Foreword by Christine Lagarde, President of the ECB

Safeguarding the resilience of banks under European banking supervision remained a key priority in 2025. Global economic and geopolitical challenges continued to weigh on financial systems, underlining the importance of strong oversight to ensure the euro area banking sector can continue to support the real economy.

Building on over a decade of solid progress under the Single Supervisory Mechanism, banks remained resilient despite rising geopolitical uncertainty and macroeconomic pressures. In the third quarter of 2025, the aggregate Common Equity Tier 1 capital ratio stood at 16.1% and the liquidity coverage ratio remained robust at 157%, both significantly above the applicable requirements. Profitability also held up, with the average return on equity stabilising at around 10%. This has helped sustain banks’ support to households and firms during a period of slower growth and ongoing structural shifts.

The challenges posed by escalating trade tensions, heightened uncertainty and sector-specific vulnerabilities are not yet fully reflected in banks’ balance sheets. However, the transmission of shocks can be delayed and non-linear, making it imperative for banks and supervisors to remain forward-looking and to act in a timely manner when they see risks building up.

Moreover, against the backdrop of the ongoing global debate about the complexity of financial rules, the ECB has proposed recommendations to the European co-legislators to help streamline the European prudential regulatory, supervisory and reporting framework. In parallel, ECB Banking Supervision, together with the national competent authorities, is implementing a set of reforms to its supervisory processes to make them more risk-focused and efficient. These combined efforts aim to reduce regulatory complexity at the same time as preserving the resilience and strength of the European banking sector.

Meanwhile, the supervisory agenda is continuing to focus on the structural challenges that are reshaping the banking landscape. Climate and nature-related risks remain a key priority as banks develop credible transition plans. Furthermore, digitalisation and the rapid adoption of artificial intelligence provide opportunities for innovation and efficiency, but at the same time, they expose banks to new operational risks, such as cyber threats and vulnerabilities in ICT infrastructures, as well as increased competition.

Finally, developments in 2025 further strengthen the case for “more Europe”. Building on the progress made on the crisis management and deposit insurance framework, completing the banking union – including establishing a European deposit insurance scheme – and deepening the Single Market are essential to foster integration, boost competitiveness and unlock Europe’s economic potential.

Looking ahead, the ECB is steadfast in its commitment to fostering a robust and adaptable euro area banking sector. Through effective, efficient and risk-based supervision, the ECB will continue to help safeguard financial stability, support sustainable growth and ensure the euro area banking sector remains resilient and capable of serving the real economy in a rapidly changing world.

Foreword by Claudia Buch, Chair of the Supervisory Board

In 2025 ECB Banking Supervision further advanced its agenda to streamline supervision while safeguarding the resilience of the euro area banking sector. On the back of the reform of the Supervisory Review and Evaluation Process, which will be fully implemented in 2026, we reviewed our supervisory processes more broadly.

Our key objective is to make European banking supervision more effective, efficient and risk-based. Building on input from different stakeholders, we drew up a comprehensive reform agenda, and its implementation is in full swing, as explained in our report Streamlining supervision, safeguarding resilience: the ECB’s agenda for more effective, efficient and risk-based European banking supervision. We will be providing updates on the progress of these reforms, and their impact, in the ECB Annual Report on supervisory activities, starting with this edition.

Streamlining supervision helps safeguard resilience. The purpose of supervision is to keep banks safe and sound. This means identifying vulnerabilities at an early stage, ensuring that banks address them decisively and, where necessary, escalating supervisory measures. Through such reforms, we are freeing up supervisory capacity to focus on the evolving risk landscape, thus retaining our agility in a fast-changing environment. This will enable supervisors to spot weaknesses earlier and ensure that banks take timely action to preserve their broad-based resilience. Resilience is not just about strong financials – it is also about operational flexibility, sound governance and good risk management. Resilience enables banks to continue providing their financial services even under stress. It is also important for banks’ competitiveness and long-term business models.

Safeguarding resilience is particularly important in the current environment. Policy, economic and geopolitical uncertainty is high. But this uncertainty is not adequately reflected in market-based indicators of financial stress, which could lead to an abrupt repricing of risk. Currently, banks’ capital and liquidity buffers are well above regulatory requirements and their profitability is sound. However, the medium to longer-term outlook for financial stability has become more uncertain. With elevated geopolitical tensions, stretched valuations in several financial market segments, growing interconnections with non-bank financial intermediaries and the risk of sudden shifts in market sentiment, shocks could materialise unexpectedly and spread rapidly.

Therefore, we must continue to look beyond short-term indicators of bank performance and identify vulnerabilities to adverse external developments. This is the context in which we set out our supervisory priorities for the 2026-28 cycle.

The first priority is to strengthen banks’ resilience to geopolitical risks and macro-financial uncertainties. This includes maintaining sound credit standards, adequate capitalisation and prudent management of climate and nature-related risks. As part of this work, we will conduct a reverse stress test in 2026 to identify bank-specific geopolitical risk scenarios that could severely affect the financial position of individual banks.

The second priority focuses on banks’ operational resilience and the robustness of their technology. Banks need to better manage operational risks, remedy weaknesses in how they collect and use risk information and ensure that digital transformation – including the use of artificial intelligence – is supported by strong risk governance and controls.

Agile supervision, with a clear focus on material risks and safeguarding the broad-based resilience of euro area banks, is a strategic response to the changing risk environment. To deliver on our mandate to keep banks safe and sound, we need a strong regulatory framework. Within Europe, greater harmonisation of banking rules and European deposit insurance would support integration and simplification. And fostering the Single Market would promote the efficiency of the banking sector.

Internationally, a resilient global financial system is key for growth and stability. It depends on common regulatory standards and sound coordination among its supervisors. These guardrails need to be maintained as geopolitical tensions rise. Fragmentation or any weakening of standards could undermine banks’ ability to withstand adverse developments.

1 Banking supervision in 2025

1.1 Resilience of banks under the ECB’s direct supervision in 2025

The euro area banking sector^[1] has remained resilient over the past year, maintaining a robust risk profile and solid fundamentals. The aggregate Common Equity Tier 1 (CET1) transitional capital ratio of significant institutions (SIs) increased slightly year on year to 16.1% in the third quarter of 2025, from 15.7% in 2024.^[2] This improvement was mostly driven by strong profitability and high retained earnings for SIs. The aggregate transitional leverage ratios remained broadly stable at 5.9% for SIs.

Amid gradually declining excess liquidity in the euro area, the banking sector maintained robust liquidity ratios that remained well above minimum requirements. In 2025 the aggregate liquidity coverage ratio for SIs stood at 157% and their aggregate net stable funding ratio was at 126%.

The profitability of SIs proved resilient in 2025. Net interest income remained high despite the easing of monetary policy and was significantly higher than the levels seen during the period of low interest rates. Additionally, non-interest income experienced strong growth, driven by asset management activities and increased net fee and commission income from payment services.

Asset quality also remained stable, supported by modest macroeconomic conditions and solid private sector balance sheets. The overall non-performing loan (NPL) ratio of SIs stood at 1.9%^[3] in the first three quarters of the year, with banks’ provisioning levels reflecting expectations of stable asset quality going forward. However, this stability concealed some differences across countries and asset classes. Weak loan demand from non-financial corporations (NFCs) coupled with banks’ net tightening of credit standards in recent quarters reflected various concerns, such as trade tensions and related uncertainties over the past year. While starting from a low level, the number of bankruptcies in the euro area rose by 5.1% year on year as at the third quarter of 2025^[4], with most cases concentrated among small and medium-sized enterprises (SMEs).

On aggregate, the NPL ratios of SIs remained stable for both SME portfolios and the broader NFC portfolios, at approximately 4.9% and 3.5% respectively. Stage 2 ratios, i.e. the share of loans subject to a significant increase in credit risk since initial recognition, declined slightly to 15.4% for SMEs (-0.16 percentage points year on year) and to 13.6% for NFCs (-0.46 percentage points).

In the commercial real estate (CRE) sector, sentiment indices and aggregated asset quality metrics pointed towards a stabilisation of euro area markets despite headwinds in the office space segment. Stage 2 ratios for CRE portfolios decreased by 1.74 percentage points year on year to 17.8%. However, some countries recorded material increases in NPLs across their SME and CRE portfolios, underlining the need for continued scrutiny of these segments.

In the household segment, lower interest rates and improving housing market prospects fuelled strong demand for mortgage loans, with asset quality continuing to improve. Conversely, asset quality in consumer credit deteriorated slightly, as reflected by a 0.16 percentage point year-on-year increase in the NPL ratio, which reached 5.5%.

1.1.1 Stress testing in 2025

In 2025 ECB Banking Supervision conducted a solvency stress test for SIs in the euro area.^[5] A total of 51 large euro area banks took part in the EU-wide stress test coordinated by the European Banking Authority (EBA) and 45 medium-sized institutions participated in the parallel stress test coordinated by the ECB. A common analytical framework was used across all institutions. The EBA published detailed results of its 2025 EU-wide stress test for the 51 largest euro area banks. The ECB published individual results for the 45 medium-sized banks, as well as a report on the aggregate final results of its 2025 stress test of euro area banks for the full sample of 96 supervised entities.^[6]

Overall, the stress test highlighted the resilience of the euro area banking sector in weathering a severe but plausible economic downturn. The 2025 stress test reaffirmed the increasing resilience of the banking sector since the establishment of the Single Supervisory Mechanism (SSM) in 2014. Starting from a level of 11.1% at year-end 2013, the aggregate CET1 ratio increased by 4.9 percentage points to 16.0% at year-end 2024 (Chart 1). The stressed CET1 ratio under the adverse scenario rose gradually over this period, reaching a level 3.5 percentage points higher in the 2025 exercise than that seen in the ECB’s 2014 comprehensive assessment. Compared with the 2023 exercise, the 2025 stress test results showed higher overall losses for credit risk, given a larger increase in NPLs, whereas market risk losses, operational risk losses and the impact on the risk exposure amount were broadly the same as in the previous exercise in 2023.

That said, improved profitability enabled banks to better absorb adverse shocks during the stress test period and more than compensated for higher losses. Therefore, capital depletion was lower, with net interest income accounting for most of the improvement in the 2025 stress test results as compared with the 2023 stress test.

Stress test outcomes feed into the supervisory dialogue with the ECB’s supervised entities. Any qualitative deficiencies identified during the stress test exercise contribute towards the governance component of the Supervisory Review and Evaluation Process (SREP) and can therefore potentially influence the Pillar 2 requirements. Quantitative results are considered when setting the Pillar 2 guidance and its leverage ratio. Developments in system-level aggregated CET1 ratios before and after stress in supervisory stress test exercises conducted across the EU are shown in Chart 1.

Chart 1

Aggregate CET1 capital ratio at the starting point and at the end of three-year adverse scenario

(percentages of risk exposure amount)

In parallel with the 2025 EU-wide stress test, the ECB conducted a counterparty credit risk exploratory scenario analysis to assess selected banks’ ability to model counterparty credit risk under different stress scenarios and to identify vulnerabilities linked to exposures to non-bank financial institutions (NBFIs). While this exercise did not directly affect the capital requirements, its findings were used to feed into the supervisory dialogue with participating institutions.

The outcome of the analysis indicated that stressed counterparty credit risk exposures, net of collateral, to US-domiciled NFCs and NBFIs were particularly large. Moreover, a euro depreciation scenario generally produced higher counterparty credit risk losses than a declining rate scenario. At the same time, stressed wrong-way risk, which measured the degree of positive correlation between the exposure to a counterparty and its default risk, appeared relatively limited.

1.2 Supervisory priorities for 2025-27

1.2.1 Introduction

The banking sector outlook is largely shaped by persistent uncertainties surrounding the geopolitical environment and their implications for the euro area economy. While the euro area banking sector has remained resilient during recent stress episodes, the supervisory priorities reiterated ECB Banking Supervision’s call for prudence and the need for ongoing monitoring and regular assessments of the implications these external shocks could have for the sector. In this context, supervised entities were asked to strengthen their ability to withstand immediate macro-financial threats and severe geopolitical shocks (Priority 1, see Section 1.2.2), focusing primarily on their credit risk management and operational resilience frameworks. Given the cross-cutting nature of geopolitical risks, supervised entities were encouraged to incorporate the potential implications of these risks into their business strategies and risk management frameworks. In addition, supervised entities were asked to step up their efforts to remedy, in an effective and timely manner, persistent material shortcomings identified in their risk data aggregation and risk reporting as well as in their business strategies and risk management of climate-related and environmental risks (Priority 2, see Section 1.2.3), thereby reflecting the heightened supervisory scrutiny devoted to these critical areas. Finally, with technological advances becoming a priority for the future of the banking sector, supervised entities were asked to strengthen their digitalisation strategies and tackle emerging challenges stemming from the use of new technologies (Priority 3, see Section 1.2.4).

1.2.2 Priority 1: strengthen resilience to immediate macro-financial threats and severe geopolitical shocks

1.2.2.1 The management of geopolitical risks in the supervisory priorities

Geopolitical risks remained a key focus in the ECB’s supervisory priorities for 2025-27 given the heightened global uncertainties and the interconnected nature of such risks. It furthermore underlined the need for banks to integrate these risks into their overall risk management frameworks and to maintain broad-based resilience.

