Nos derniers articles

On 12 August 2025, the European Banking Authority (EBA) published a report on the use of supervisory technology (SupTech) in anti-money laundering and counter-terrorist financing (AML/CFT) oversight. It draws on a November 2024 survey of 31 competent authorities across 25 EU member states (plus three outside) and a January 2025 workshop with the European Commission’s AMLA Task Force.
Global Regulation Tomorrow
. The report notes that 47 % of SupTech tools are already in production, 38 % are under development, and 15 % are exploratory. Benefits include improved data quality, analytics, efficiency and collaboration, while challenges involve limited resources, governance issues, legal uncertainties and organizational readiness.
.

The draft strengthens governance arrangements, clarifies management body roles, and enhances oversight of internal control, risk management, and compliance functions. It incorporates ICT and security risk management in line with DORA, requiring institutions to integrate digital operational resilience into governance frameworks. The revisions also address anti-money laundering, conflicts of interest, and gender-neutral remuneration. Stakeholders can submit feedback until October 2025, with final guidelines to replace the 2017 version.

This Final Report (EBA/RTS/2025/03) presents draft Regulatory Technical Standards (RTS) under the Capital Requirements Regulation (CRR) III. It addresses three mandates:
• An operational risk taxonomy with Level 1 event types, Level 2 categories and supplementary attributes (including ESG and ICT risks), to standardise how institutions classify loss events.
• Criteria for deeming the annual‑operational‑risk loss calculation “unduly burdensome” for certain institutions, allowing temporary waivers.
• Rules for adjusting loss‑data sets when firms merge or acquire entities, including currency conversion, re‑classification and fallback proxies.

This opinion and accompanying report from the 𝗘𝗕𝗔 provides a comprehensive overview of 𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 (𝗠𝗟) 𝗮𝗻𝗱 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗧𝗙) 𝗿𝗶𝘀𝗸𝘀 across the EU's financial sector from 2022 to 2024. The EBA, mandated to issue such an opinion biennially, identifies evolving threats driven by technological innovation, including vulnerabilities in FinTech, RegTech, and crypto assets, alongside the 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗶𝗻𝗴 𝘀𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗳𝗿𝗮𝘂𝗱 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 𝘀𝗰𝗵𝗲𝗺𝗲𝘀. While acknowledging positive developments like reduced tax crime risks and improved supervisory engagement in certain areas, the EBA highlights persistent challenges such as 𝗶𝗻𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗮𝗻𝘁𝗶-𝗺𝗼𝗻𝗲𝘆 𝗹𝗮𝘂𝗻𝗱𝗲𝗿𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗼𝘂𝗻𝘁𝗲𝗿-𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗻𝗴 (𝗔𝗠𝗟/𝗖𝗙𝗧) 𝘀𝘆𝘀𝘁𝗲𝗺 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗲𝗱 𝗽𝗿𝗼𝗺𝗶𝗻𝗲𝗻𝗰𝗲 𝗼𝗳 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗱𝘂𝗲 𝗱𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲 (𝗖𝗗𝗗) 𝘀𝗵𝗼𝗿𝘁𝗰𝗼𝗺𝗶𝗻𝗴𝘀. The report underscores the critical need for regulatory clarity and a more unified application of risk-based approaches throughout the EU's financial landscape.

This 𝗘𝗕𝗔 report, created in consultation with 𝗘𝗦𝗠𝗔 and 𝗘𝗜𝗢𝗣𝗔, addresses the 𝗽𝗿𝗼𝘃𝗶𝘀𝗶𝗼𝗻 𝗼𝗳 𝗰𝗼𝗿𝗲 𝗯𝗮𝗻𝗸𝗶𝗻𝗴 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 to 𝗘𝗨 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝗲𝗰𝘁𝗼𝗿 𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀 (𝗙𝗦𝗘𝘀) by 𝘁𝗵𝗶𝗿𝗱-𝗰𝗼𝘂𝗻𝘁𝗿𝘆 𝘂𝗻𝗱𝗲𝗿𝘁𝗮𝗸𝗶𝗻𝗴𝘀 (𝗧𝗖𝗨𝘀). Specifically, it examines whether existing exemptions from establishing an EU branch for these services, currently extended to EU credit institutions, should be broadened to include all EU FSEs. The report analyzes 𝗾𝘂𝗮𝗻𝘁𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝘀𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿𝘆 𝗱𝗮𝘁𝗮 on 𝗰𝗮𝘀𝗵 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲𝘀 𝗮𝗻𝗱 𝗹𝗲𝗻𝗱𝗶𝗻𝗴 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 and incorporates 𝗾𝘂𝗮𝗹𝗶𝘁𝗮𝘁𝗶𝘃𝗲 𝗳𝗲𝗲𝗱𝗯𝗮𝗰𝗸 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿𝘀, concluding that there is 𝗻𝗼 𝗰𝗼𝗺𝗽𝗲𝗹𝗹𝗶𝗻𝗴 𝗰𝗮𝘀𝗲 𝘁𝗼 𝗲𝘅𝗽𝗮𝗻𝗱 𝘁𝗵𝗲𝘀𝗲 𝗲𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀. It also highlights challenges in 𝗱𝗮𝘁𝗮 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗶𝗹𝗶𝘁𝘆 and inconsistencies in the definition of core banking services, suggesting that existing flexibilities and 𝗠𝗶𝗙𝗜𝗗 carve-outs largely accommodate current business needs.

These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.

The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.

The ESAs and the EU’s new Anti-Money Laundering Authority (AMLA) have signed a multilateral Memorandum of Understanding to formalize cooperation and information exchange. The agreement outlines procedures for coordination and data sharing to support effective supervision across the EU’s financial sector. It aims to enhance supervisory convergence, foster cross-sector learning, and improve consistency in applying AML/CFT rules. This MoU is part of AMLA’s broader mandate to strengthen EU-wide oversight and coordinate with national authorities and Financial Intelligence Units in combating financial crime.

EU/EEA banks are required to integrate geopolitical risk into their business processes and risk assessments, focusing on exposures to vulnerable sectors amid heightened global tensions. Maintaining operational resilience is essential as banks face rapid changes in geopolitical and technological environments, with increased investment in cybersecurity a priority. As defense financing needs rise, banks must apply robust underwriting standards. Market volatility underscores the importance of prudent capital buffer management and timely bond issuance. Effective cost and provision management, sustainable revenue strategies, and the integration of ESG risks into risk frameworks are also mandated.

The ESAs (EBA, EIOPA, and ESMA) have launched a public consultation on draft Joint Guidelines for ESG stress testing. These guidelines aim to standardize how banking and insurance sectors integrate environmental, social, and governance risks into supervisory stress tests. Key aspects include:
ESG Stress Testing Framework: Establishes a common approach for developing methodologies and standards across the EU's financial system.
Guidance on Stress Tests: Covers design, features, and organizational arrangements, including expertise, data management, and scenario analysis timelines.
Long-term Approach: Accommodates future advancements and data improvements, promoting consistency and effectiveness.
The consultation runs until September 19, 2025, allowing stakeholders to provide feedback on the draft guidelines.

The EBA released three final draft technical standards to support the EU Banking Package, enhancing supervisory oversight. These include Regulatory Technical Standards (RTS) for calculating the Business Indicator (BI) for operational risk capital, Implementing Technical Standards (ITS) mapping BI to FINREP for consistency, and amended ITS on operational risk reporting. The standards refine BI components, address mergers and disposals, and improve reporting accuracy. Set for adoption, the EBA will release IT tools and a technical package in Q4 2025, with reporting starting March 31, 2026.