Nos derniers articles

EBA has designated the development of supervisory capacity for DORA as a top-tier Union-wide strategic supervisory priority for the 2024-2026 cycle. Underscoring this priority are pressing industry concerns, evidenced by the submission of 28 new Q&As focused on 𝗗𝗢𝗥𝗔’𝘀 𝗽𝗿𝗶𝗺𝗮𝗿𝘆 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗵𝘂𝗿𝗱𝗹𝗲𝘀: 𝗜𝗖𝗧 𝘁𝗵𝗶𝗿𝗱-𝗽𝗮𝗿𝘁𝘆 𝗿𝗶𝘀𝗸 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, 𝘁𝗵𝗲 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗮𝗻𝗱 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 𝗼𝗳 𝗜𝗖𝗧-𝗿𝗲𝗹𝗮𝘁𝗲𝗱 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁𝘀, 𝘁𝗵𝗲 𝗼𝘃𝗲𝗿𝘀𝗶𝗴𝗵𝘁 𝗼𝗳 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗺𝗮𝗶𝗻𝘁𝗲𝗻𝗮𝗻𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗿𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗼𝗳 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻. In response, the EBA is executing a significant capacity-building initiative, delivering intensive, advanced training to supervisors through the Supervisory Digital Finance Academy (SDFA)—a multi-year effort coordinated with and backed by the European Commission. This convergence of strategic prioritization, targeted industry queries, and comprehensive supervisory training signals a new era of heightened and more sophisticated regulatory scrutiny. In consequence the digital operational resilience frameworks must be prepared to withstand proactive, in-depth, and increasingly specialized reviews from better-equipped competent authorities.

Le cadre juridique global de l’UE en matière de LBC/FT, aligné sur les normes internationales du GAFI, est centré sur l’Approche basée sur les risques (ABR). Ce principe impose une double application, définissant les responsabilités tant des autorités de supervision que des institutions financières. Les Autorités nationales compétentes (ANC) sont tenues de mener une supervision adaptée aux risques, garantissant que leur contrôle soit proportionné aux menaces identifiées. Parallèlement, les banques doivent mettre en œuvre des systèmes internes, des contrôles et des mesures de vigilance à l’égard de la clientèle efficaces, fondés sur leurs propres évaluations des risques. L’objectif stratégique de l’ABR est de veiller à ce que les efforts de supervision et les ressources institutionnelles soient alloués de manière proportionnée et efficace aux risques de BC/FT les plus élevés.

The EU's comprehensive AML/CFT legal framework, aligned with international FATF standards, is centered on the Risk-Based Approach (RBA). This principle mandates a dual application, defining responsibilities for both supervisory bodies and financial institutions. National Competent Authorities (NCAs) are mandated to conduct risk-sensitive supervision, ensuring their oversight is proportionate to identified threats. Concurrently, banks must implement effective internal systems, controls, and customer due diligence based on their own risk assessments. The strategic purpose of the RBA is to ensure that both supervisory efforts and institutional resources are allocated proportionately and effectively against the greatest ML/TF risks.

The EBA, alongside ESMA and EIOPA, plans 𝗷𝗼𝗶𝗻𝘁 𝗼𝘃𝗲𝗿𝘀𝗶𝗴𝗵𝘁 𝗼𝗳 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗖𝗧 𝗧𝗵𝗶𝗿𝗱-𝗣𝗮𝗿𝘁𝘆 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀 (𝗖𝗧𝗣𝗣𝘀) from 2026, following their 2025 designation. Measures include direct engagement on governance, thematic contract reviews, and 𝗼𝗻𝘀𝗶𝘁𝗲 𝗶𝗻𝘀𝗽𝗲𝗰𝘁𝗶𝗼𝗻𝘀 𝗼𝗳 𝗵𝗶𝗴𝗵-𝗿𝗶𝘀𝗸 𝗮𝗿𝗲𝗮𝘀, with recommendations passed to financial entities. Supervisors will assess institutions’ 𝗜𝗖𝗧 𝘁𝗵𝗶𝗿𝗱-𝗽𝗮𝗿𝘁𝘆 𝗿𝗶𝘀𝗸 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗲, 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗲𝗽𝗮𝗿𝗲𝗱𝗻𝗲𝘀𝘀, 𝗶𝗻𝗰𝗹𝘂𝗱𝗶𝗻𝗴 𝗹𝗲𝗴𝗮𝗰𝘆 𝘀𝘆𝘀𝘁𝗲𝗺 𝗿𝗶𝘀𝗸𝘀. The EBA will analyze major ICT incidents, contribute to a pan-European coordination framework for systemic events, collect new datasets via EUCLID, and support supervisory convergence to ensure 𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗗𝗢𝗥𝗔 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗮𝗰𝗿𝗼𝘀𝘀 𝘁𝗵𝗲 𝗘𝗨.

The report discusses the growing threat of cyber risk to the EU's financial stability. Key points include:

• Cyber risk is a significant and systemic threat to the EU's financial sector, with increasing frequency and sophistication of attacks.

• Factors amplifying risk include geopolitical tensions, third-party IT dependencies, and the dual-edged impact of AI.

• The financial sector, including banks and insurers, faces tangible impacts from cyber threats.

• DORA is seen as a critical step requiring ongoing commitment to vigilance and resource allocation for digital infrastructure defense.

Les autorités ont redoublé d'efforts pour lutter contre les escroqueries financières, ajoutant 1 460 sites ou acteurs non autorisés à leurs listes noires et réalisant une campagne d'information avec plus de 3 millions de vues. Le Pôle commun a également analysé 2 200 publicités et initié une étude rétrospective sur l'évolution des pratiques. Les priorités pour 2024-2025 incluent la cartographie des produits structurés et la clarification du dispositif réglementaire pour les fonds d'investissement alternatifs. L'Union de l'épargne et de l'investissement est un enjeu majeur pour 2025.

The BCBS has introduced a voluntary framework for jurisdictions to disclose climate-related financial risks. This framework blends qualitative and quantitative data for a comprehensive view of bank exposures, while offering flexibility due to evolving data. It encourages a holistic approach to understanding disclosure strengths and weaknesses. Implementation is left to individual jurisdictions, and the Committee will monitor developments to update the framework as needed.

In 2024, despite global challenges like AI advancements, elections, geopolitical instability, climate events, and cyber threats, EIOPA focused on safeguarding the public interest in the European financial system. They successfully executed their work program, emphasizing sustainable insurance/pensions, digital transformation, consistent supervision, high-quality advice, and financial stability. EIOPA also initiated regulatory simplification, stressing prudence to maintain a robust framework, and will collaborate with the European Commission to enhance the Savings and Investment Union. Their ongoing commitment is to ensure a robust, resilient, and well-regulated industry for all stakeholders.

The EU aims to foster digital transformation across sectors by 2030 through legislation on AI, cloud computing, and crypto-assets. However, compared to ESG, banking regulation lacks a clear framework for managing digital risks and supervisory assessment. This paper discusses digital innovation in banking, proposing risk-based Pillar 2 prudential framework and harmonized Pillar 3 disclosures to address this gap.

Textual and cluster analysis of 10-K documents reveals three #riskculture classes linked to #riskstrategies, decisions, and recruitment. Firms with a strong risk culture show better #financialperformance and more diverse boards. #regulatory #supervision can help #insurers improve #risk behaviors.