How the Pillar 2 requirement is set
ON THIS PAGE
The Pillar 2 requirement (P2R) is a requirement for additional own funds that is set out in the Supervisory Review and Evaluation Process (SREP). It is a bank-specific capital requirement which applies in addition to the minimum capital requirements under Pillar 1 if these Pillar 1 requirements underestimate or do not sufficiently cover certain risks.
The new P2R methodology for the 2026 SREP cycle
The Supervisory Board of ECB Banking Supervision decided to review the methodology for the calculation of the P2R. This was to make the methodology simpler and more robust, taking into account the recommendations given in 2023 by an independent expert group.
The review of the methodology is part of the reform of the SREP.
For instance, the SREP outcome is now communicated by the end of October, which is six weeks earlier than before. This has given banks more time to adjust to the new requirements. In addition, SREP decisions focus on the most severe findings or measures. This has led to a reduction in new qualitative SREP measures – from about 700 in 2021 to less than 400 in 2025 – reflecting both a sharper focus on structural concerns and faster action outside the annual SREP cycle.
The revised P2R methodology, together with the other changes listed above, will help make ECB supervision more efficient, effective and risk-based.
Key features of the revised P2R methodology
- It remains strongly anchored to the SREP, the backbone of our supervision. Through the SREP, JSTs comprehensively assess and score banks’ risks, drawing on findings from supervisory reporting, supervisory reviews on internal controls, horizontal analyses and on-site inspections. In line with the previous methodology, worse SREP scores will, in principle, drive higher Pillar 2 requirements. Preserving this strong anchor will ensure that Pillar 2 requirements keep reflecting banks’ individual risk profiles, ensuring continuity and avoiding changes in capital requirements at the systemic level.
- The new methodology reduces operational complexity by creating a more direct link between Pillar 2 requirements and individual Pillar 2 risk drivers. In the previous methodology, the P2R was selected from a wide decision range associated with the weighted average of SREP risk scores and subsequently broken down risk by risk based on the figures from the bank’s internal capital adequacy assessment process (ICAAP). In the revised methodology, JSTs assign separate add-ons risk by risk to each Pillar 2 risk element within narrower decision ranges based on SREP scores and consider any material risk drivers that show an outlier profile and should not be diluted into the corresponding score. For further details on how the revised methodology compares with the previous one, please see the Supervision Blog post “Reviewing the Pillar 2 requirement methodology”.
- This methodology embeds the principle of “constrained supervisory judgement” in the P2R determination process. Guidance will support supervisors in assessing risk indicators, tackling outliers and avoiding overlaps between Pillar 1 and Pillar 2 requirements. The review and benchmarking by the Single Supervisory Mechanism’s second line of defence will ensure that the methodology delivers robust outcomes and consistency across banks.
The revised P2R methodology was tested during the course of 2025. The ECB will apply this new methodology as of the 2026 SREP cycle. Pillar 2 requirements based on the new methodology will take effect as of 1 January 2027.
How will the new P2R methodology work?
The revised methodology involves three steps (see the figure below):
Step 1: mapping SREP scores to risk-by-risk P2R ranges
Supervisors summarise the outcome of their SREP assessment by assigning a score to each risk element (business model, internal governance, credit risk, market risk, operational risk and interest rate risk in the banking book). These SREP scores are the starting point for determining the P2R.
In Step 1, each SREP score is mapped to a P2R range based on a predefined grid. The grid is calibrated to ensure that the Pillar 2 risks that are most relevant for each business model receive a higher weight and that worse SREP scores result in ranges with higher P2R values.
The objective of Step 1 is to link P2R capital requirements and the SREP assessment.
Step 2: determining P2R on a risk-by-risk basis using constrained supervisory judgement
In Step 2, the JST assigns capital requirements for each risk element within the P2R range defined in Step 1. To ensure comprehensive Pillar 2 risk coverage, the JST considers all available information including outstanding qualitative measures, a bank’s track record and the time required to remediate past weaknesses. They review quantitative and qualitative indicators to identify outliers and ensure that the P2R remains focused on key Pillar 2 risk drivers.
The JST also uses figures from the bank’s ICAAP as an additional source of information if these are considered to be sufficiently reliable.
Finally, on a case-by-case basis, the JST assesses and addresses potential overlaps between Pillar 1 and Pillar 2 requirements, including those stemming from the implementation of the new Capital Requirements Regulation (CRR III).
The objective of Step 2 is to determine the P2R contributions for each risk area.
Step 3: setting the final P2R
There could be exceptional cases where a bank’s overall risk profile differs from the sum of its individual risks, or where specific aspects – such as those not covered in previous steps of the methodology or specific circumstances such as mergers or acquisitions – need to be considered in the final P2R decision.
