“Market fragmentation is banks’ real constraint”

Interview with Frank Elderson, Vice-Chair of the Supervisory Board of the ECB and Member of the Executive Board of the ECB, Supervision Newsletter

13 May 2026

The European Parliament recently extended your term as Vice-Chair of the Supervisory Board. Do you feel European supervision has changed much in the past five years, and how do you expect it to transform in the coming years?

Yes, it has changed quite a lot. European banking supervision has become even more risk-based, more forward-looking and more attentive to a wider set of vulnerabilities contributing to the banking system’s resilience. The benefits of having resilient banks have been clear over the past five years. The banking sector has managed to come through a series of major shocks – the pandemic, the energy shock following Russia’s unjustified war against Ukraine and the sharp tightening of monetary policy – while continuing to provide finance to households and firms.

At the same time, the environment has become more demanding. Risks today are more diverse and interconnected. Think about challenges from geopolitics, cyber threats and operational disruptions, as well as the risks from the climate and nature crises. Banks’ links to non-bank finance, including private credit, pose an additional challenge. So supervision also needs to continue evolving.

Looking ahead, we will make sure supervision becomes even more focused, more agile and more effective. The core objective will nevertheless remain the same: making sure that banks remain resilient in every material aspect. This means not only having solid capital and liquidity, but also having sustainable business models, sound governance, strong risk management and operational resilience.

Competitiveness is high on the European agenda at the moment. The European Commission will make comprehensive proposals for banking regulation later this year. Where do you see room for manoeuvre and where do you draw the line?

We very much welcome the European Commission’s ambitious reform agenda to enhance the competitiveness of European Union banks. The Eurosystem response to the Commission consultation makes it clear that bank resilience has not held Europe back. On the contrary, safe and sound banks have been one of the key conditions for sustainable growth.

The real constraint to competitiveness lies elsewhere: Europe still does not have a truly integrated banking market. Banks grant around 80% of their loans to households and firms in their own country. Less than 2% of bank deposits are held in another country. Cross-border merger activity has fallen sharply since the pre-crisis years. The International Monetary Fund estimates that internal barriers to the Single Market are, on average, equivalent to a tariff of 110% for services. Taken together, these examples suggest that the Single Market remains far too fragmented to deliver its full benefits.

To overcome these challenges and deepen the Single Market, the euro area should be regarded as a single jurisdiction for the purposes of financial regulation. To break the current deadlock in advancing banking union, the ECB’s Governing Council calls for synchronised progress on the key components, including concrete steps towards creating a European deposit insurance scheme, with a clear timetable for implementation. Capital and liquidity should be allowed to flow freely within a cross-border banking group in the euro area. The Governing Council also urges policymakers to foster deeper capital markets by making progress on the savings and investments union.

European banking supervision has launched a comprehensive initiative to streamline and simplify supervision. Where do things stand and where will this project really make a difference?

Our ambitious reform agenda tackling unwarranted complexities without compromising resilience is in full swing and has already delivered tangible results.

Take, for example, fast-tracking simple capital-related decisions – in the first quarter of 2026, 80% of such decisions were approved within one week on average, which is a fraction of the previous timelines that could span several months. Another example is our new fast-track process for simple securitisations, which – thus far in 2026 – has shortened approval times from three months to less than ten working days.

As part of part of our “next-level supervision” project we are further standardising processes such as internal model approvals, fit and proper assessments and on-site inspections. In a nutshell, this rigorous simplification drive means cases that do not significantly affect banks’ resilience can be approved more quickly, while complex, higher-risk cases can be given greater attention.

Proportionality is another case in point. In 2026 we are developing a more proportionate approach to supervision and reporting for small and non-complex institutions – this includes the frequency and depth of supervisory assessments and stress testing.

In addition, we aim to reduce reporting costs by establishing an integrated reporting framework that can be accessed by statistical, prudential and resolution authorities.

All in all, our simplification activities have already started to produce tangible benefits, and we will continue rolling out these initiatives throughout the year.

As part of the streamlining initiative, you are reviewing your supervisory guides. What are you trying to address with the review and what will it improve specifically for banks?

We have listened carefully to the complaint expressed by banks that our supervisory guides, while legally non-binding, are in practice sometimes perceived as shaping supervisory outcomes as if they were. Since the start of European banking supervision, a fairly large body of guides has built up. These documents were issued with good reason, often at the specific request of the banks – for instance, to enhance transparency and consistency in the supervisory approach. But over time the overall stock of guides has become more difficult to navigate. As part of our “next-level supervision” simplification reform agenda, we will therefore streamline, clarify and consolidate these guides.