Addressing geopolitical risks

Supervisory assessments in 2025 built on the framework set out in 2024^[7] to better understand how geopolitical shocks affect the financial system and banks. Joint Supervisory Teams (JSTs) incorporated geopolitical factors into the assessment of credit, market, liquidity, operational and governance risks, treating them as cross-cutting drivers. Supervisors focused on banks’ governance and risk management, including their ability to identify, assess and respond to geopolitical shocks. In January 2025, the ECB organised a roundtable discussion with banks to gather insight into banks’ practices for managing geopolitical risks, which informed the supervisory activities and supported the ECB’s broader initiatives to enhance banks’ resilience to geopolitical shocks. Geopolitical risks were also embedded in the 2025 EU-wide stress test,^[8] which was based on an adverse global geopolitical scenario (see Section 1.1.1).

In 2025 ECB Banking Supervision placed particular importance on the operational dimension of geopolitical risk. JSTs reviewed banks’ preparedness for cyber threats, physical security challenges and disruptions to outsourced services. The ECB followed up on the findings of the 2024 cyber resilience stress test^[9], which confirmed that banks were generally well prepared for recovery after a cyberattack, but the test also revealed areas in which further effort needed to be made. Supervision in this area complemented the ongoing implementation of the EU’s Digital Operational Resilience Act (DORA)^[10].

Additionally, ECB Banking Supervision continued to closely monitor euro area banks with subsidiaries in Russia, requiring clear de-risking roadmaps, regular reporting and risk-based measures to ensure the timely and orderly reduction of exposures.

Finally, the ECB also created a dedicated web page on geopolitical risk on its banking supervision website.

1.2.2.2 Credit risk management frameworks

Throughout 2025 supervisors continued to address structural deficiencies in banks’ credit risk management frameworks and monitored geopolitical risks, macroeconomic uncertainty and emerging risks in vulnerable sectors, all of which can lead to heightened credit risk. For example, rapidly evolving relationships between banks and NBFIs, such as private market funds, can expose banks to new direct and indirect risks requiring supervisory attention.^[11] Despite changing risks, the fundamentals of credit risk supervision remained unchanged. In 2025 the ECB continued to focus on the entire credit risk management cycle, from loan origination to NPL management, ensuring banks had proactive management processes in place.

Related on-site and off-site supervisory activities were consolidated and managed by the JSTs, thereby ensuring a holistic and efficient approach to supervising credit risk.

On-site inspections (see Section 1.4.2) in 2025 focused on retail, commercial real estate, leveraged finance and corporate or SME portfolios, specifically targeting loan origination, risk classification and modelling practices for expected credit losses.

Off-site horizontal work (see Section 1.4.1) followed up on key findings from on-site inspections. For example, JSTs issued letters to 12 banks following a comprehensive review of leveraged finance, outlining recommendations on how banks should remediate the findings from this review. Horizontal functions and JSTs also carried out off-site assessments through both horizontal targeted reviews and bank-specific deep dives. For example, a targeted review of the management of emerging risks in SME portfolios was finalised^[12] and JSTs carried out deep dives on topics and risks specific to their banks, such as forbearance and the effectiveness of early warning systems.

There was also continued focus on the assessment of climate risk and how it affects credit risk, and more specifically on the energy performance of buildings and the availability of insurance coverage for physical hazard events. As part of these efforts, the ECB organised two dedicated conferences with industry representatives to discuss the challenges and identify potential solutions.^[13]

Further progress was made in the remediation of findings relating to counterparty credit risk in 2025. In addition, joint work with the Federal Reserve Board and the Bank of England on counterparty credit risk exposures to NBFIs continued, with a specific focus on counterparty credit risk measurement and exposures to non-banks that engage in market-making activities. The analysis revealed that banks need to continue their efforts in improving data quality to ensure their measurement of counterparty credit risk is sound and reliable. Banks’ stress testing of their counterparty credit risk exposure should not only stress market risk factors but also address portfolio concentration and portfolio liquidity. Moreover, banks should have robust intraday counterparty credit risk management in place that appropriately caters for their counterparties’ activity throughout the day, especially for non-bank market makers.

In 2025 the ECB also continued to monitor foreign exchange settlement risk using a sample of SIs most active in this area. To this end, the ECB collects semi-annual data and statistics on foreign exchange settlement risk – based on the revised methodology of the Global Foreign Exchange Committee – and regularly engages with SIs on internal changes and general market trends.

Detailed findings from all finalised off-site and on-site supervisory activities were communicated to banks in writing, with dedicated meetings to explain each outcome in detail (see Section 1.3.1). Where appropriate, these fed into the SREP outcomes, and the related supervisory measures were discussed with the supervised entities as part of the regular supervisory dialogue.

1.2.2.3 Operational resilience frameworks for ICT risk, including cybersecurity and ICT third-party risk

In 2025 the ECB continued to prioritise the operational resilience of SIs, with a focus on information and communications technology (ICT) security, including cybersecurity, and ICT third-party risk. From January 2025, DORA reshaped supervisory activities, requiring banks to strengthen their ICT risk management, including ICT third-party risk management, and their ICT-related incident reporting. The supervisory methodologies were updated to ensure that they are aligned with the requirements under DORA across all supervisory activities. The ECB’s frameworks for cyber incident and outsourcing reporting were repealed and replaced with the reporting timelines and standardised templates stipulated under DORA.

In response to the evolving cyber risk landscape, supervisors drafted a comprehensive cyber incident crisis playbook to improve coordination and capabilities across internal and external cyber risk frameworks. These capabilities included the ECB’s internal preparations as well as international incident response protocols.

The 2025 on-site inspections of ICT risk were largely based on the ECB’s supervisory priorities and focused on cybersecurity and ICT third-party risk management. Additional on-site inspections followed an idiosyncratic approach, as requested by the JSTs (see Sections 1.3.1 and 1.4.2). Furthermore, the ECB set up a team to oversee the threat-led penetration testing of SIs. Threat-led penetration testing is a new supervisory tool used under DORA, for which the ECB acts as the responsible authority for SIs. In 2025 the ECB conducted its first data collection of the register of information under DORA on ICT-related third-party arrangements for SIs. Data analyses confirmed the current trends: an increased reliance on ICT third-party service providers, a concentration of a small number of ICT third-party service providers, particularly cloud service providers, and low levels of substitutability of ICT third-party service providers, combined with difficulties reintegrating outsourced services.

Therefore, the Guide on outsourcing cloud services to cloud service providers sought to provide clarity on the ECB’s expectations regarding the requirements set out under the DORA Regulation, fostering supervisory consistency and helping to ensure a level playing field by increasing transparency.

Cyber risk and IT outsourcing risks continue to be a key challenge for banks, as increasing threats from geopolitical risk require them to further adapt their cybersecurity and ICT third-party risk management.

1.2.3 Priority 2: timely and effective remediation of persistent material shortcomings

The ECB’s supervisory strategy focused on a shift from risk identification to risk remediation, requiring banks to address persistent material shortcomings and align with its supervisory expectations. Previous assessments had revealed significant deficiencies in banks’ management of climate-related and environmental risks and their risk data aggregation and risk reporting capabilities, which remain a key focus in the ECB’s supervisory priorities for 2025-27. While considerable progress was made in both areas, further remediation efforts are vital and will require follow-up work in the forthcoming supervisory cycles.

1.2.3.1 Deficiencies in business strategies and managing climate and nature-related risks

Supervising banks’ ability to adequately manage climate and nature-related^[14] (C&N) risks remained high on the supervisory agenda in 2025. This is because physical and transition risks continued to materialise and increase in scale and frequency, and there were persisting deficiencies in banks’ C&N risk management frameworks.

In 2025 the ECB completed a multi-year programme to advance banks’ risk management capabilities and continued to move towards a business-as-usual approach by supervising C&N risks as part of its regular supervisory assessments and processes. Based on the current regulatory requirements, the ECB had set the end of 2024 as the expected timeline for banks to improve their related risk management practices. In previous years, and following various rounds of dialogue and feedback, the ECB had issued binding supervisory decisions to those banks with material deficiencies, combined with periodic penalty payments that accrued daily should banks fail to meet these risk requirements within the deadlines set (“combined decisions”)^[15]. In 2025 the ECB issued one such combined decision in relation to these requirements. It also finalised one enforcement proceeding concerning the failure of an entity to comply with an ECB decision on these risk requirements where it determined the overall amount of periodic penalty payments (see Section 2.3.1).

In general, banks made significant progress in managing the risks stemming from the ongoing climate and nature crises: they put in place the institutional architecture to identify, monitor and manage C&N risks. ECB analyses show that more than 90% of banks consider themselves to be materially exposed to these risks (compared with 50% in 2021)^[16] and that all banks now have climate stress-testing frameworks. Most banks also started to put the relevant frameworks in place to quantify their capital needs. However, sustained supervisory attention is still warranted given the nascent risk quantification methodologies, the persisting challenges in managing physical and transition risks, and the remaining bank-specific weaknesses observed in individual institutions.

Acknowledging the various challenges faced by banks, the ECB is currently finalising its report on good practices for climate-related and environmental risk management as an update to the compendium first published in 2022. This compendium is a useful tool for banks to explore the potential avenues for improving their related risk management practices. The ECB also engaged in ongoing dialogue with banks to discuss their general progress and to understand the challenges they face. One example of this was the ECB industry dialogue on “Climate and nature risk management: taking stock and looking ahead” on 1 October 2025.

1.2.3.2 Risk data aggregation and risk reporting

Risk data aggregation and risk reporting (RDARR) is essential for sound risk management and effective decision-making, as deficiencies in data quality and reporting undermine a bank’s ability to identify, monitor and mitigate risks. Robust RDARR capabilities enable banks to enhance their operational efficiency and competitiveness and they facilitate the use of digital tools and innovative technologies such as (artificial intelligence) AI and advanced analytics.

As insufficient progress in banks’ RDARR capabilities was still observed in 2025, based also on the expectations set out in the Guide on effective risk data aggregation and risk reporting published in May 2024, the ECB took an overarching approach to all banks in 2025. The aim of this approach was to closely monitor developments in the RDARR capabilities of all SIs in order to identify and follow up on any deficiencies.^[17] A key element of this approach was defining a clear escalation process that required banks to provide clear timelines and interim milestones for remediating their identified shortcomings and addressing their root causes. Where initial measures failed to achieve timely results, more effective tools were employed to ensure proper remediation. These tools were based on the binding supervisory measures laid down under Article 16 of the SSM Regulation^[18], which also include periodic penalty payments as potential enforcement measures.

The ECB continued to ensure a holistic approach to data quality issues, incorporating findings from other supervisory activities into the overall assessment of banks’ RDARR capabilities. These included the quality of data provided for the ECB short-term exercise and stress tests, as well as the effective aggregation of exposures to the private credit market. To strengthen efforts in this area, the ECB established a legal framework in early January 2025 to ensure adequate data quality in stress test reporting.^[19] Furthermore, and following a successful pilot in 2023, the ECB continued to produce its annual Management report on data governance and data quality.^[20] As compared with the exercise conducted in 2024, this year banks’ senior management had been more involved in the remediation of identified shortcomings, with clear ownership and responsibility for project management at the management body level.

Overall, the increased focus on RDARR capabilities over the past three years has resulted in gradual progress. RDARR capabilities now fall under the remit of banks’ senior management and important strides were made to remediate findings from past supervisory activities. Nevertheless, ongoing supervisory activities, including on-site inspections, confirmed that supervised entities still need to continue to work on areas such as data governance, the scope of application of the data governance framework, data architecture and IT infrastructure.

1.2.4 Priority 3: digitalisation strategies and the use of new technologies

1.2.4.1 Digital transformation strategies

Banks’ digital transformation and the use of new technologies require strong governance and risk management capabilities. Digitalisation is not just about technology. It is also about institutions’ internal culture and capabilities. Embedding innovation into the business and ensuring overall digital readiness are key to the success of any digital strategy. The timing and extent of digitalisation remain a bank’s own strategic decision but they can have profound implications for banks’ operational and financial risks and can affect their risk profiles.

In 2025 the ECB conducted a number of supervisory activities with the intention of gaining insight into new technology use cases and understanding how these use cases can affect banks’ risk management capabilities.^[21] These activities included continuing its targeted on-site inspections for the fourth consecutive year, comprehensively examining banks’ digitalisation strategies and strategy execution levers, including new technologies, resourcing and project management capabilities, and assessing the financial and non-financial impacts of digitalisation. Off-site activities included workshops across 13 SIs on the use of AI for credit scoring and fraud detection.

In the context of digital transformation, data are very important, both for the banks themselves and for supervisors. The ECB’s annual data collection on digitalisation and the use of innovative technologies was finetuned to better capture technology and innovation. It formed part of the short-term exercise, a data collection conducted by the ECB to complement regular supervisory reporting. It continued to be a key source of data for assessing banks’ progress in digital transformation, capturing developments in banks’ digitalisation activities, technology cooperation and use cases. Analysis of the collected data aided the selection of use cases and banks for further assessment or participation in workshops and other such interactions.

As part of its targeted approach, the ECB also conducted two horizontal analyses exploring the use of digitalisation in specific business lines. This was done through workshops on digital payments and on digital retail business with 12 SIs. Moreover, the SSM Conference on Digitalisation on 16 October 2025 brought together supervisors and banks to exchange views on digital strategies, the implementation of these strategies in specific business lines such as retail and payments, and on AI developments and the related risks.

1.3 Efficient and effective risk-based supervision

Since the inception of the SSM in 2014, the way banking supervision is conducted has changed significantly. During its first few years of operation, European banking supervision was focused on harmonising supervisory practices. In more recent years, supervision has been transitioning to a more agile setting in which more efficient and consistent outcomes are achieved through less complex, yet equally rigorous, methodologies and more flexible processes. In 2023 the ECB established a risk tolerance framework that allows supervisors to prioritise critical risk areas and gives them more flexibility when it comes to identifying and tackling novel and emerging risks.