In Step 3, the JST applies constrained supervisory judgement on a case-by-case basis to ensure that the P2R comprehensively reflects the institution’s Pillar 2 risk profile. Finally, JSTs set their proposed P2R and the second line of defence benchmarks the results of the methodology to ensure fair and consistent application.
The objective of Step 3 is to set a P2R that reflects a comprehensive assessment of an institution’s risk profile.
How does the revised Pillar 2 methodology address overlaps between Pillar 1 and Pillar 2 requirements?
Pillar 1 requirements define the minimum capital for banks to cover their credit, market and operational risks. In the European Union, Pillar 1 requirements are determined in accordance with the CRR. Pillar 2 requirements are bank-specific and are set by supervisors to address weaknesses identified during their assessments.
- Pillar 2 requirements cover risks that are not covered by Pillar 1 requirements, such as those stemming from the bank’s business model, internal governance and interest rate risk in the banking book. For these risks, Pillar 1 and Pillar 2 requirements never overlap.
- Pillar 2 requirements also cover elements of credit, market and operational risks that are insufficiently covered by Pillar 1 requirements. In this case, an overlap could only exist if the drivers of Pillar 1 and Pillar 2 requirements were strongly correlated.
To continue ensuring that the P2R remains focused on Pillar 2 risks, the revised P2R methodology equips JSTs with tools that help them identify and address overlaps with Pillar 1 requirements, as follows.
- In line with the previous P2R methodology, SREP scores are used as the starting point for determining the P2R. These are determined based on risk indicators which go beyond those under the Pillar 1 requirements. For example, SREP scores capture risks stemming from weak internal policies and controls, which are not drivers of Pillar 1 requirements. JSTs will check whether a certain SREP score may be strongly correlated to risks that are already covered by Pillar 1 requirements. For instance, JSTs check whether deductions of expected losses under the internal ratings-based approach might cover provisioning gaps identified in the SREP assessment of credit risk. JSTs also check whether risks stemming from trading activities covered in Pillar 1 materially affect the outcome of the SREP assessment for market risk. The impact of these potential overlaps is not expected to be significant as SREP scores incorporate several dimensions beyond Pillar 1, such as qualitative assessments of internal risk controls.
- When setting the P2R, JSTs will not take into account weaknesses identified in the Pillar 1 risk models. Special attention will be given to internal models that are no longer permitted under CRR III (e.g. the former advanced measurement approach for operational risk) and to those institutions that are bound by the new output floor in line with Article 104a, paragraph 6, sub-paragraph (b) of the Capital Requirements Directive VI.
- The benchmarking and monitoring activities performed in the Single Supervisory Mechanism ensure that potential drivers of overlaps, such as regulatory changes, are promptly identified and tackled.
If overlaps are identified, JSTs will adjust the Pillar 2 requirements accordingly on a case-by-case basis.
CRR III has had some impact since January 2025, e.g. on operational risk, and this will be effectively tackled by the revised methodology as explained below.
Other ways CRR III affects Pillar 2 requirements, including through the implementation of the output floor and the Fundamental Review of the Trading Book, are yet to fully materialise. These other effects will be heterogenous in terms of the number of institutions affected, the materiality and the length of the transitional phase. The case-by-case approach embedded in the revised P2R methodology will address potential overlaps on an ongoing basis, taking into account banks’ specific risk profile at any point in time.
Example: how might a JST assess potential overlaps between Pillar 1 and Pillar 2 requirements in operational risk?
By discontinuing the former standardised and advanced measurement approach, CRR III has expanded Pillar 1 requirements for the operational risk of some banks. The new standardised approach uses the business indicator which is linked to banks’ size and profit and loss data to determine the Pillar 1 requirements for operational risk. These changes have been in place since 1 January 2025 with no transitional arrangement.
To ascertain on a case-by-case basis whether the new CRR III rules result in an overlap between Pillar 1 and Pillar 2 requirements, a JST may, for example, assess the following.
- They may consider whether the SREP score for operational risk (that is used in Step 1 as an anchor point to determine the P2R add-on range) is materially affected by the same drivers that impact Pillar 1 requirements under CRR III. While the SREP methodology ensures that SREP scores comprehensively reflect banks’ risk profiles, there might be outlier cases where certain elements related to banks’ size and profit and loss data affect the SREP score disproportionately, creating a risk of overlaps between Pillar 1 and Pillar 2 requirements.
- They can assess whether risks related to models that are no longer permitted under CRR III are materially affecting the SREP score for operational risk. Any overlap relating to legacy models should be assessed and, if appropriate, dealt with accordingly.