We want to make supervisory guides easier to access and understand, we want to remove outdated or duplicated guides, and we want to further clarify the legal nature and role of supervisory guides within the supervisory framework.

The last point is particularly important. Binding obligations come from directly applicable European regulations or directives as transposed into national law. Supervisory guides set out non-binding supervisory expectations explaining how the ECB interprets and applies the prudential framework. In addition, some guides also include non-binding good practices. Non-binding means that a bank may be fully compliant with the applicable legal framework without implementing any of the good practices described in the guides, provided that it has put in place other practices that are more appropriate to its particular risk profile, business model and circumstances.

Banks have further indicated a wish for enhanced clarity regarding the practical consequences of diverging from supervisory expectations included in guides. We understand that. This is why we want to be even clearer that supervisory expectations simply provide a transparent starting point for our dialogue with banks. In order to ensure that the day-to-day supervisory reality is in line with this approach, we are conducting dedicated internal training sessions for staff across European banking supervision as part of our supervisory culture initiative.

Going forward, in practical terms, banks will see a more streamlined set of supervisory guides. In the coming months we will identify which documents can be discontinued, update a limited number of those that remain relevant and improve the overall accessibility of supervisory publications.

As an example, we will clarify our views on the management buffer in the ICAAP guide, making it clear that the management buffer is the institution’s view on the capital it needs to sustainably follow its business model and does not constitute any supervisory requirement.

Some banks are concerned that in practice Pillar 2 captures risks already reflected in Pillar 1. How do you make sure there is no double-counting?

Let me start with the basic distinction. Pillar 1 sets minimum capital requirements for credit, market and operational risks. Pillar 2 requirements address risks that are not covered, or not sufficiently covered, under Pillar 1, including risks arising from certain bank-specific vulnerabilities. The framework is therefore designed to avoid double-counting, and we take this very seriously.

The ECB’s revised Pillar 2 requirement methodology underpins the Joint Supervisory Teams’ case-by-case assessments of whether there are any potential interactions with Pillar 1, particularly during the Basel III phase-in period. Benchmarking across the system ensures that the methodology is applied consistently.

At the same time, banks are required to meet overall capital requirements. The overall capital stack reflects the sum of Pillar 1 requirements, Pillar 2 requirements and the macroprudential buffers decided by national authorities. Differences in the methodologies applied and risk assessments performed by national authorities when setting macroprudential buffers can therefore contribute to variation in the level of overall capital requirements.

Some of that variation is justified by different macroprudential risk conditions. But there is also room for greater harmonisation to improve transparency and coherence. This is one of the points made by the ECB’s High-Level Task Force on Simplification (HLTF), which called for the five existing macroprudential buffers to be merged into two, provided that resilience is maintained.^[1]

The HLTF also proposed to augment the role of the ECB’s Macroprudential Forum in assessing the adequacy and appropriateness of the overall level of capital requirements and buffers imposed on the SSM banking sector. Taking a holistic perspective on capital requirements is useful for ensuring that the sum of the individual parts of banks’ requirements – Pillar 1 and Pillar 2, macroprudential and resolution-related – ensures the resilience of the system. The Macroprudential Forum already brings together the ECB’s Governing Council and Supervisory Board. For the purposes of such a holistic perspective on capital requirements, its composition can usefully be extended to bring other relevant authorities into the discussion, notably the Single Resolution Board.

Some banks complain that supervisory processes – particularly on-site inspections, model investigations and horizontal reviews – can be lengthy and insufficiently focused on bank-specific risk priorities. How do you plan to improve these processes?

We have listened carefully to this feedback, and some of it is fair. Effective supervision relies on different activities – ongoing supervision, horizontal analyses and on-site work – and it is key to make sure these activities come together in a way that is focused and clear from the bank’s perspective.

A central part of our reform agenda is therefore to improve how these elements are integrated and delivered in practice. Joint Supervisory Teams remain the anchor point. They are responsible for bringing together the inputs from the different supervisory activities and ensuring that supervisory conclusions are focused on the most material risks for each institution. Banks should see clearer sequencing, no duplication in information requests and a more predictable overall process. Increased risk focus is supported by more integrated planning of the Supervisory Examination Programme and greater use of digital tools.

