to take low-risk business activities into account to a more appropriate extent when planning and implementing supervisory intensity.

However, we observe that the approach to proportionality relies predominantly on a reduced frequency of assessments. While paragraph 2.4 rightly clarifies that proportionality should also apply to the level of detail and scope, this perspective is only partially reflected in the remainder of the draft guidelines. There are no concrete proposals for how proportionality can be operationalised in practice. The intended purpose is overshadowed by numerous, highly detailed lists of elements that competent authorities are expected to assess.

New regulatory requirements (e.g., ESG, DORA) are even leading to considerable additional costs despite the low relevance of small institutions with low-risk business models in terms of financial stability. In our view, adjustments regarding simplifications and proportionality aspects do not go far enough. Hence, the guidelines could emphasize more clearly which topics could be scoped out for smaller institutions (e.g., due to a low-risk business model may be subject to less intensive assessments and associated fewer information requests). Overall, the simplification approaches appear insufficient to provide noticeable relief for smaller institutions.

Q4. What are the respondents’ views on the introduction of a high-level escalation framework?

We support the introduction of a high-level escalation framework as it provides a structured approach for supervisors to respond to material risks and deficiencies, as it allows for sufficient flexibility and promotes a transparent and constructive dialogue between supervisors and institutions. 

However, ESBG understands that its effectiveness depends on the definition and communication of clear, objective criteria for triggering escalation stepsTransparency in the escalation process will help institutions understand expectations and prepare timely remedial actions, while maintaining a level playing field and reinforcing trust in supervisory practices.

Additionally, we would like to highlight the following points. Concerning paragraphs 22 and 23, some of the wording (in particular “... all available quantitative and qualitative measures should be used in a way that allows to best address the risk level and/or deficiencies” in paragraph 23) seem misleading and should be reconsidered. Supervisory measures should not be applied according to the maximum principle, but only to the extent necessary and appropriate in each specific case. Nor is it always necessary to identify an escalation path from the outset. With reference to paragraph 23, point f, we suggest clarifying that measures ordered should be specifically explained and justified to the respective institution.

Q6. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?

We consider the coverage and level of detail of Title 4 to be appropriate in principle, particularly in the context of risk-oriented supervision. The focus on materiality is to be welcomed. This supports targeted and efficient supervisory practices. The option of using previous year's assessments, provided that no significant changes have occurred, is sensible and helps to reduce the burden on institutions.

The following comments should also be considered:

  • Paragraph 68, point d: we propose to refer to “geopolitical risks” (instead of “events”);
  • Paragraph 71 (table 3): The business model and strategies are in the responsibility of the institution and its management body. The supervisory authority may issue specific measures only in exceptional cases, although this is not clear from the wording. The table should be clarified in that respect or omitted. A general reference to the supervisory powers under Article 104 CRD would be sufficient.

Q7. What are the respondents’ views on the updated section 5.7 “ICT systems, risk data aggregation and risk reporting”?

With regard to Title 5 in general, we believe it is essential that the final guidelines are fully aligned with the forthcoming EBA guidelines on internal governance and with the requirements of DORA. This alignment would help avoid regulatory overlaps, ensure legal certainty, and facilitate a consistent and efficient implementation by institutions. In our view, the guidelines should explicitly recognise the sufficiency of compliance with DORA and the internal governance framework and avoid introducing additional or conflicting requirements.

 

Moreover, the revised section should not impose any new or additional information requirements beyond those included in the EBA Internal Governance Guidelines. Any divergence would create unnecessary complexity and operational burden without adding supervisory value. Therefore, the principle of full alignment must be respected to ensure clarity, proportionality and efficiency. Institutions should be able to rely on compliance with existing governance and ICT frameworks as sufficient for meeting supervisory expectations under the SREP. 

It is important to recall, in this regard, that the draft Guidelines on SREP incorporate concepts that are still being developed in a separate EBA process, in particular the forthcoming EBA Guidelines on internal governance, which are still under review. We would like to refer to our comments on this matter, in particular those relating to the mapping and individual statements of duties under Article 88(3) CRD VI. Incorporating these new elements at this stage into the SREP methodology risks pre‑empting the outcome of the review process and assuming that no changes will be made in the final governance Guidelines. This approach may lead to misalignment between the two sets of Guidelines once the internal governance text is finalised. Therefore, we suggest that -if the SREP guidelines are finalised before the Governance guidelines- they should not embed, operationalise or expand requirements that (i) are still under discussion in a separate EBA mandate, (ii) do not yet have a final legal formulation, and (iii) may still undergo significant adjustments following stakeholder feedback. 