Subsequently, JSTs would also assess whether the new standardised approach fails to sufficiently capture other bank-specific operational risks that may be particularly relevant. These are identified case by case by the JST based on quantitative indicators (e.g. elevated historical operational risk losses) and qualitative information (e.g. ICT risk, third-party risk, business continuity risk and internal risk controls). These risks should be adequately considered when setting the P2R add-on.
Communication
The ECB will continue to use SREP decisions and operational letters to communicate the latest Pillar 2 requirements, alongside information on the main risk drivers. It will also continue to publish the consolidated Pillar 2 requirements for institutions under European banking supervision each year on the ECB’s website. The new methodology will make it easier for banks to understand and act on Pillar 2 drivers and outcomes.
How was the P2R set for the 2025 SREP cycle?
This cycle, ECB Banking Supervision took a four-step approach to determining the Pillar 2 requirement for the individual banks on a risk-by-risk basis. Each of the four steps was equally important. Together, they yielded an initial, holistic Pillar 2 requirement based on an overall assessment of the bank’s risk profile that was later combined with a more in-depth analysis of each individual risk driver to derive the final Pillar 2 requirement, risk by risk.
Step 1
In Step 1, the Joint Supervisory Team (JST) for the individual entity agreed on an initial Pillar 2 requirement that took into account the outcomes of Elements 1, 2 and 3 of the SREP:
- business model and profitability assessment;
- internal governance and risk management assessment;
- assessment of risks to capital on a risk-specific basis (credit risk, market risk, operational risk and interest rate risk in the banking book).
In this step, the JST selected an appropriate initial Pillar 2 requirement level from a bucket of possible values based on an assessment of the overall risk to the bank’s capital. This was done by applying weighting factors for Pillar 2 risks to the scores of the aforementioned SREP elements. In addition, constrained judgement was used to take into account the bank’s specific situation, including the reliability of the bank’s internal capital adequacy assessment process (ICAAP).
This initial Pillar 2 requirement was only a starting point, which might be different from the final Pillar 2 requirement that was ultimately agreed upon for the individual bank. Changes might have been made as a result of the risk-by-risk assessments conducted in the subsequent steps.
Step 2
In Step 2, the JST broke down the initial Pillar 2 requirement into several risk-by-risk add-ons. The aim was to provide a base of initial add-ons for the risks linked to the bank’s business model, internal governance and risk management, and risks to capital.
The risk-by-risk breakdown took into consideration information from the bank’s ICAAP and its Pillar 1 requirement. This was to ensure that risks already covered by Pillar 1 were not counted twice.
Since ICAAP practices differ across banks, it was at the discretion of the JST to decide how to reflect its assessment of an individual bank’s ICAAP in the overall level of the Pillar 2 requirement and its risk-by-risk composition.
The ICAAP is an important part of this process, as the ECB has been promoting improved ICAAP practices. To find out more about how the ECB encouraged banks to refine their ICAAP arrangements, see the ECB report on banks’ ICAAP practices and related Supervision Newsletter article.
Step 3
In Step 3, the JST challenged the initial risk-by-risk add-ons resulting from Step 2. To do so, it considered different sources of information, such as key risk indicators, the bank’s ICAAP outcomes, peer analysis and findings from on-site inspections and deep dives. This step involved considering all available information to ensure that individual risk-by-risk add-ons sufficiently covered all relevant risks and were consistent across banks carrying out similar activities.
Dedicated supervisory tools were used to gather information from various sources and to conduct methodical horizontal benchmarking when challenging these initial risk-by-risk add-ons.
Step 4
In Step 4, the JST determined the final risk-by-risk add-ons that led to the definitive Pillar 2 requirement. In this step, it used its constrained judgement, based on the outcome of Step 3, to decide on the appropriate size of each risk-by-risk add-on. These decisions were substantiated by the Pillar 2 risk drivers behind each risk-by-risk add-on.
When considering the final risk-by-risk add-ons, the JST focused on the bank’s specific situation. For example, the credit risk add-on may have reflected shortcomings identified in a recent on-site inspection. Alternatively, individual add-ons may have been adjusted to eliminate any possible double-counting where the same risk drivers were addressed simultaneously under different risk categories, or consideration may have been given to other supervisory measures taken to address the bank’s specific situation.
Communication
The ECB communicated its key supervisory concerns and the main drivers of individual Pillar 2 requirements to banks in its SREP decisions. The purpose was to sharpen the focus and increase transparency regarding the key supervisory concerns and the main risk drivers of the bank’s Pillar 2 requirement.