In 2025 the ECB developed a comprehensive agenda for further increasing the efficiency, effectiveness and risk focus of European banking supervision. This agenda, which is described in the report Streamlining supervision, safeguarding resilience, published in December 2025, comprises four initiatives. First, the reform of the SREP, which began in 2024, continued to be implemented in 2025 with completion due in 2026 (see Section 1.3.1).^[22] Second, as a result of the “next-level supervision” project, the objectives of the SREP reform were broadened to include areas such as decision-making, internal model approvals, stress testing, capital-related decisions, reporting and on-site inspections (see Section 1.3.2). Third, a dedicated initiative was launched to further promote a unified supervisory culture under the SSM (see Section 1.3.3). Lastly, the ECB is currently developing a framework for evaluating supervisory effectiveness (see Section 1.3.4).

1.3.1 Implementing the SREP reform

In line with its mandate, ECB Banking Supervision regularly assesses the financial soundness of banks under its direct supervision through the Supervisory Review and Evaluation Process (SREP). To respond to a rapidly evolving risk landscape and following an independent expert review^[23], the ECB launched a comprehensive reform of the SREP in 2024 to enhance its effectiveness, efficiency and risk focus.

The first cycle under the SREP reform was concluded in October 2025, with decisions adopted six weeks earlier than in previous years. This milestone is just one of the tangible impacts of the SREP reform, and significant progress has been made on all six objectives under the reform.^[24]

• More focused risk assessments: since 2023, the ECB has been taking a multi-year assessment approach and applying a risk tolerance framework to its assessments.^[25] In 2025 the multi-year assessment exercise was conducted for 75% of the SREP elements and was extended to banks’ subsidiaries.
• Better integration of supervisory activities: to gain a more comprehensive view of banks’ risks and reduce duplication, JSTs now draw more systematically on insights from their on-site inspections, thematic reviews and other sources, moving beyond a reliance on year-end data. In addition, banks receive their Supervisory Examination Programme earlier in the year, helping them align their planning.
• Full use of the supervisory toolkit: greater emphasis is now placed on timely communication and the escalation^[26] of supervisory measures. Along with the introduction of a tiered approach for the follow-up of measures,^[27] SREP decisions have become more focused on the most structural and severe issues, with other findings being addressed throughout the year.
• Improved communication: the new format of SREP decisions^[28] fosters more focused dialogue with banks, as key risk drivers and supervisory concerns are highlighted upfront in a streamlined format.
• More stable methodologies: the ECB is striving to make supervisory methodologies more stable and predictable. Updates, such as the revised Pillar 2 requirement methodology^[29], make the methodology simpler and more robust.
• Better use of IT systems and data analytics: digital tools support data-driven supervision and effective interaction with banks, such as the possibility for banks to track the status of their qualitative measures and submit evidence directly to their supervisors.

1.3.1.1 Monitoring progress

To ensure that the SREP reform delivers the intended benefits, ECB Banking Supervision consistently monitors its impact against the main objectives. This monitoring draws on a set of indicators that are being further developed and refined, covering the six objectives listed under the reform. These indicators are expected to include the availability and effective use of the multi-year assessment within the SREP, the length and relevance of SREP decisions and measures, the use of digital tools to support real-time follow-up on findings and measures, as well as the deployment of SREP measures and the overall timeliness of the SREP cycle. These indicators will be reported on in future editions of the ECB Annual Report on supervisory activities.

1.3.2 Next-level supervision: reforming supervisory activities beyond the SREP

In 2025 the ECB and the national competent authorities (NCAs) initiated a further broad set of reforms with their next-level supervision project. This project aims to streamline and simplify key supervisory processes, complementing the SREP reform. It was designed to take into account a bottom-up survey carried out by some of those NCAs participating in European banking supervision and input from the banking industry.

The project covers the following key areas.

1. Decision-making: the ECB is improving the efficiency, effectiveness and risk-based nature of its supervisory decision-making processes. This concerns, for example, fit and proper assessments and common procedures such as licensing and approvals of qualifying holdings. Streamlined decision-making will speed up supervisory processes for its supervised entities and will allow the ECB to focus its resources on the most relevant aspects. Streamlined decisions are due to be implemented by the second half of 2026, with additional improvements being introduced over time as digital tools are implemented. In addition, a fast-track process for simple significant risk transfer securitisations will be implemented in early 2026 (see Box 2).
2. Internal models: streamlining the supervisory processes related to internal models is key to reducing the workload for banks and supervisors that is generated by approvals of material model changes. The ECB is gradually introducing more risk-based approaches for the approval of model changes in general and model changes made at an earlier stage in the process. This circumvents the need for banks to maintain multiple model versions in parallel. Implementation of these changes will take place over the course of 2026.
3. Stress testing: the ECB has already taken steps in previous stress test cycles to increase proportionality, introduce more risk-based data quality assurance and reduce the number of data submission cycles. The ECB is taking further steps to streamline its stress testing by moving towards more agile and fast-paced approaches, simplifying templates and cutting resource needs for banks and supervisors alike. These changes will be implemented beginning with the 2026 thematic stress test and the 2027 EU-wide stress test.
4. Capital-related decisions: the ECB is introducing a “fast-track” process for the approval of clearly defined, low-risk own funds transactions. This initiative aims to shorten the processing time and will be operational from the first quarter of 2026. With continuing investment in digital technologies, the ECB aims to bring processing times down to two weeks for the simplest cases.
5. Supervisory reporting: the ECB is striving to streamline the reporting process and reduce costs for banks while maintaining the quality and relevance of the data that is collected. In 2025 the ECB circulated a questionnaire to gather industry proposals for simplifying the reporting landscape and followed this up with a workshop. The ECB reviewed the “least-used templates” and reduced existing reporting demands. For instance, the data points in the 2026 short-term exercise reporting package were reduced by 18.5%. In 2026 the ECB plans to refine and enhance its process for horizontal reporting requests and define a materiality threshold concept for data resubmission requests. Further refinements to the short-term exercise data reporting will be introduced in the 2027 SREP cycle. The ECB is also implementing measures to enhance proportionality in the reporting requirements for small and non-complex institutions (SNCIs), including integrating the SNCI concept into the ECB FINREP Regulation.
6. On-site supervision: the ECB and the NCAs agreed to introduce a range of improvements to the on-site inspection process in 2026. These improvements include reviewing and streamlining internal and external guidelines related to on-site supervision, producing more concise inspection reports, strengthening the coordination between on-site inspection teams and introducing shorter, more targeted missions.

Across each of these six areas of work, the ECB is increasing its use of digital tools for its oversight (also known as supervisory technology or “SupTech”). In this context, the ECB is launching a comprehensive IT project (2026-28) to further digitalise end-to-end supervisory processes, including decision-making procedures, through enhanced integration of internal systems and the envisaged single SSM portal (see Section 5.2.1). Advancing the ECB’s digital infrastructure not only helps supervisors perform their roles more efficiently and effectively, but it ultimately also benefits supervised entities through easier communication, faster processing of supervisory tasks and greater resource efficiency.

1.3.2.1 Additional planned initiatives

In 2026 the ECB will start a review of its supervisory guides and other communications with a view to enhancing transparency regarding its expectations and supervisory approaches. One objective of this review will be to once more underline that ECB guidance does not set binding requirements that go beyond the applicable EU legislation.

In addition, the ECB will review the application of proportionality in the supervision of less significant institutions (LSIs). The review will examine, in particular, the sub-set of LSIs included in the existing SNCI framework. The review will consider aspects such as the frequency and depth of the SREP assessment, the internal capital adequacy assessment process (ICAAP) and the internal liquidity adequacy assessment process (ILAAP), as well as sector-wide stress testing.

1.3.2.2 Implementation and follow-up

The changes agreed as part of the next-level supervision project will be implemented in 2026 and over the coming years, alongside the ongoing work to strengthen the single supervisory culture (see Section 1.3.3). The ECB will monitor the progress made in terms of implementing the various initiatives under all of the reforms and it will report on this progress in its Annual Report on supervisory activities.

1.3.3 SSM supervisory culture

In February 2025, the Supervisory Board of the ECB launched its supervisory culture initiative^[31] with a view to providing a platform for discussions on topics such as the SREP reform (see Section 1.3.1) and the next-level supervision project (see Section 1.3.2). This multi-year initiative aims to ensure consistent and effective implementation of these reforms and projects across European banking supervision by fostering a shared supervisory culture that is in line with its three key strategic objectives.

• Risk-based supervision: prioritising material risks, taking ownership of decisions and acting decisively.
• Efficient and effective supervision: delivering timely outcomes, remedying issues promptly and driving continuous improvement.
• Integrated supervision: collaborating across European banking supervision to achieve better results as one team.

To achieve these strategic objectives, an activation plan was drawn up to strengthen communication and collaboration, develop skills and leadership, enhance focus on risks and priorities and improve operational efficiency.

This multi-year initiative is being implemented jointly by ECB Banking Supervision and the NCAs.

1.3.4 Evaluating supervisory effectiveness

Effective supervision ensures that banks remediate their deficiencies in a timely manner. ECB Banking Supervision strives to continuously enhance its effectiveness by enabling supervisors to promptly assess prudential risks, identify material shortcomings and make more effective use of their supervisory toolkit and their supervisory powers.

In 2025 the ECB developed a framework for evaluating its supervisory effectiveness. This framework defines the methodologies that can be used to evaluate the effectiveness of its relevant supervisory activities, particularly those methodologies used for implementing its supervisory priorities.

There are certain natural obstacles to evaluating supervisory effectiveness, such as the fact that the outcomes of supervisory activities may (i) not be directly observable in financial or statistical data, (ii) have a delayed impact, and (iii) be influenced by external factors outside of the supervisor’s scope of influence. Therefore, it is crucial that supervisors’ evaluations are adequately prepared from the very start of their supervisory activities. During the planning phase, JSTs are expected to define clear objectives that specify the intended impact on their supervised entities, determine how these impacts can be measured, even if only partially by using specific indicators, and identify the corresponding data requirements.

Evaluating its supervisory effectiveness ultimately enables the ECB to use the conclusions drawn from the evaluations to continuously improve the way that it conducts its supervisory activities, such as deciding whether a prioritised vulnerability has been properly addressed or whether its supervisory strategy for remedying such vulnerabilities needs to be adjusted. These evaluations can also be employed to feed into the best practices or methods used for achieving certain intended supervisory outcomes.

Evaluating its supervisory effectiveness can furthermore support the ECB’s communication with its external stakeholders, such as the European Parliament, and feed into a general discussion on the accountability of ECB Banking Supervision.

1.4 Direct supervision of significant institutions

1.4.1 Off-site supervision

The direct supervision of credit institutions focuses on proactively identifying and mitigating risks to ensure that banks remain resilient and well-managed in an increasingly complex and dynamic environment.

Off-site supervision is made effective by using an integrated and coordinated planning system to enable the JSTs to balance their resources across horizontal, bank-specific and ad hoc supervisory tasks (see also Section 1.4.1.2).

1.4.1.1 Principle of proportionality

ECB Banking Supervision applies the principle of proportionality to its supervisory activities and methods. The scope and intensity of supervision depend on factors such as the bank’s size, systemic importance, risk profile and the complexity of its business model.

In line with ECB Banking Supervision’s multi-year SREP approach (see Section 1.3.1), banks with stable and less complex risk profiles may be subject to fewer or less frequent supervisory assessments, whereas more comprehensive assessments are prioritised for institutions with higher risk or greater systemic relevance.

As a result, JSTs responsible for larger and/or riskier SIs typically plan and conduct more supervisory activities over the year than those JSTs supervising smaller and/or less complex institutions.

1.4.1.2 Supervisory planning process and supervisory activities

The supervisory planning process follows a consistent and integrated approach whereby the supervisory priorities steer the planning of horizontal activities, on-site inspections and internal model investigations, as well as the JSTs’ supervisory activities.

To ensure effective supervision, the ECB and NCAs collaborate closely when planning their activities and with due regard for the supervisory priorities, bank-specific risks and the risk tolerance framework. This planning involves selecting samples of supervised entities that are to participate in horizontal and on-site activities. One of the outcomes of that process is the high-level work programme, which complements the JSTs’ overall planning process.

In any given year, the supervisory activities planned by the JSTs are reflected in the annual Supervisory Examination Programme. The supervisory planning process is an important part of the JST’s communication with its supervised entity. A simplified activity plan describing the supervisory activities that warrant involvement or input from the supervised entities is shared with banks by the end of the year.

Following the SREP reform and the move towards a more integrated multi-year assessment framework, the planned supervisory activities under the aforementioned programme provide key analytical input for the JSTs’ SREP assessments (see Section 1.3.1).

Based on the principle of proportionality, the off-site activity plans include (i) risk-related activities (e.g. the SREP); (ii) other activities related to organisational, administrative or legal requirements (e.g. the annual assessment of significance); and (iii) additional activities planned by JSTs to further tailor the activity planning to the specific characteristics of the supervised group or entity (e.g. analyses of the bank’s business model or governance structure).

1.4.1.3 Supervisory measures

Supervisory measures are one of the key outcomes of regular on-site and off-site supervisory activities.^[32] They set out detailed actions to be taken by the supervised entities to remediate shortcomings. The JSTs are responsible for monitoring the timely and effective implementation of these measures. In 2025 the number of new supervisory measures fell compared with 2024. The most important drivers of supervisory measures were on-site activities, with on-site inspections and internal model investigations (mostly performed on-site) accounting for almost 63% of the total measures. As in previous years, the highest number of new supervisory measures were related to credit risk (42.5%) followed by internal governance (10.7%) (Chart 2).