Until the Guidelines on Internal Governance are finalised, any reference within the SREP framework to the mapping of duties, individual statements or related processes should remain limited, high‑level and strictly principle‑based, avoiding operational prescriptions.

In connection with paragraph 84, ESBG believes that the proposed level of granularity is unnecessary and incompatible with the agility and flexibility that institutions require. Embedding such operational detail within the SREP risks hindering institutions’ ability to adapt internal structures to evolving business needs, diverging from a framework that should remain principle‑based and supervisory rather than prescriptive.

While this paragraph remains formulated at a general level, it nevertheless relates to two key elements addressed in the revised draft Guidelines on internal governance, namely the mapping of duties and individual statements. Both elements may pose significant operational challenges. Against this backdrop, we would like to reiterate, as expressed in the relevant public consultation, the need for a more practical approach that avoids the creation of additional documentation layers that do not materially enhance supervisory outcomes. 

Moreover, any expectation to maintain these mappings or statements at consolidated level exceeds the scope of CRD VI and would generate disproportionate burdens for complex groups. These references should therefore be removed.

More specifically, we would like to make some further comments pertaining to some paragraphs under Title 5: 

  • Paragraph 76: EBA guidelines that are directed exclusively at supervisory authorities (Guidelines on ICAAP and ILAAP information) do not have to be complied with by the institutions and should therefore be removed from the table.
  • Paragraph 83: As the EBA introduces the assessment of “appropriate understanding” and “sufficient knowledge and skills” “through regular training”, ESBG notes that the expectations leave significant scope for subjectivity and considers that the assessment could benefit from clarification.
  • Paragraph 100: If all types of stress testing are meant here, the wording “... whether the institution is able to maintain the applicable TSCR, at all times, in an adverse scenario ...” might contradict the expectations of reverse stress tests and should be reviewed in this regard.
  • Paragraph 104: In the last sentence, “validated” should be replaced with “reviewed,” as it does not refer to validation activities in the strict sense.
  • Paragraph 105: The close coordination between supervisory and AML/CFT authorities should also cover potential measures, in order to avoid duplicative or conflicting measures.

Q8. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?

The title's coverage is generally comprehensive, but the proposed expansion of the scope of the assessment (ESG factors, granular assessments of credit processes and stress tests) leads to a considerable level of detail, which should be reviewed critically. This expansion could lead to a focus on documentation requirements, which would dilute the principle of risk-based supervision. The risk-based approach of the SREP should be emphasized more strongly in Title 6.2 to ensure that the requirements do not lead to a disproportionate expansion of audit and documentation obligations for institutions. Risk-oriented prioritization, based on materiality, is crucial.

ESBG members have also made specific comments on this matter, as follows:

  • Paragraph 127: EBA publications that are directed exclusively at supervisory authorities (Supervisory handbook for the validation of IRB systems) do not have to be complied with by the institutions and should therefore be removed from the table.
  • Paragraph 136: The indications there should mainly refer only to IRBA institutions. This should be clarified.

Q9. Do you agree with the treatment proposed to account for transfer pricing risk in the context of trading book activities? Please elaborate.

We kindly ask the EBA to consider the following comments on the relevant paragraphs:

  • Paragraph 163: EBA statements that are addressed exclusively to supervisory authorities (RTS on the assessment methodology to verify an institution’s compliance with the IMA) should be removed from the table.
  • Paragraph 170: We recommend the following clarification: “... competent authorities should consider at least the relevance of the following subcategories”
  • Paragraphs 174 & 177: The explanations regarding the determination of P2R do not fit directly into this section. If they are retained here, references to them should at least be added to paragraph 303.

Q10. What are the respondents’ views on the integration of the EBA GL on ICT risk assessment under the SREP (EBA/GL/2017/05) and DORA aspects?

We welcome the integration of DORA, ICT Risk and Operational Resilience into a consolidated guideline. However, there seems to be a wide thematic overlap between Operational Resilience, Digital Operational Resilience, Operational Risk and ICT Risk and it is unclear which aspects of these concepts are overseen under which title. On this note, ESBG would appreciate more clarity in form of a consistent taxonomy, indicating how these concepts are connected and interact, as well as some streamlining of this section.