We are also making on-site work more targeted, proportionate and efficient. This means more focused inspections, shorter reports, clearer communication with banks during the on-site inspection and, crucially, greater emphasis on the on-site inspection team and the Joint Supervisory Team working together. This approach has already proven effective – for example when carrying out the cyber stress test – as it combines horizontal expertise with focused on-site work.

Private credit has increasingly become a focus of market attention, with concerns about opacity, valuations and links to banks. Is this an area that worries you?

Private credit has been on our supervisory radar for a number of years. We have been looking at banks’ exposures to private credit and private equity as part of our broader work on counterparty risk and on links between banks and non-banks. This reflects the strong growth of these markets, with an increase of 16% in banks’ exposures between 2023 and 2024. It also reflects the complexity of some structures and the fact that risks can be harder to see where transparency is limited.

Recent developments have brought these issues into sharper focus. Some semi-liquid private credit vehicles have faced elevated redemption requests. As a result, there is more scrutiny of payment-in-kind structures that can defer cash stress. International authorities are looking more closely at developments in the sector and at banks’ exposures to it. For supervisors, this matters because these are the kinds of conditions that test valuations, liquidity assumptions and the ability of banks to understand how stress could spread through their links to private credit.

For banking supervisors, the key question is whether banks have a full view of these exposures and are managing them properly. This means identifying concentrations across funds, sponsors and portfolio companies, challenging valuations where needed and stress testing how these exposures would behave under adverse conditions. Our own supervisory work has shown that it is precisely these capabilities that some banks still need to strengthen, and we have already been following up on these findings. Our supervisory agenda is therefore closely aligned with these market developments.

A few weeks ago, Anthropic announced Claude Mythos Preview. What is your opinion of it as a supervisor and, more importantly, what impact do you see it having on banks’ operational resilience?

I would first like to make a broader point about resilience. In an environment where banks are being confronted by ever more frequent and sophisticated cyberattacks, strong financials are not enough. Banks also need to be operationally resilient to be able to serve their clients.

Now – Claude Mythos Preview. On the basis of our current understanding, this is not just another incremental improvement. It is a game-changer in cybersecurity.

There are at least three ways in which Mythos is significantly more advanced than existing tools.

First, it can autonomously discover and exploit vulnerabilities at a speed and scale far beyond what we have seen before. Second, it has the ability to quickly combine seemingly minor vulnerabilities into serious attacks that previously could only be carried out by teams of experts working over several days. Third, it can reverse-engineer patches into exploitable vulnerabilities at unprecedented speed, conducting attacks that used to take weeks in a matter of hours, or even faster.

When used responsibly, tools such as this are a valuable asset for enhancing IT. However, there is also the clear risk that they could be exploited by actors with malicious intent.

This is an urgent situation – we are not dealing with a distant scenario. The window before these capabilities become more broadly accessible is uncertain – it is likely short, maybe even very short. We should also not assume that this is the end state. Instead, on a structural level we need to be able to deal with ever more capable future models that could be released in relatively quick succession. At the same time, we must be clear-eyed about Europe’s situation here. Unfortunately, euro area banks currently do not have access to Mythos – it has only been made available to a limited number of organisations in the United States. However, lack of access is not an excuse for inaction. On the contrary, it makes it even more critical that banks step up and act now. The actions they take to evaluate and act upon the implications of AI models for their digital operational resilience will need to be bank-specific, risk-based and in line with DORA.

Banks need to redouble their efforts to identify vulnerabilities, even minor ones, using existing AI tools. And their approach to patching needs to be changed. Vulnerabilities once thought minor – and therefore typically only patched in longer cycles – need to be treated as urgent and must be fixed right away.

Last but not least, it’s not only banks that are vulnerable to these new cyber threats. Other critical infrastructure that banks rely on might also be attacked, with knock-on effects on banks’ ability to function. Banks therefore need to update their operational resilience plans to cater for the higher probability of severe disruptions. EU and national authorities responsible for cybersecurity are a key source of information (see, for instance, CERT-EU). And the shifting priorities of other banks, especially those with access to Mythos, may provide valuable insights. As supervisors we are actively engaging with other authorities and the financial industry to ensure we have a good overview of the cybersecurity situation across the entire banking system. This will allow us to share good practices and insights and foster cyber protection among banks where we can.