Chart 2

Supervisory measures

a) Number of measures recorded each year

b) New measures in 2025 by activity	c) New measures in 2025 by risk category

1.4.1.4 SREP horizontal analysis

The ECB published the aggregated results of the 2025 SREP for its supervised entities on 18 November 2025. This included developments in SREP scores, Pillar 2 capital requirements and guidance, qualitative measures and an analysis of selected risk areas. The ECB made available the applicable bank-specific Pillar 2 capital requirements for 2026, including those that are used for addressing the risk of excessive leverage. All supervised entities consented to the publication of their Pillar 2 requirements and their leverage ratio Pillar 2 requirements.

The overall SREP score improved further to 2.5, from 2.6 in 2024, with only 6% of banks seeing their scores worsen and 19% of banks achieving a better score. The overall capital requirements and guidance remained, on average, stable at 15.6% of risk-weighted assets, while the median of Pillar 2 requirements stood at 2.3%, largely unchanged compared with the previous year. In addition, the average Pillar 2 guidance fell from 1.3% to 1.1%, with the 2025 stress test results showing that the higher projected credit risk, market risk and operational risk losses were being offset by the high level of aggregated profits accumulated in 2024. This led to an overall lower capital depletion and, as a result, lower Pillar 2 guidance (see Section 1.1.1).

The 2025 SREP confirmed that, overall, banks under the ECB’s supervision remained resilient, with solid capital and liquidity positions. This was supported by strong regulation, efficient supervision and the extraordinary fiscal and monetary policy response to recent macroeconomic shocks, such as the COVID-19 pandemic, Russia’s war against Ukraine and the subsequent energy crisis. However, the environment in which banks operate remains increasingly challenging, with multilayered geopolitical risks and economic uncertainty. Looking ahead, banks should preserve their financial and operational resilience, strengthen their business models and become more competitive, which would render them better able to serve Europe’s real economy.

1.4.2 On-site supervision

In accordance with the SSM Regulation, the ECB’s oversight of supervised entities is exercised through off-site and on-site supervision, the combination of which aims to ensure a detailed and thorough analysis of business operations. On-site supervision is performed through on-site inspections (OSIs), which are in-depth investigations of risk, risk controls and governance, or through internal model investigations (IMIs), which are in-depth assessments of the internal models used for the calculation of own funds requirements, in particular with regard to methodologies, risk, risk controls and governance.

In 2025, 163 OSIs and 77 IMIs were launched for SIs. The OSIs conducted in 2025 covered both financial and non-financial risks. The areas of investigation were aligned with the ECB’s supervisory priorities, thus ensuring that bank-specific concerns were also addressed. In addition, in 2025 the ECB started its threat-led penetration testing of SIs, a new responsibility stemming from Article 26(1) of DORA.

The IMIs conducted in 2025 mostly covered areas such as material model changes triggered by regular model maintenance and the remediation of obligations relating to previous IMIs.

In July 2025, the ECB updated its Guide to internal models to align with changes introduced by CRR III, clarify the ECB’s interpretation of regulatory requirements and address industry requests for guidance, such as on the use of machine learning in internal models. The Guide also contains clarifications of certain issues observed by the ECB during its IMIs.

Chart 3

On-site inspections and internal model investigations launched in 2023, 2024 and 2025

(number of investigations)

The activities and results of the ECB’s on-site supervision were also shared in its Supervision Newsletter.^[33]

1.4.2.1 Key findings from on-site inspections per risk type

In terms of the calculation of regulatory capital (Pillar 1), the main findings were (i) inadequate assignment of risk weights to exposures; (ii) improper determination of credit risk mitigation techniques; and (iii) insufficient control frameworks for the process of calculating capital requirements, particularly in relation to credit risk.

In terms of the internal capital adequacy assessment process (ICAAP), the most critical findings revealed (i) insufficiently robust, inconsistent, overly optimistic and inadequately implemented internal capital quantification methodologies and assumptions; and (ii) deficiencies in institution-wide stress tests resulting from inappropriate frequency and inadequate coverage of both the normative and economic perspectives.

In terms of credit risk, banks revealed significant weaknesses in accurately quantifying expected credit losses for performing loans. In particular, OSIs continued to identify material needs for improvement in banks’ significant increase in credit risk (SICR) frameworks. Such deficiencies led to risks of insufficient Stage 2 reclassifications and potentially underestimated impairments. Deficiencies were also observed in estimating and calibrating probability of default and loss given default parameters in banks’ expected credit loss models. Some banks struggled to detect deteriorations in counterparty creditworthiness, with issues emerging in monitoring processes such as collateral valuation and early warning systems.

Deficiencies in terms of governance were also identified, including weak internal controls, inadequate risk management frameworks and loan granting processes. Challenges persisted in identifying defaults under the unlikely-to-pay framework, with poor trigger quality and implementation. These issues highlighted the need for stronger risk management and credit monitoring practices to meet regulatory standards.

In terms of liquidity risk, the most severe findings related to regulatory reporting, liquidity coverage ratio and net stable funding ratio calculations. Critical findings also identified inconsistencies between the funding plan, the contingency funding plan and the liquidity risk strategy. Other findings revealed inadequacies in the organisational framework for liquidity risk management, including weaknesses in governance, risk strategy and scenario design for liquidity stress testing.

In terms of the interest rate risk and credit spread risk in the banking book (IRRBB/CSRBB), severe issues were identified in the measurement and management of IRRBB, such as inadequate modelling assumptions, insufficient formalisation, poor design of IRRBB strategies, outdated data, weak IT systems or model risk frameworks. Other severe findings concerned the lack of involvement of management bodies in defining and monitoring IRRBB risk processes and developing frameworks to manage CSRBB.

In terms of market risk, key findings concerned valuation risk, governance, risk management and counterparty credit risk. Valuation risk findings highlighted weaknesses in prudential and accounting adjustments, independent price verification, and day-one profit deferral. Weaknesses were also found in governance, limit frameworks and practices for trading and banking books. Counterparty credit risk inspections identified shortcomings in key metric modelling and validation (e.g. for potential future exposures or stress tests), limit monitoring and collateral management. In preparation for the implementation of the fundamental review of the trading book, both qualitative and quantitative issues were identified, including unclear roles and responsibilities, outsourcing challenges, lack of independent validation and methodological flaws.

In terms of internal governance and closely related findings, issues included (i) weaknesses in risk data aggregation and risk reporting owing to poor governance frameworks, data architecture and IT infrastructure, affecting data accuracy and integrity; (ii) independence, scope of activity and resources for all internal control functions; and (iii) deficiencies in outsourcing risk assessments, particularly for IT services (see below).

In terms of business model and profitability, critical findings included issues in steering profitability drivers, strategy execution, product pricing frameworks, methodologies and monitoring, cost allocation, business plan assumptions and financial projections. Digital transformation activities revealed similar weaknesses as shown by previous OSIs.

In terms of climate and environmental risk, OSI findings revealed that banks had failed to fully identify risks, analyse their materiality and provide accurate risk appetite statements. Other frequent findings showed that climate risk drivers had not been integrated into the credit risk management process, oversight by the management body or the data framework.

In terms of IT risk, the largest share of severe findings continued to be in the area of IT and cybersecurity management, particularly regarding data protection and detection capabilities. Similar to the previous year, considerable deficiencies were identified in IT outsourcing and IT third-party risk management. These issues introduced marked risks to business continuity, particularly amid rapid geopolitical shifts.^[34] Additionally, significant weaknesses were prevalent in IT risk management and IT governance. The identified findings often related to risk identification and assessment and the role of the management body in terms of its oversight responsibilities.^[35]

In conclusion, inspections revealed regulatory breaches and risk miscalculations, despite overall improvements in risk management. Significant deficiencies in risk quantification, governance and internal controls highlighted the need for further action to ensure a resilient banking sector amid ongoing geopolitical and economic uncertainties.

1.4.2.2 Key findings from internal model investigations

IMIs assess whether the internal models used by banks to calculate their capital requirements are compliant with the legal and regulatory requirements. IMIs can either be triggered at the request of a bank, for example for initial model approvals, material changes to models, model extensions, model roll-outs, permanent partial use or reversion to less sophisticated approaches for models, or they can be initiated by the ECB.

In 2025 more than 90% of IMIs were triggered by requests from banks to assess model changes, initial model approvals or model extensions. Similar to 2024, the number of IMIs initiated by the ECB stood at around 5%. The ECB also received and assessed numerous applications to revert to less sophisticated approaches. These requests were in line with broader initiatives taken to simplify internal model landscapes in response to the more detailed and stricter standards resulting from both EBA rules and EU regulations, in particular for portfolios of a smaller size and/or with limited representative data.

The IMIs conducted in 2025 revealed several weaknesses, with an average of 16 findings being identified for each IMI, almost half of which were of high severity.^[36]

Focusing purely on the procedural aspects of internal ratings-based models for credit risk, around two-fifths of the findings were of high severity. Of these, more than half concerned shortcomings in the IT infrastructure, documentation and rating assignment process. For the probability of default and loss given default modelling, a similar proportion (two-fifths) of the findings were of high severity. For the probability of default modelling, close to two-thirds of the severe findings concerned risk quantification and the rating system structure, while for the loss given default modelling, the findings relating to risk quantification and the rating system structure accounted for roughly one half. In areas where severe findings were numerous, the ECB provided additional clarification in its revised Guide to internal models.

One market risk investigation was finalised during the reporting period owing to the impending new requirements stemming from the fundamental review of the trading book. The main weaknesses identified were in some of the building blocks of the new approach.

Several new investigations took place to assess the standardised approach for credit valuation adjustments introduced by virtue of a new regulation as of January 2025, which included a new regulatory exposure model subject to supervisory approval. Weaknesses were found mainly in the areas of scope, regulatory calculations and data quality and maintenance.

In terms of counterparty credit risk, the main weaknesses concerned material model extensions for equity prime brokerage. In these cases, most of the issues stemmed from using a value-at-risk calculation engine originally designed for market risk for counterparty credit risk, from deficiencies in modelling exposure spikes, including their risk factors, and from back-testing and pricing validation.

1.4.3 Fundamental review of the trading book

The fundamental review of the trading book is a key component of the revised Basel III framework. It consists of a major overhaul of the Pillar 1 capital requirements for market risk, which builds on the lessons learned from the global financial crisis of 2007-08, and it aims to reduce the likelihood and impact of similar events in the future. In particular, it introduces stricter rules for classifying assets inside or outside of the trading book, an alternative standardised approach, which is more risk-sensitive but also more complex than the current standardised approach, and additional requirements for the use of internal models.

Owing to high uncertainty regarding the implementation of Basel III in other jurisdictions subject to the rules of the Basel Committee on Banking Supervision, the European Commission postponed the EU’s application of these trading book standards by one year to 1 January 2027 in accordance with its Delegated Regulation of 12 June 2025^[37]. On 6 November 2025, the Commission launched a targeted consultation (which closed on 6 January 2026) on policy options to mitigate negative capital effects for EU banks for three years, ending in 2029.^[38]

In 2025 the ECB followed up on the findings of an off-site targeted review and several OSIs and IMIs by analysing and benchmarking banks’ remedial action plans. Additionally, some of the OSIs assessing the implementation of the alternative standardised approach identified bank-specific shortcomings in the underlying calculations, operational processes and data management, such as booking issues preventing the proper feed of sensitivities, as well as in the involvement of the second and third lines of defence, such as incomplete sign-offs of sensitivities or the absence of internal audit reviews. Both qualitative and quantitative issues were revealed, including unclear roles and responsibilities, outsourcing challenges, a lack of independent validation and inconsistencies in the scope of the calculations under the alternative standardised approach, such as missing curvatures on financial instruments with optionality and methodological shortcomings, including incorrect bucketing of some risk factors using sensitivity-based methods or the improper calculation of notional values in residual risk add-ons. In terms of operational implementation, banks faced challenges in data management, in particular regarding the quality and availability of high volume and granular data, technology infrastructure and regulatory interpretation and consistency, owing to differences between jurisdictions. Furthermore, despite there being an alternative standardised approach, banks encountered further challenges surrounding the complexities of the calculations, requiring the computation of three different metrics, as prescribed for the sensitivity-based method, for example.

The first two OSIs on the alternative standardised approach took place in 2023, another in 2024 and four more in 2025. Furthermore, six more OSIs of the same kind are planned for 2026 through a campaign, alongside ongoing supervisory engagement to ensure the smooth implementation of the fundamental review of the trading book.

1.4.4 Supervision of non-EU banks

In 2025 the ECB supervised 14 subsidiaries of non-EU banks operating in the euro area. These entities collectively hold €1.9 trillion in total assets, representing 7% of total assets under ECB Banking Supervision, and play an important role in the EU’s financial system and real economy as providers of corporate and investment banking products. Their combined trading book amounted to €815 billion, accounting for 19% of total trading financial assets under ECB Banking Supervision. Their assets under custody reached €17 trillion, constituting 38% of total assets under custody under ECB Banking Supervision as at the third quarter of 2025.

In 2025 the footprint of non-EU banks in Europe increased slightly compared with 2024, as the implementation of target operating models linked to Brexit approached completion. This milestone marked the transition towards a more stable and mature operational phase for these institutions. Consequently, the ECB’s supervisory focus shifted from the initial post-Brexit priorities, such as assessing banks’ business models, governance arrangements and links to parent companies and preventing empty-shell structures, to a more tailored approach to address the specific risks and characteristics of individual institutions.