Q11. What are the respondents’ views on the introduction of operational resilience (section 6.4.5)?

The introduction of the concept of operational resilience is generally welcomed as a holistic approach to ensuring the continuity of critical and important functions during disruptions. The proposed framework rightly emphasizes the integration of operational risk management, business continuity, ICT resilience, and third-party risk management into a consolidated supervisory perspective. This alignment is essential to strengthen institutions’ ability to anticipate, withstand, and recover from severe operational events. 

However, it should be highlighted that this is a partially a new concept, which is only reflected in the definitions of the revised Governance guidelines. The implementation within the SREP guidelines should not lead to additional requirements, particularly for smaller, less complex institutions with lower risks and limited resources. 

We recommend that clearer proportionality aspects be enshrined in paragraph 244 to ensure that operational resilience requirements remain practicable and enforceable.

Furthermore, we would like to make the following considerations on this matter:

  • Clarity on Scope and Taxonomy: Operational resilience is presented as a holistic framework that draws on existing regulatory components such as DORA, EBA Guidelines on Internal Governance, and recovery and resolution planning. However, the boundaries between operational resilience, operational risk, ICT risk, and digital operational resilience remain ambiguous. This lack of clarity can lead to overlapping supervisory expectations and duplicative implementation efforts. We would appreciate establishing a consistent taxonomy that explicitly defines each concept, outlines their interrelationships, and specifies which elements fall under the operational resilience assessment versus other frameworks. Such clarity would enable institutions to structure governance, reporting, and resource allocation efficiently while ensuring compliance.

In summary, we agree with the holistic approach and believe that operational resilience is a necessary evolution of existing risk management practices. Greater clarity on scope, proportionality, and integration with existing frameworks will be key to successful implementation.

Q12. What are respondents’ views on the additional section on CSRBB and the combined score for IRRBB and CSRBB?

In the current SREP, the emphasis is on IRRBB, while CSRBB is only mentioned as a secondary aspect, with very limited and underdeveloped treatment, aligned with the former IRRBB guidelines.

In the consultation paper, CSRBB receives its own detailed treatment, comparable to IRRBB, in line with the February 2022 guidelines. This requires a separate assessment of IRRBB and CSRBB, although a combined view and score is now requested. 

The combined assessment and score for IRRBB and CSRBB seems understandable from the regulator’s point of view, contributing to simplification. 

The most significant change is the focus on the CSRBB perimeter, which expands and deepens its scope. However, the wording of paragraph 286 should take into account the principles of proportionality and materiality. Not every minor CSRBB sensitivity should lead to mandatory inclusion in the perimeter.

Q13. What are the respondents’ views on the proposed assessment of the interaction between Pillar 1 and Pillar 2 requirements and on the proposed approach for operationalizing concerning cases where an institution becomes bound by the output floor?

A new section has been introduced in the guidelines requiring supervisory authorities to assess the impact of changes in the Pillar 1 regulatory framework (P1R) on institutions’ capital profiles and to adjust Pillar 2 (P2R) accordingly.

Regarding the output floor, it is explained that, once it becomes binding, authorities should avoid overlaps between the output floor and P2R elements by applying a temporary “cap” to prevent undue increases in capital requirements. Once any duplicated elements have been removed, this cap should be lifted.

ESBG believes that there should be more transparency on general interaction between P1R and P2R and how competent authorities determine P2R in the light of output floor and beyond. To enable institutions a clear understanding of SREP assessment and interaction between P1R and P2R, considering also the output floor if applicable, the drivers and components of P2R have to be made transparent.

We recommend including examples within the SREP guidelines which explain material impacts stemming from regulatory changes and shall not be considered within the P2R requirement setting as they are covered under P1R. The outcome of such assessment should be reflected in the SREP decision for the sake of transparency and to help credit institutions understand the competent authority’s evaluation of such interaction between Pillar1 and Pillar2.

Some further comments for the consideration of the EBA:

  • Paragraph 325: The specific period of two years has no legal basis in the CRD and should be deleted. The notes on responding to breaches of P2G in section 9.5 appear to be sufficient.
  • Paragraph 351: The sole focus of P2G on CET1 continues to lack a legal basis in the CRD. We consider the reasoning given under “Background and rationale” (para. 25) to be invalid.

