Supervisory priorities for 2023-2025

The European Central Bank (ECB) Banking Supervision, in close collaboration with national competent authorities, has reviewed its strategic priorities for the next three years to reflect the urgent challenges and more structural vulnerabilities in the sector, such as post-COVID scenario; geopolitical context; inflationary pressures and pre-existing risks. The three priorities identified are based on a comprehensive assessment of the risks and vulnerabilities of supervised entities, take into account the progress made in relation to the priorities set last year and take into account the results of the 2022 supervisory review and evaluation process (SREP).

Executive summary

Supervised institutions should strengthen their resilience to immediate macro-financial and geopolitical shocks, address the challenges of digitalisation and intensify their efforts to address climate change. To this end, the ECB sets out a series of specific actions on credit risk, liquidity, digital transformation, outsourcing, cyber security and climate risk.

Main content

This Technical Note summarizes the main aspects of the Supervisory Priorities:

• Strengthening resilience to immediate macro-financial and geopolitical shocks. The aim is to ensure that the banking sector remains resilient and that banks cope with the impact of external shocks on their activities and identified vulnerabilities:
  • Shortcomings in credit risk management, including exposures to vulnerable sectors: Banks should address deficiencies in their credit risk management frameworks to identify and mitigate any build-up of risks. In this regard, the ECB will carry out a series of activities to follow up on the identified vulnerabilities:
    • Targeted reviews of loan origination and monitoring, assessing compliance with the related EBA guidelines.
    • Targeted reviews of IFRS 9 aimed at assessing compliance of selected banks with supervisory expectations laid down in the 2020 “Dear CEO” letter.
    • On-site inspection (OSI) campaigns on IFRS 9. Also, targeted OSIs on energy and/or commodity traders and Targeted joint on-site/internal model investigations for some material portfolios.
  • Lack of diversification of funding sources and deficiencies in funding plans: institutions will be asked to develop, execute and adjust as needed a sound and reliable liquidity and funding plan. In this regard, the ECB will conduct a targeted review of targeted longer-term refinancing operations (TLTRO III) exit strategies for selected banks.
• Ensuring that banks address digitalisation effectively and strengthen their management bodies’ steering capabilities. Banks should address persisting deficiencies in their digital transformation strategies and governance arrangements. Doing so can help make their business models more resilient and sustainable.
  • Deficiencies in banks’ digital transformation strategies. Institutions must have sound strategies and adequate arrangements in place to address the challenges arising from the changes brought about by digitalisation. In this respect, the ECB:
    • Will publish supervisory expectations on digital transformation strategies.
    • Will perform reviews of banks’ digital transformation strategies and OSIs on digital transformation.
  • Deficiencies in operational resilience frameworks. The continuity of banking activities and services must be ensured in the face of potential disruptions. In this sense, the ECB will collect data from outsourcing registers to identify interconnections among significant institutions and will perform targeted reviews and OSIs of outsourcing and cyber security management.
  • Deficiencies in management bodies’ functioning and steering capabilities. Banks need to strengthen the composition and oversight capabilities of their boards. The ECB will conduct targeted reviews of the effectiveness of banks’ management bodies and will update the supervisory expectations regarding banks’ governance arrangements and risk management.
  • Deficiencies in risk data aggregation and reporting. Appropriate frameworks for data aggregation and reporting are necessary. The ECB will refine and communicate to banks of supervisory expectations related to the implementation of risk data aggregation and risk reporting principles. Inspections of entities with persistent deficiencies will also be carried out.
• Stepping up efforts to address climate change. Institutions need to take measures and address the risks associated with climate change in an appropriate manner. In this regard, the greatest vulnerability is significant exposures to physical and transitional risk. Banks will only be able to mitigate the risks they face if they adequately consider climate-related and environmental factors in their strategies, risk management practices and decision-making processes. In this sense, the ECB will:
  • Targeted deep dives to follow up on shortcomings identified in the context of the 2022 climate risk stress test and thematic review.
  • Review of banks’ compliance with new ITS reporting and Pillar 3 disclosure requirements related to climate risk, and benchmarking of banks’ practices against supervisory expectations.
  • Deep dives on reputational and litigation risk associated with climate-related and environmental strategies and risk profiles for selected banks.
  • Preparatory work for reviews of banks’ transition planning capabilities and readiness for ESG related mandates expected in the sixth Capital Requirements Directive (CRD VI).
  • Targeted OSIs on climate-related aspects.

Download the technical note Supervisory priorities for 2023-2025 (also available in Spanish).