A key priority for the ECB continues to be that the regulatory and supervisory standards for non-EU banks be applied consistently across all entities. Therefore, supervisors continued to take a concerted approach to address common themes, particularly in areas affected by a subsidiary’s dimension or strong group (inter)dependencies, such as business model resilience, risk data aggregation and risk reporting, operational resilience frameworks, the assessment of recovery plans and the management of geopolitical risks.

The ECB continued to monitor the execution of implementation plans stemming from the desk-mapping review (see Box 2 of the ECB Annual Report on supervisory activities 2023). It also continued to engage with non-EU banks on the implications of Article 21c of the Capital Requirements Directive and the planned implementation of the national-level requirements. As from 11 January 2027, the provisions will require that third-country banking groups establish a physical presence in the EU for activities involving deposit-taking and the provision of lending and guarantees. This is expected to lead to a material increase in assets as well as further changes to non-EU banks’ operating models, thereby calling for increased supervisory engagement, in particular in relation to a broader range of activities and risk profiles.

1.5 ECB oversight and indirect supervision of less significant institutions

1.5.1 Structure of the less significant institution sector

The number of LSIs declined to 1,828 entities, at the highest level of consolidation, in the third quarter of 2025, as compared with 1,864 LSIs at the end of 2024. 77% of all European LSIs are located in Germany and Austria. In 2025 the changes in the LSI sector related to 49 mergers, most of which were in Germany. Furthermore, eight banking licences were withdrawn and six new licences were granted.

While the LSI sector is composed of diverse and sometimes very specialised business models, retail and consumer credit lenders remained the predominant category, accounting for around 61%. These are often regional savings or cooperative banks, many of which are members of institutional protection schemes.

Despite the overall declining number of LSIs, this sector continued to constitute a relevant share of the euro area banking sector, accounting for roughly 15% of total banking assets, excluding financial market infrastructures operating with a banking licence. The share of LSI assets in the respective country’s total banking assets deviates considerably, pointing to structural differences across euro area countries. In Austria, Germany, Luxembourg and Malta, LSIs accounted for more than one-third of the total assets held in the domestic banking sector, whereas in most other countries the LSI sector is relatively small. For instance, in Belgium, France and Greece, this sector represents, respectively, only 3.7%, 1.5% and 5.1% of total banking assets.

Chart 4

Business model classification of less significant institutions

(percentages)

1.5.2 Selected oversight activities

An important mandate for the oversight of LSIs is fostering high and consistent supervisory standards for LSIs across European banking supervision. One core focus in this respect over the past few years has been the handling of NPLs, especially with the NPL ratio for LSI loan books continuing to rise again recently. A sizeable number of LSIs continued to face challenges from legacy NPLs that had been on the books for many years, causing potential further losses and restricting banks’ capacity for new lending. Therefore, the ECB, in collaboration with the NCAs, drafted a new Guideline^[39] that lays down a common approach to the supervisory expectations regarding the coverage of the stock of legacy NPLs. This initiative benefits from several years of experience using a similar approach for SIs, only with a considerably higher degree of proportionality being given to LSIs.

Further initiatives to foster these high and consistent supervisory standards for LSIs included (i) addressing ICT risk, such as implementing DORA and developing ICT risk monitoring tools; (ii) developing joint approaches to supervising certain business model features or risks, such as fintech and high funding channel concentration; and (iii) establishing a contact group, with participation by the ECB and several NCAs, to advance supervisory practices for LSI climate and nature-related risk. Furthermore, various LSI benchmarking-related exercises were conducted, such as regular credit risk monitoring and SREP benchmarking, the horizontal analysis of the IRRBB, the monitoring of hybrid institutional protection schemes and the identification exercise of LSIs experiencing material growth in key businesses. These initiatives may result in follow-up activities by the NCAs or the ECB if significant weaknesses or risks were identified.

In addition to the harmonisation of the supervisory standards, the oversight function continued to focus on supervisory processes and foster common approaches. In that vein, a project to take stock and further enhance the supervisory approaches for addressing supervisory findings and measures for LSIs began in 2025 and will continue into 2026.

In 2025 supervisors of LSIs paid particular attention to reviewing and addressing the challenges facing smaller banks in response to the growing regulatory requirements. Work on the issue of proportionality focused, in particular, on small and non-complex institutions and will continue into 2026, with the aim of increasing the level of proportionality applied in supervisory practices without compromising the resilience of the LSI sector overall.

1.5.3 Horizontal work on stress testing of less significant institutions

In 2025 the ECB and the NCAs concluded a dedicated follow-up to the 2022 review of national practices for the supervisory stress testing of LSIs by finalising a quantitative stocktake of the most recent aggregated LSI stress test results and several related stress-testing metrics.

To share the knowledge gained from the stress-testing exercises, the ECB and the NCAs organised regular workshops on good practices, certain methodological elements and the applicable supervisory tools.

1.6 The ECB’s macroprudential tasks

The ECB’s role in macroprudential policy is crucial for consistency and effectiveness when addressing systemic risk across the euro area. Through its oversight activities and other such functions, the ECB examines the measures taken by the national authorities to ensure that individual Member States and the European Union as a whole are well prepared to address economic uncertainties and risks to financial stability.

The ECB engaged actively with the national authorities in 2025 in accordance with the macroprudential tasks conferred upon it under Article 5 of the SSM Regulation. In this context, as in past years, the ECB received and assessed macroprudential policy notifications from the relevant national authorities. These notifications concerned decisions on setting countercyclical capital buffers (CCyB), on the identification and capital treatment of global systemically important institutions (G-SIIs) or other systemically important institutions (O-SIIs), and on other macroprudential measures, for example on the setting of systemic risk buffers and on stricter risk weights for banks’ real estate exposures.^[40]

In 2023 and 2024, several national authorities imposed or increased cyclical or structural capital buffers. This trend continued into 2025, resulting in a situation in which all macroprudential authorities in the banking union had announced or implemented some form of releasable buffer requirement, with ten countries having adopted policy frameworks for implementing a so-called positive neutral rate for the CCyB, i.e. a positive rate for the CCyB when cyclical systemic risks are not yet elevated. National authorities also identified 125 O-SIIs and set capital buffer rates for those banks. These buffer rates were in line with the enhanced floor methodology for setting O-SII buffers, as announced by the ECB’s Governing Council in December 2024,^[41] which takes into account the systemic importance of O-SIIs for the banking union as a whole.

ECB Banking Supervision also participated actively in several areas of the work of the European Systemic Risk Board. This included its regular assessments of the risks and vulnerabilities in the EU financial system, the assessment of the EU financial system’s resilience to interest rate changes, the analysis of systemic risk in the crypto-asset sector, as well as its work on securitisation and credit default swaps.

1.7 Risks and supervisory priorities for 2026-28

The supervisory priorities reflect ECB Banking Supervision’s assessment of the main risks and vulnerabilities for supervised entities based on the current risk landscape, forward-looking information, such as the macro-financial outlook and the results of the EU-wide stress test, and the remediation status of material deficiencies identified during its supervisory activities.

The euro area banking sector has so far managed to weather the heightened geopolitical and more structural economic challenges stemming from various global events, such as wars and conflicts in different parts of the world, including Europe, and the more recent escalation of global trade tensions, all of which sparked episodes of high volatility in financial markets and clouded the macro-financial outlook. Although financial and prudential indicators confirmed the broad resilience of the euro area banking sector, as also illustrated by the 2025 EU-wide stress test exercise (see Section 1.1.1), potential headwinds stemming from these external challenges have not yet had a material impact on the banking sector, with downside risks remaining high in light of the persistently high uncertainties.

Therefore, ECB Banking Supervision made targeted adjustments to its supervisory priorities for 2026-28, while maintaining its call for banks to remain vigilant and ensure prudent and sound risk management in the near to medium term. The supervisory priorities for 2026-28 therefore focus on the need for banks to remain resilient in the face of geopolitical risks and macro-financial uncertainties by primarily focusing on prudent risk-taking and sound credit standards, the consistent implementation of CRR III and prudent management of climate and nature-related risks (Priority 1). Under Priority 2, the aim is to ensure strong operational resilience and ICT capabilities, which also includes compliance with the new DORA requirements and the timely remediation of deficiencies in risk reporting capabilities and related information systems.

ECB Banking Supervision is also developing, under Priority 2, a medium to long-term strategy focusing on supervised entities’ digital (and AI-related) strategies, governance and risk management to identify structural trends and risk drivers shaping the future of the banking sector. Supervisors therefore intend to engage with banks in a targeted manner on some of these key themes in the course of 2026. Further details can be found under the supervisory priorities for 2026-28.

2 Authorisation, fit and proper and enforcement and sanctioning procedures

2.1 Authorisation

2.1.1 Significance assessments

In line with the SSM Framework Regulation^[42], the annual assessment of whether a bank or banking group fulfils any of the significance criteria^[43] was concluded in November 2025. It was supplemented by ad hoc significance assessments which were carried out following changes to group structures and led to 51 significance decisions.

As a result, 112 institutions^[44] were classified as significant as of 1 January 2026.

The 2025 annual assessment resulted in the following changes.

In addition, the following changes to group structures took place, affecting the number of significant supervised entities.

Finally, the following changes to group structures took place, without affecting the number of significant supervised entities.

The list of supervised entities is frequently updated and can be found on the ECB’s banking supervision website.

2.1.2 Asset quality reviews

Asset quality reviews (AQRs) aim to ensure that banks that are, or will be, subject to the ECB’s direct supervision are adequately capitalised. The methodology applied in AQRs is set out in a dedicated manual^[45].

In 2025 the ECB concluded the AQR of Raiffeisen-Holding Niederösterreich-Wien reg.Gen.m.b.H. in Austria. The AQRs of two German banks – LBS Landesbausparkasse Süd and Wüstenrot Bausparkasse Aktiengesellschaft – are expected to be concluded in early 2026. In June 2025, the ECB launched AQRs of two banks, KfW Beteiligungsholding GmbH in Germany and Promontoria 19 Coöperatie U.A. in the Netherlands. Each of the five banks assessed fulfilled the size criterion to be directly supervised by the ECB.

2.1.3 High-impact less significant institutions

Owing to the large number of less significant institutions (LSIs), as well as their differences in terms of size, complexity and risk profile, European banking supervision classifies these institutions based on their impact on the financial system and their risk profile. High-impact LSIs are determined once a year for each of the countries participating in European banking supervision. The criteria for determining high-impact LSIs include size, importance for the economy, cross-border activities, business model, and minimum coverage per country.^[46] As at 1 January 2026, 105 LSIs were classified as high-impact. This number has remained broadly stable over the past few years.^[47]

2.1.4 Authorisation procedures

In 2025 the ECB was notified of a total of 676 authorisation procedures (Table 7). These notifications comprised 14 licence applications, 11 licence withdrawals, 42 lapsings of authorisations, 110 acquisitions of or increases in qualifying holdings, 496 passporting procedures and three authorisations of financial holding companies.

In 2025 194 decisions on authorisation procedures^[48] were issued. These accounted for 7.7% of all individual ECB supervisory decisions in 2025.

One licence application and three notifications of acquisitions of or increases in qualifying holdings were withdrawn prior to a decision being finalised owing to a negative assessment.

2.1.4.1 Developments in common procedures

Overall, in 2025 the number of notifications of common procedures for licensing, qualifying holdings and withdrawals submitted to the ECB increased compared with the previous year.

The ECB assessed a high number of qualifying holdings. Several qualifying holding procedures stemmed from internal reorganisations within supervised groups that were subject to the simplified qualifying holding assessment approach. Qualifying holding procedures in 2025 predominantly concerned transactions aimed at consolidation, mostly at national level, although some did target cross-border consolidation. Several hostile acquisitions – including takeovers – involving public offers were also assessed.

In 2025 most licensing procedures were associated with the establishment of new LSIs. The few licensing procedures concerning significant institutions resulted primarily from applications to extend licences for additional regulated activities planned by banks, which is required in certain Member States. In some cases, the licensing procedures were related to the relocation of a significant institution to another Member State or the establishment of a subsidiary of a significant institution in another Member State.

In 2025 some licensing applications were submitted to the ECB by third-country entities intending to expand their business in the EU. In these cases, the assessments focused on the good reputation of the entities and their compliance with anti-money laundering/countering the financing of terrorism standards.

The national competent authorities (NCAs) initiated authorisation withdrawals for two LSIs (in Germany and Austria). One was due to the credit institution entering into insolvency and the other was due to serious breaches of anti-money laundering requirements, breaches of governance arrangements and being subject to insolvency court proceedings.

In 2025 the ECB implemented a risk-based strategy for common procedures that is expected to benefit both supervised entities and proposed acquirers thanks to reduced interactions and faster processing times for less complex cases (see Section 1.3.2).

2.1.4.2 Developments in passporting procedures, (mixed) financial holding companies, and mergers and divisions

The ECB and the NCAs handled 496 passporting procedures in 2025.

After a vast influx of financial holding-related procedures in 2021 and 2022 following the transposition of the Capital Requirements Directive (CRD V)^[49], the number of procedures stabilised in 2023, 2024 and 2025. In 2025 the ECB received three requests to approve (mixed) financial holding companies of significant groups.

In 2025 the ECB also prepared for the application of the revised Capital Requirements Directive (CRD VI)^[50] as of January 2026. CRD VI introduces certain changes in the supervisory treatment of (mixed) financial holding companies via revisions to Article 21a of the Directive. These changes include a new requirement for supervisory authorities to publish an annual list of financial holding companies and mixed financial holding companies that have been granted approval or have been exempted from approval and the designated supervised entity in accordance with Article 21a(4)(c) of CRD VI.