As regards the inclusion of the Overall Recovery Capacity (ORC) in the SREP score, ESBG would like to raise the following concerns:

  • The proposal could lead to redundancies or double counting in terms of scoring, particularly for Capital and Liquidity assessment of SREP.
  • The ORC is highly context-specific (idiosyncratic, market-wide, or combined scenario) and would introduce a degree of subjectivity into the overall SREP assessment.
  • It would also require taking into account an associated time horizon (6 months for liquidity ORC or 18 months for capital ORC) and would add further complexity to the SREP process at a time when regulators are striving to simplify the regulatory and supervisory framework.
  • ORC is very specific to the context and blurs the comparability across institutions

In light of the previous points, ESBG would like to request clarification of the following enquiries:

  1. What criteria will be applied for assessment, considering both qualitative and quantitative perspectives?
  2. Are there any options that may be excluded from the recovery plan due to implementation challenges, such as timelines or costs? If so, will there be a preference tiering for certain options or the potential application of additional haircuts?
  3. What implications might arise for valuation models as a result of this integration?

Moreover, ESBG would welcome clarification on the ORC calculation method set out in the Standardised Reporting Template, as transparent and objective criteria are essential for the appropriate assessment of the ORC and for fostering constructive engagement between credit institutions and supervisors.

Q14. What are the respondents’ views on the merger with the ‘SREP liquidity assessment’ and the merger of the scores into a combined liquidity and funding adequacy score?

The fundamental change regarding liquidity and funding is the full integration of the assessment, scoring, and supervision of liquidity and funding risks. These risks, previously treated as separate components, will now be managed and supervised jointly, reflecting their real interdependence in banking risk management. In practice, this reinforces the integrated view of both risks, which institutions have already been applying for years.

According to the revised SREP Guidelines, the assessment will be conducted jointly, aligning with how institutions already operate through the ILAAP. In other words, the supervisor is now adapting to the effective practices of institutions. Liquidity risk (ability to cover short-term outflows) and funding risk (ability to maintain stable sources over the medium and long term) will be evaluated in an integrated manner. Stress tests, key indicators (LCR, NSFR, survival period, source concentration, quality of liquidity buffer, etc.), and ILAAP review will be unified, and the double scoring will be eliminated. There will be a greater use of benchmarking in the SREP assessment and an increased focus on intraday liquidity stress scenarios.

In this vein, further to paragraph 434, the understanding of the applied benchmarks is generally of high importance for the institution to understand the outcomes. Therefore, supervisory authorities should be required to provide detailed information on the benchmarks used at the request of institutions in any case.

Additionally, regarding paragraph 372 on coverage of all material legal entities, ESBG agrees with the expectation and with entities’ responsibility for implementing risk management. We would, however, recommend that the EBA clarify that, in the case of consolidated groups, both the findings and the remediation should be handled at the level of the consolidating entity.

Q15. What are the respondents’ views in relation to enhanced communication aspects?

We welcome the enhanced communication aspects proposed in the revised guidelines. ESBG already observes clearer and simpler supervisory in recent communications, which is a positive change.

Nevertheless, it should be stated that the Guidelines should be clearer regarding the granularity (elements and sub-elements) and detail (+/- qualifiers) of scores competent authorities should share with the institution. This is vital for the institution’s understanding of where exactly it stands. In the spirit of transparency, optionality should be removed from the text such that competent authorities will communicate not only scores for all elements but also main qualifiers / drivers for each (sub-)score. 

When it comes to the LSI SREP, leeway should be included for the timing of the process of scoring institutions and communication of the SREP results. There should be no obligation for NCAs to include all parameters and information with regard to the SREP outcome into exactly one letter to the management body. The process (assessments and communication of the respective results) may be distributed over time. 

Q17. Do you consider the coverage and level of detail of this Title appropriate for its intended purpose?

Supervisory stress tests often cause high costs for supervisors and institutions, which are not always proportionate to the insights gained. Title 11 should at least include additional guidance on how to achieve greater proportionality (simplification options for institutions in SREP categories 3 and 4).

Upload files

Name of the organization

European Savings and Retail Banking Group (ESBG)