CRD VI also introduces new chapters on the acquisition or divestiture of a material holding, material transfers of assets and liabilities, and mergers and divisions, harmonising the previous “national powers” regimes.^[51] Under CRD VI, the ECB is the sole competent authority for assessing these operations whenever they involve significant institutions. Specifically, for mergers, the ECB is competent for the respective prudential assessment if the resulting entity qualifies as a significant institution. For divisions, the ECB will be competent if the entity being divided is a significant institution.

2.2 Fit and proper procedures

In 2025 the ECB was notified of 1,672 individual fit and proper procedures^[52] concerning significant institutions (Table 8).

In 2025, 67.2% of all individual procedures concerned members of the management body in its supervisory function and 24.9% concerned members of the management body in its executive function. The remaining individual procedures involved key function holders (6.2%), additional non-executive directorships (1.0%), and third-country branch managers (0.7%).

The average time taken to carry out a fit and proper assessment – from receipt of the notification to the ECB adopting a decision – amounted to 113 days, compared with 109 days in 2023. This is within the maximum period of four months set out in paragraph 179 of the Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders.

2.2.1 Developments in fit and proper procedures

The ECB is exploring ways to streamline decision-making by using digital tools and introducing risk-based processes. This should reduce processing times while maintaining the high quality and consistency of its supervisory decisions (see Section 1.3).

On 27 October 2025, the ECB organised a joint seminar with the European University Institute in Florence to raise awareness within the banking industry of sound governance practices.

A suitability assessment may result in the imposition of ancillary provisions when, based on the five fit and proper criteria, certain concerns about an appointee need to be addressed. In 40.85% of the assessments, the ECB identified concerns regarding one or more of the fit and proper criteria. The share of decisions containing ancillary provisions fell from 14.5% in 2024 to 9.15% in 2025. The most common concerns raised in 2025 were about time commitment, experience and conflicts of interest. This led to 27 conditions, 122 obligations, and four recommendations, compared with 55, 151, and 20 respectively in 2024.

If there are material concerns about an appointee’s suitability, the ECB may deem it necessary to carry out a more in-depth assessment and may ultimately signal its intention to adopt a negative decision. Banks then tend to withdraw the application during the supervisory dialogue. This occurred in 30 cases in 2025.

2.3 Enforcement and sanctioning measures and whistleblowing

2.3.1 Enforcement and sanctioning measures

Under the SSM Regulation and the SSM Framework Regulation, the allocation of enforcement and sanctioning powers between the ECB and the NCAs depends on the nature of the alleged breach, the person responsible and the measure to be adopted. The penalties imposed by the ECB within the remit of its supervisory tasks and the penalties imposed by the NCAs at the request of the ECB are published on the ECB’s web page on supervisory sanctions.

Sanctions are intended to punish ongoing or past breaches by a supervised entity and to deter future violations elsewhere in the banking system. Enforcement measures, such as periodic penalty payments, are designed to compel supervised entities to comply with prudential requirements in the event of ongoing breaches.

In 2025 the ECB handled 16 enforcement and sanctioning proceedings. Of these, 14 were sanctioning proceedings, which led to nine ECB decisions, and two were enforcement proceedings, which led to one ECB decision (Table 9).

Of the 14 sanctioning proceedings handled in 2025, ten were related to breaches of directly applicable EU law (ECB decisions and regulations included) committed by nine significant institutions. Five of these proceedings were ongoing at year-end, and five were finalised in 2025 with five ECB decisions imposing penalties amounting to €8,585,000. These penalties were imposed on five supervised entities. Four of these decisions related to breaches of ECB decisions on internal models for credit risk and one decision related to the reporting of miscalculated risk-weighted assets for market risk.

Of the four outstanding sanctioning proceedings handled in 2025, three concerned breaches of governance and qualifying holding requirements laid down in national law implementing the Capital Requirements Directive and one concerned breaches of relevant directly applicable EU law related to own funds and reporting requirements. These proceedings were concluded with four ECB requests addressed to the relevant NCAs to open proceedings to ensure that appropriate penalties are imposed on the parties responsible. These include one significant institution, individuals employed by significant institutions that committed the breaches as well as non-supervised entities and natural persons responsible for the acquisition of qualifying holdings in a significant institution.

The two enforcement proceedings handled in 2025 concerned the failure of two significant institutions to comply with ECB decisions requiring them to strengthen their processes for identifying climate and nature-related risks by a specified deadline in 2024. One of these proceedings was ongoing at the end of 2025 and the other was finalised with an ECB decision determining an overall amount of €187,650 in accrued periodic penalty payments.

Chart 5 provides a breakdown by area of infringement of the enforcement and sanctioning proceedings handled by the ECB in 2025 as well as proceedings finalised between 2020 and 2024.

Chart 5

Enforcement and sanctions activity per area of infringement between 2020 and 2025

(number of proceedings)

Following previous requests from the ECB to open proceedings and having assessed the cases in accordance with their national law, one NCA imposed two pecuniary penalties amounting to €30,000,000 in 2025. Further information on pecuniary penalties imposed by NCAs at the request of the ECB can be found on the ECB’s web page on supervisory sanctions.

Detailed information, including comprehensive statistics on the sanctioning activities that the ECB and the NCAs carried out in 2025 in relation to breaches of prudential requirements, will be presented in the Annual Report on Sanctioning Activities in the SSM in 2025. The report will be published on the ECB’s banking supervision website in the second quarter of 2026.

In addition, in 2025 the ECB issued one binding supervisory decision envisaging the accrual of periodic penalty payments for each day of infringement should the bank concerned fail to comply with the prudential requirements set out in this ECB decision. The decision contained prudential requirements on strengthening the process for identifying climate and nature-related risks.

If the ECB has reason to suspect that a criminal offence may have been committed, it asks the relevant NCA to refer the matter to the appropriate authorities for investigation and possible criminal prosecution, in accordance with national law. Two such requests were submitted to the relevant NCA in 2025.

2.3.2 Whistleblowing

Under Article 23 of the SSM Regulation, the ECB is required to ensure that effective mechanisms are put in place to enable any person to report breaches of relevant EU law, a process commonly referred to as whistleblowing. Accordingly, the ECB operates an online whistleblowing platform.

The ECB ensures full confidentiality of the whistleblowing reports received through the web platform or other channels (e.g. email or post) and takes into account all available information when carrying out its supervisory tasks.

The ECB received 416 whistleblowing reports in 2025, a similar amount to the 421 received in 2024 and up from 355 in 2023. Of these reports, 165 referred to alleged breaches of relevant EU law, 155 of which were considered to be within the ECB’s supervisory remit and ten within that of the NCAs. The remainder referred mainly to alleged breaches of non-prudential requirements (e.g. consumer protection) and therefore fell outside the scope of the whistleblowing mechanism.

Within the ECB’s supervisory remit, the most common alleged breaches reported related to governance issues (80%) followed by public disclosure and reporting (6%), and own funds and capital requirements (6%). Governance-related issues mainly concerned risk management and internal controls, and management body functions and fit and proper requirements. The complete breakdown is shown in Chart 6.

Chart 6

Alleged breaches reported via the whistleblowing mechanism

(percentages)

The relevant Joint Supervisory Teams were made aware of the information reported via the whistleblowing mechanism and decided on the appropriate follow-up actions.

The main investigatory actions taken in 2025 in relation to whistleblowing reports on breaches of relevant EU law received in the course of the year, or previously, included:

• internal assessment based on existing documentation (38%);
• request for documents or explanations from the supervised entity (35%);
• request for an internal audit or on-site inspection (24%);
• interview of the accused persons (3%).

3 Contributing to crisis management

3.1 Crisis cases in 2025

In 2025 no significant institutions were assessed as failing or likely to fail in accordance with Article 18(1)(a) and Article 18(4) of the Single Resolution Mechanism Regulation^[53]. The macroeconomic environment in 2025 remained broadly favourable for banks, particularly with regard to profitability. However, looking ahead, banks face headwinds that may weigh on future earnings. These include a potential deterioration in asset quality, continued margin compression and subdued loan volumes.

3.2 Interaction with the Single Resolution Board

The ECB and the Single Resolution Board (SRB) continued their close cooperation in 2025. The Chair of the ECB’s Supervisory Board and the Chair of the SRB had regular exchanges and visited several national competent authorities (NCAs) and national resolution authorities together. There were frequent exchanges between ECB and SRB staff, who worked together on various topics of common interest and on crisis cases involving less significant institutions (LSIs).

Regular interactions between the ECB’s Joint Supervisory Teams and the SRB’s Internal Resolution Teams continued to be an essential part of this cooperation. Cooperation was particularly close for banks under the ECB’s crisis management framework. This was supported by the bilateral Memorandum of Understanding between the ECB and the SRB on cooperation and information exchange and the dedicated Memorandum of Understanding on the exchange of confidential statistical data, which was signed in 2023.

The ECB and the SRB continued to work together on policy topics of common interest. The organisations ensured that they were closely aligned on the simplification reform agenda from a supervisory and resolution perspective. Moreover, the ECB and the SRB continued their collective efforts on liquidity measurement and reporting. In 2025 they completed the third annual joint liquidity exercise, which tests banks’ crisis preparedness based on the jointly developed liquidity template. Finally, the ECB and the SRB cooperated in the development of their respective digitalisation strategies and digital cultures by building on common experiences and training initiatives and sharing dedicated ECB supervisory technology tools.

In 2025 the ECB and the SRB participated in dry-run exercises as part of their common objective to assess existing capabilities and enhance crisis preparedness. They also took part in the Trilateral Senior Staff Level Exercise at the SRB office in Brussels. Participants in this exercise included resolution authorities, supervisory authorities, central banks and finance ministries from the United States, the United Kingdom and the banking union. In addition, the ECB and the SRB collaborated on several bank-specific crisis simulation exercises to test their preparedness for a potential crisis situation.

In line with the regulatory framework, the SRB was consulted on the recovery plans submitted to the ECB by significant institutions. In turn, the SRB consulted the ECB on draft resolution plans and on the calculation of the proposed restatements to be paid to the Single Resolution Fund by significant institutions in accordance with the Single Resolution Mechanism Regulation.

3.3 Crisis management involving less significant institutions

Crisis management involving LSIs requires close cooperation between the relevant NCA and the ECB. Although supervisory responsibility for LSI crisis management lies with the NCAs, the need for intensified cooperation and information sharing arises when an LSI approaches the point of non-viability, as the ECB is responsible for licence withdrawals. The procedural aspects of this cooperation are laid out in a revised framework for LSI crisis management, which was introduced on 1 January 2024.

In the early stages of a crisis triggered by the deterioration of an LSI’s financial situation, the relevant NCA informs the ECB through an official notification. The ECB received 11 such notifications from NCAs in 2025.

After the notification of financial deterioration is submitted, crisis management contact groups are generally set up, unless the NCA responsible or the ECB identifies justified reasons to opt out. These groups – which include representatives from the ECB, the NCA and, depending on the situation, the relevant national resolution authorities – can be established in response to capital breaches, a deterioration in asset quality or liquidity position, or severe deficiencies in internal governance or control systems.

14 crisis management contact groups were in place over the course of the year, compared with 12 in 2024. These groups continued to play a crucial role in ensuring that stress in individual LSIs was addressed in an effective and consistent way and that supervisory actions were taken in a timely and coordinated manner. This helped keep spillovers to other parts of the financial system as limited as possible.

4 Interinstitutional cooperation

4.1 European and international cooperation

4.1.1 Cooperation with other EU supervisory authorities and authorities from non-EU countries

In 2025 the ECB further strengthened its cooperation with other supervisors across borders and sectors, including by negotiating additional memoranda of understanding (MoUs).

4.1.1.1 Cooperation with non-SSM EU and European Economic Area authorities

Through colleges of supervisors, the ECB is able to develop coordinated supervisory approaches and decisions and ensure common work programmes with other supervisory authorities involved in the supervision of the same cross-border banking group. In line with European regulation, the ECB organises colleges in cases where, as home supervisor, it is the authority responsible for supervising a banking group on a consolidated basis. Alternatively, where the EU authority acting as consolidating supervisor is not part of European banking supervision, the ECB participates in the relevant college as a host supervisor for specific entities under its direct supervision.

In 2025 the ECB and the competent authorities of the EU Member States that are not part of European banking supervision and Norway reaffirmed their commitment to fostering supervisory cooperation and convergence in two dedicated workshops organised by the ECB in March and October. The workshops provided an opportunity to share best practices and promote supervisory efficiency and effectiveness in the context of the ECB’s SREP reform. Meanwhile, the entry into force of two European regulations on the functioning of supervisory colleges^[54] allowed the ECB to further foster the exchange of information on branches of banks headquartered in third countries and streamline cooperation between prudential supervisors and other authorities, such as anti-money laundering and countering the financing of terrorism supervisors.

4.1.1.2 Cooperation with banking supervisors outside the EU

The ECB also cooperates with international supervisors through other fora such as Crisis Management Groups for global systemically important banks (G-SIBs).

Where the ECB is responsible for the supervision on a consolidated basis of groups that also operate outside of the European Union, third-country competent authorities are invited to join the relevant supervisory colleges provided that the EBA has assessed their confidentiality and professional secrecy regimes as being equivalent to that in the EU.

The ECB concluded a new supervisory MoU with the Banco Central de la República Argentina. In addition to the regular and structured dialogue with authorities such as the UK Prudential Regulation Authority and the Federal Reserve System, the ECB also hosted several topical and bilateral meetings and organised capacity-building initiatives with the banking supervisory authorities from other non-EU countries to discuss issues of common concern, including the supervision of financial conglomerates, climate-related financial risks, the digital transformation and operational resilience.

In 2025 the ECB further strengthened its cooperation with non-EU prudential supervisors on the use of supervisory technology. This included co-chairing the BIS Innovation Network working group on SupTech, RegTech and Monetary Policy Tech with the Bank of England, which is exploring the use of large language models and promoting a global innovation ecosystem. The ECB also deepened its long-standing collaboration with the Monetary Authority of Singapore through substantive knowledge exchanges.

4.1.1.3 Cooperation with national market conduct authorities and other sectoral supervisors

The ECB cooperates with national market authorities in line with EU law and exchanges information about significant banking groups’ operations in markets in financial instruments. Specifically, the ECB has concluded bilateral MoUs with the national market authorities of six countries participating in European banking supervision. There was greater information exchange with these authorities in 2025 in response to an increased number of mergers, acquisitions and other consolidation transactions involving significant institutions and to market developments that required coordinated supervisory measures.

As the designated coordinator for significant banking-led groups identified as financial conglomerates, the ECB strengthened its collaboration with the European Insurance and Occupational Pensions Authority and the relevant competent authorities responsible for supervising regulated entities – mostly outside the banking sector – within these conglomerates. Adopting coordination arrangements with relevant competent authorities helped improve and expand Financial Conglomerate Colleges, with the annual college meetings serving as an important platform for information exchange between these authorities.

4.1.1.4 The ECB’s involvement in anti-money laundering

The supervision of credit and financial institutions in the area of anti-money laundering and combating the financing of terrorism (AML/CFT) falls under the remit of AML/CFT supervisors, including the newly established EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). Prudential and AML/CFT authorities collaborate closely to fulfil their respective mandates.

As a prudential supervisor, the ECB has shared the lessons learned from the creation of the Single Supervisory Mechanism (SSM) with AMLA, including through its participation in the AMLA task force. The conclusion of an MoU between the ECB and AMLA on 27 June 2025, as foreseen under Article 92(3) of the AMLA Regulation, was a milestone in setting out how the two organisations are to collaborate and exchange information.

As in previous years, the ECB reflected the prudential implications of money laundering and terrorist financing risks in its supervision^[55] and supported policy preparations for AMLA. The ECB contributed to AML/CFT regulatory developments and advocated for a legislative framework that enables effective cooperation and information exchange among financial AML/CFT supervisors and the relevant non-AML/CFT authorities.

In 2025 the ECB also continued to exchange supervisory information with AML/CFT authorities. This included participating as an observer in 66 AML/CFT colleges established for significant institutions,^[56] exchanging information via these colleges as well as through other channels, and reporting material AML/CFT-related weaknesses to the EBA’s central database, EuReCa.

Additionally, the ECB participated as an observer in the EBA’s Standing Committee on AML/CFT and AMLA’s General Board in its supervisory composition. In parallel, the ECB contributed to the preparatory work led by the EBA and AMLA to draft regulatory technical standards and guidelines under the new AML/CFT framework.

4.1.1.5 The ECB’s role in the oversight of critical third-party providers following the introduction of the Digital Operational Resilience Act

The Digital Operational Resilience Act (DORA) introduced a comprehensive oversight framework^[57] for critical third-party service providers (CTPPs) of information and communications technology (ICT). The oversight framework covers the 19 CTPPs^[58] designated by the European Supervisory Authorities. The lead overseer – one of the three supervisory authorities – conducts all off-site and on-site oversight activities, assisted by joint examination teams. The lead overseer can issue recommendations to the CTPPs based on these activities.

In 2025 ECB Banking Supervision supported the set-up of the oversight framework. Since the start of operations in January 2026, it has contributed 21 experts to the joint examination teams. In addition, the ECB will also ensure that supervised institutions making use of the services of the CTPPs appropriately address the specific risks identified in the recommendations.

Oversight of CTPPs strengthens digital operational resilience across the EU financial sector. It complements, rather than substitutes, sound third-party risk management by institutions and the ECB’s related supervisory activities. Credit institutions and other financial entities remain fully responsible for managing all aspects of ICT risk.

4.1.1.6 IMF Financial Sector Assessment Programs

The Financial Sector Assessment Programs (FSAPs) of the International Monetary Fund (IMF) are comprehensive in-depth assessments of a country’s financial sector.

In 2025 the IMF concluded the second FSAP for the euro area (see Box 3). The FSAP included a fully fledged assessment of how the supervisory practices of the SSM align with the Basel Core Principles (BCP). This was the first assessment to be based on the revised BCP methodology (see Box 3). Follow-up work on implementing the FSAP recommendations will be undertaken in the coming years.

In 2025 the IMF concluded the national FSAPs for France and Slovakia and launched FSAP exercises for Austria, Greece, Italy and Portugal. National FSAPs assess non-banking topics, such as domestic insurance and macroprudential frameworks, and entail a holistic assessment of banking issues, especially those that fall within the remit of national authorities supervising less significant institutions or aspects related to AML/CFT, while taking into account that further work is needed to complete the banking union.

ECB Banking Supervision is also involved in the national IMF Article IV consultations covering countries participating in European banking supervision. It provides input to the IMF teams on microprudential and macroprudential issues, in line with the ECB’s tasks in these areas.

4.2 Contribution to developing the European and international regulatory framework

4.2.1 Contributing to the work of the Financial Stability Board

As a member of the Plenary of the Financial Stability Board (FSB), ECB Banking Supervision actively participated in the activities of the Standing Committee on Supervisory and Regulatory Cooperation, the Standing Committee on Standards Implementation, the Resolution Steering Group and the Regional Consultative Group for Europe, as well as several of their substructures. ECB Banking Supervision played an integral role in advancing various FSB initiatives of strategic importance, most notably the FSB roadmap for addressing financial risks from climate change, work on standardising cyber and operational incident reporting (the Format for Incident Reporting Exchange) and the thematic peer review of crypto-assets. In addition, ECB Banking Supervision continued to support the FSB’s work on defining the regulatory perimeter and evaluating the potential opportunities and risks posed by financial innovation.

4.2.2 Contributing to the Basel process

As a member of the Basel Committee on Banking Supervision, ECB Banking Supervision provided a European perspective on the Committee’s work and played an active role in discussions on how to further strengthen the regulation and supervision of banks.

ECB Banking Supervision contributed to the work of the Basel Committee’s substructures, co-chairing both the Task Force on Climate-related Financial Risks and the Policy and Standards Group. Key achievements of these substructures include the publication of the framework for the voluntary disclosure of climate-related financial risk and the principles for the sound management of third-party risk as well as the launch of a consultation on a new standard format for machine-readable Pillar 3 disclosures.

In addition, ECB Banking Supervision led the drafting of a literature review on supervisory effectiveness in the context of the Basel Committee’s follow-up work on the banking turmoil of 2023.

Moreover, in December 2025, the ECB hosted a joint conference with the Research Group of the Basel Committee on Banking Supervision and the Centre for Economic Policy Research on technological innovations in financial markets and the risks and opportunities for banking and regulation.

Lastly, the ECB has been a vocal supporter of the international implementation of the Basel agreement, which provides strong guardrails for a resilient global banking sector. These common standards are the foundation for a level playing field and ensure that banks are able to provide credit and liquidity also in times of stress.

4.2.3 Contributing to the work of the European Banking Authority and European policymaking

In 2025 ECB Banking Supervision continued to work closely with the EBA to help it develop the Single Rule Book, promote consistent supervision across the EU banking sector and foster the safety and soundness of credit institutions and the stability of the financial system.

The ECB and the EBA worked together to develop the methodology, templates and scenarios for the 2025 EU-wide stress test, the results of which were published on 1 August 2025. In this context, the ECB also contributed to discussions on long-term strategies and the development of centralised credit risk models for future EU-wide stress tests.

As part of the EU-wide simplification efforts, the ECB participated in the EBA Task Force on the Efficiency of the Regulatory and Supervisory Framework. In its assessment, the task force identified four key areas for improvement: (i) the production of Level 2 and Level 3 regulatory products, (ii) the reporting burden for financial institutions, (iii) the EBA’s role in shaping the EU prudential regulatory framework, and (iv) internal working arrangements. It also proposed measures to enhance efficiency over different time horizons: by the end of 2025 (immediate), by the end of 2026 (short term), and beyond 2026 (medium-long term). The outcomes of the task force’s assessment and its recommendations were presented in the Report on the efficiency of the regulatory and supervisory framework and the EBA’s Work programme 2026.

In the context of the Basel III reforms, the ECB contributed to drafting technical standards to implement disclosure requirements for output floors, credit risk, market risk, credit valuation adjustment risk, operational risk, and transitional disclosures on exposures to crypto-assets.

The ECB participated in the public consultation on amended disclosure requirements for ESG risks, equity exposures and aggregate exposures to shadow banking entities under the European Commission’s Implementing Regulation on Pillar 3 disclosures under CRR III, and the public consultation on draft guidelines on the sound management of third-party risk.

Additionally, the ECB provided input for the EBA Report on white labelling, which was published on 14 October 2025.

The ECB also became an observer in the AI Board’s sub-group on AI in financial services, which will enable it to help shape future work on the cooperation between supervisors and relevant authorities under the AI Act.

5 Organisation of ECB Banking Supervision

5.1 ECB Banking Supervision staffing

5.1.1 Hiring

ECB Banking Supervision generally advertises vacant positions internally first, except for entry-level positions, which are advertised on the external market. In 2025 ECB Banking Supervision hired 22 candidates from external campaigns for longer-term positions.

Chart 7

Number of appointments per staff group in 2025

5.1.2 Swap programmes

The ECB encourages staff swaps with partner EU organisations. Interinstitutional exchanges with the European Insurance and Occupational Pensions Authority, the Single Resolution Board, the European Securities and Markets Authority and the European Investment Bank have offered staff members the chance to work in different organisational settings, broaden their skill sets and deepen cooperation across the European financial supervisory system.

5.1.3 Capability building

ECB Banking Supervision periodically assesses its readiness for supervisory tasks and updates its capability building plan to prioritise talent development in areas with lower preparedness. In 2025 it focused on supervisory tasks related to IT outsourcing, IT security, cyber risks and the ECB’s mandate under the Digital Operational Resilience Act.

The ECB further developed its training offer across all areas of banking supervision. It enhanced the SSM Induction Programme by introducing a dedicated newcomers’ section on SSMnet. The second edition of the SSM Foundation Programme finished in June 2025, which provided supervisors with a consistent level of technical knowledge. New learning paths on virtual assets and geopolitical risks were also introduced to reflect the importance of these supervisory topics. Lastly, the SSM digital learning path was enhanced to train supervisors, developers and leaders in AI, IT risk supervision and digitalisation (see Section 5.2.1).

In 2026 training in prioritised risk areas such as credit risk, IT/operational risk and geopolitical risk will incorporate the latest developments in banking supervision to reflect core and emerging trends and challenges.

5.1.4 Diversity and inclusion

ECB Banking Supervision strives to create a working culture that harnesses the power of diversity and inclusion and enables every colleague to bring their unique perspectives and contribute authentically to the organisation. As part of this vision, achieving gender balance remains a key strategic priority. In ECB Banking Supervision, 43% of employees and trainees are women. The share of women varies across the levels of hierarchy. Women account for 47% of staff at analyst level and 44% at expert level. The share is 33% at both the team lead level and the management level, while 37% of senior management roles are held by women. The ECB will continue to strengthen its efforts to achieve gender balance.

Figure 1

ECB Banking Supervision workforce in figures

5.2 Technology, innovation and data reporting framework

5.2.1 Developments in supervisory technology

In 2025 ECB Banking Supervision further advanced its use of technology in line with the SSM tech strategy for 2024-28, which seeks to support risk-based supervision, strengthen data capabilities and foster a digital culture. There was significant progress in three areas: core supervisory systems were upgraded, new AI-driven innovations were introduced, and processes were simplified to reduce complexity for supervisors and banks.

There were major upgrades to IMAS, the core IT system used by all supervisors across European banking supervision. These improvements strengthened supervisors’ ability to oversee ICT and cyber risks in alignment with DORA and enhanced the ICT incident reporting process. In IMAS, a new tiered approach to supervisory measures allows supervisors to prioritise severe findings while simplifying the handling of less critical ones. Also, banks can now manage follow-up actions digitally through the SSM portal and confirm online that they have remediated the issue. This reduces the administrative burden for banks and supervisors, as minor findings can be closed more quickly, and ensures the follow-up is more risk-based and proportionate.

New analytical and AI-driven tools were also introduced. Athena, the textual analysis platform, was upgraded with large language models, meaning supervisors can use advanced AI to analyse and summarise text and retrieve information. A broad set of AI assistants are also being developed, with assistants for data queries and document reviews already available. In addition, Navi, the network analytics platform, is being used to assess risks and contagion channels amid heightened geopolitical uncertainty.

These innovations expand the analytical toolkit, providing faster access to information, improving the consistency of supervisory analysis and allowing supervisors to focus on judgement-based decisions.

As part of the ECB’s ongoing efforts to simplify and harmonise interactions between banks and supervisors, the SSM portal project started to consolidate existing submission and communication channels. The SSM portal will merge the current IMAS portal and the external Stress Test Account Reporting platform (STAR) portal into a single channel and further integrate it with the Centralised Submission Platform (CASPER). The SSM portal will deliver a unified platform for data exchange, status tracking and supervisory dialogue. This will streamline workflows for banks and supervisors alike and pave the way for more seamless, secure and transparent interactions with the banking industry.

Beyond technology, ECB Banking Supervision continued to invest in a digital culture and skills through training and communities of practice to support the use of new technologies. It also engaged with the banking industry through the Supervision Innovators Conference. The annual conference brought together around 1,200 participants from the banking industry, supervision and technology to discuss the responsible adoption of AI in supervision under the theme “AI in action”.

In 2025 the ECB also launched the next-level supervision project (see Section 1.3.2), including initiatives to further digitalise end-to-end supervisory processes and promote more efficient, effective and risk-based supervision.

5.2.2 Developments in the data reporting framework

In 2025 the ECB and NCAs finished implementing the updated EBA reporting framework, which reflects new requirements stemming from CRR III and CRD VI. The associated methodological changes have been captured in the ECB’s quarterly supervisory banking statistics starting from the reference period covering the first quarter of 2025. These methodological changes primarily affect the calculation of the total risk exposure amount and its components across credit, market and operational risk. Moreover, as part of its commitment to improve communication and innovation, the ECB enhanced its quarterly supervisory banking statistics by presenting them as interactive reports for the first time, giving users greater flexibility and customisation options.

In addition to the EBA supervisory reporting, supervisors request ad hoc information from banks to monitor emerging risks. The ECB maintains a database of these data requests in order to manage the reporting burden and to help streamline reporting requirements as part of its next-level supervision project (see Section 1.3.2). The database will soon cover data collections addressed to LSIs and, in collaboration with the EBA, collections launched in EU countries not participating in the Single Supervisory Mechanism. As part of its ongoing efforts to reduce reporting costs, the ECB completed a thematic assessment of data collections on banks’ business models and capital adequacy. This led to a reduction in the reviewed data points, greater standardisation and the introduction of stronger discipline and accountability principles for requestors when making new data requests.

In June 2025, the ECB started to collect explanations from the supervised entities about the nature of and the root causes behind any significant revisions to their supervisory reports within the scope of the EBA’s implementing technical standards (ITS). The methodology for identifying these revisions draws on insights gained from a pilot exercise conducted by the ECB in 2023. The methodology was developed in 2024 and shared with the significant institutions, which are expected to implement it internally.

In 2025 the ECB shared its annual Management report on data governance and data quality with banks (see Section 1.2.3.2). The report, which comprises a set of quantitative indicators and a questionnaire for banks, aims to increase management body accountability. It also helps supervisors and banks identify and address deficiencies in risk data aggregation and risk reporting. The report notes that previously identified deficiencies in data quality persist. These mainly stem from reporting requirements being misinterpreted, issues with internal IT systems or external software providers, and operational or human errors.

In February 2025, the ECB set up a new communication channel which allows it to monitor and engage directly with significant institutions to resolve quality issues in ITS data. Interactions are now channelled via ASTRA, the ECB’s platform for exchanging document-based information and communication with its external counterparts. NCAs retain full access, ensuring transparency and joint participation throughout the process.

Lastly, in 2025 the ECB performed its annual reconciliation exercise between selected Pillar 3 disclosures and supervisory reporting. This exercise led to substantial improvements in data consistency and quality. The extracted data were published on the ECB’s supervisory banking statistics web page together with a note highlighting the key results. The 2025 exercise focused on automating processes, which will make it possible to expand the scope of the reconciliation exercise once the EBA Pillar 3 data hub goes live.

6 ECB Banking Supervision governance

6.1 Accountability requirements

This Annual Report constitutes one of the main accountability channels for ECB Banking Supervision vis-à-vis the European Parliament and the Council of the European Union, as stipulated by the SSM Regulation. The Regulation provides that the ECB’s supervisory tasks are subject to appropriate transparency and accountability requirements. The ECB attaches great importance to maintaining and fully applying the accountability framework that is set out in further detail in the Interinstitutional Agreement between the European Parliament and the ECB and in the Memorandum of Understanding between the Council of the EU and the ECB. Over the years, the ECB has broadened its interactions with the European Parliament beyond the requirements of the Interinstitutional Agreement, emphasising the ECB’s commitment to accountability.

In 2025 the Chair of the Supervisory Board appeared before the European Parliament’s Committee on Economic and Monetary Affairs in three regular public hearings. In her public hearing on 27 March, the Chair presented the ECB Annual Report on supervisory activities 2024. The other two regular public hearings took place on 15 July and 13 October. The discussions focused on challenges for banks, macroeconomic uncertainty, digitalisation, geopolitical risk and the results of the 2025 stress test. The Chair also described the recent efforts to strengthen and simplify supervision. Other topics included the regulatory framework and the legislative files to complete the banking union, namely the review of the bank crisis management and deposit insurance framework and the European deposit insurance scheme.

In 2025 the Chair of the Supervisory Board responded to six written questions from Members of the European Parliament (MEPs) on banking supervision-related matters. All the letters of reply were published on the ECB’s banking supervision website. The letters covered financial stability considerations in the assessment of bank acquisitions, consumer protection, institutional protection schemes and the implications of a digital euro for the banking sector.^[62]

In line with the Interinstitutional Agreement, the ECB also made the records of the proceedings of its Supervisory Board meetings and the summaries of Supervisory Board seminars available to the European Parliament.

In addition, to further strengthen the dialogue with the European Parliament, ECB Banking Supervision responded to the comments and suggestions provided by the European Parliament in its Resolution on banking union – annual report 2024. In its feedback, the ECB commented on developments in the banking sector and on legislative files relevant to banking supervision. Topics included bank resilience, the regulatory framework and completing the banking union.

With regard to interactions with the Council of the EU in 2025, the Chair of the Supervisory Board participated in two exchanges of views with the Eurogroup, on 12 May and 12 November. Among other regulatory topics, the Chair discussed the role of solid supervision and regulation in strengthening the resilience of the euro area banking sector amid heightened geopolitical risks; tools to test resilience, such as stress testing; and ways to enhance supervisory efficiency and effectiveness.

6.2 Transparency and communication

In 2025 ECB Banking Supervision followed high standards of transparency and communication to explain and inform stakeholders about its supervisory activities through various channels and products. ECB Banking Supervision used transparent and clear communication to help the public understand the push to make its supervision more effective, efficient and risk-based.

In 2025 the Chair and Vice-Chair of the Supervisory Board gave 23 speeches, while the ECB representatives to the Supervisory Board delivered 18 speeches. Together, they gave 14 interviews and published 14 blog posts. The Chair and Vice-Chair also held a press conference on the results of the 2025 Supervisory Review and Evaluation Process (SREP). ECB Banking Supervision released two podcast episodes and published 23 press releases, as well as other items such as letters to MEPs, guidance to banks and supervisory statistics. The quarterly Supervision Newsletter, a digital publication with more than 11,000 subscribers, provided information and updates on ongoing supervisory projects and findings. The ECB also highlights relevant banking supervision topics on its social media channels, using quizzes and explainers to describe basic concepts to younger audiences.

A key focus of the ECB’s communications in 2025 was to provide details on how the ECB was incorporating geopolitical risk into its work and what it expected from banks in terms of identifying and managing this risk (see Section 1.2.2). The ECB’s communications explained the supervisory reform agenda, which was outlined in a comprehensive report that complemented the recommendations made by the ECB’s High-Level Task Force on Simplification (see Section 1.3).

To foster dialogue with market analysts and industry professionals, the ECB held two meetings of the Banking Supervision Market Contact Group and hosted the sixth ECB Forum on Banking Supervision. Discussions at these events focused on the risk outlook for the euro area banking sector, interlinkages between banks and the non-bank financial sector, and geoeconomic risks and their impact on regulation and banks’ strategies. In addition, when visiting the national competent authorities of 12 countries, the Chair of the Supervisory Board also met with domestic bank executives and representatives from civil society organisations.

In 2025 the ECB addressed 915 public enquiries related to banking supervision topics in addition to daily media queries. These enquiries covered various aspects of ECB Banking Supervision, including stress testing, cyber resilience, operational risks, banking licences and authorisations, supervisory policies and frameworks, and bank resolution. In the Visitor Centre, the ECB held lectures on banking supervision for 688 attendees and introduced 14,860 visitors to its key tasks.

6.3 Decision-making

6.3.1 Meetings and decisions of the Supervisory Board and Steering Committee

The ECB’s Supervisory Board met 16 times in 2025. Four meetings were held in Frankfurt am Main and one in Malta. The other meetings were held via videoconference.

In addition, upon invitation by Finantsinspektsioon, the Supervisory Board held a strategic retreat in Tallinn in October 2025.

The Steering Committee^[63] of the Supervisory Board held six meetings in 2025, all of which were held via videoconference.

In 2025 the ECB took 2,549 supervisory decisions^[64] concerning specific supervised entities (Figure 2). Of these, 1,395 decisions were adopted by the ECB heads of work units in line with the general framework for delegating decision-making powers for legal instruments related to supervisory tasks. 1,154 decisions were adopted by the Governing Council under the non-objection procedure on the basis of a draft proposal of the Supervisory Board. These numbers include 128 operations (such as the establishment of branches) that the ECB implicitly approved by not objecting within the legal deadlines.

The bulk of the supervisory decisions were related to fit and proper assessments (48.8%), own funds (11.2%), internal models (8.1%), common procedures (7.7%), supervisory reporting (7.5%), national powers (6.8%) and the SREP (4.0%).

In addition to the bank-specific final draft decisions submitted to the Governing Council for adoption, the Supervisory Board decided on several horizontal issues. Most notably, these decisions related to efficient and effective supervision, addressing the impact of geopolitical risks on banks, the 2025 ECB stress test exercise, the implementation of the Digital Operational Resilience Act in the supervisory framework, strengthening the supervisory assessment of credit risk, climate-related and environmental issues, the SREP reform, the evolving supervision of internal models following new developments in regulation, and the preliminary proposal for the supervisory priorities for 2026-28. Some of these decisions were prepared by temporary structures mandated by the Supervisory Board. These structures comprised representatives from the ECB and the national competent authorities who carried out preparatory work on the relevant topics.

Moreover, some decisions by the Supervisory Board resulted in public guides, reports and reviews, such as the ECB Guide on outsourcing cloud services to cloud service providers, the update to the ECB Guide on options and discretions available in Union law, and the revised ECB Guide to internal models.

The Supervisory Board took most of its decisions by written procedure.^[65]

Of the 113 banking groups directly supervised by the ECB as of January 2025, 32 asked to receive formal ECB decisions in an EU official language other than English.

Figure 2

Decisions by the Supervisory Board in 2025

6.3.2 Activities of the Administrative Board of Review

The Administrative Board of Review (ABoR) is an ECB body comprising members who are individually and collectively independent from the ECB and are entrusted with the task of reviewing ECB decisions on supervisory matters upon an admissible request for review.

The ABoR held 35 meetings in 2025, of which 31 were virtual and four were in person, including an external meeting in Helsinki, Finland.

In 2025 the ABoR delivered opinions on five requests for an administrative review of ECB supervisory decisions (Table 10). One request was related to classifying the applicants as significant supervised entities. The second request concerned issues related to the ECB’s power to adopt supervisory measures based on national law. In the three other requests, the applicants challenged ECB decisions in the area of sanctions and enforcement. In all these cases, after hearing the applicants, the ABoR proposed to the Supervisory Board that the ECB decision be replaced with a decision of identical content.

The Chair of the ABoR presented its activities at two legal conferences in 2025. The Chair spoke about the ABoR providing a pragmatic and discreet appeal route at the SSM Senior Forum organised by A&O Shearman in June and at the 11th Banking Union Conference organised by Freshfields in cooperation with the Institute for Law and Finance and the Center for Financial Studies of Goethe Universität Frankfurt in September.

In 2025 the ABoR was chaired by Pentti Hakkarainen. Its other members were Ilias Plaskovitis (Vice-Chair), Edouard Fernandez-Bollo, Christiane Campill and Verica Trstenjak. Damir Odak was an alternate member. The current composition of the ABoR and the CVs of its members can be viewed on the ECB’s ABoR web page.

6.4 Implementing the code of conduct

In accordance with Article 19(3) of the SSM Regulation, the ECB has established an ethics framework for high-level ECB officials, management and staff. It comprises the Code of Conduct for high-level ECB officials, a dedicated chapter in the ECB Staff Rules and the Guideline laying down the principles of the Ethics Framework for the Single Supervisory Mechanism. The implementation and further development of the framework is supported by the ECB Ethics Committee, the Compliance and Governance Office (CGO) and the Ethics and Compliance Committee.

In line with its mandate, the Ethics Committee carries out a yearly assessment of the Supervisory Board members’ declarations of interests. These declarations are published on the accountability web page of the ECB’s banking supervision website. The Committee also responds to requests for advice submitted by high-level ECB officials involved in banking supervision and, in this context, issued 18 opinions, most of which concerned notifications of post-employment activities. Opinions of the Ethics Committee are typically published on the ECB’s website six months after the date they are issued. In 2025 the procedure for submitting the declarations of interests of high-level officials was digitalised, making processing more efficient and effective.

The CGO continued its digitalisation efforts in 2025 and upgraded its internal tools to provide staff with ethical advice in a faster and more user-friendly way. There were 3,532 requests requiring CGO staff input in 2025, compared with 3,070 in 2024. Approximately 41% of the requests for advice were submitted by ECB Banking Supervision staff.

Chart 8

Overview of requests received from ECB Banking Supervision staff in 2025

(number of requests)

In addition to welcome sessions delivered to newcomers, training courses and the mandatory e-learning programmes, the CGO organised information campaigns on the ethics framework. The 2025 Ethics Awareness Season for all staff members, which took place around Global Ethics Day, featured ethics awareness stands and refresher sessions on the rules applying to private financial transactions. In 2025 the CGO also organised specialised training on conflicts of interest for on-site inspectors from the ECB and the national competent authorities. These sessions focused on strengthening awareness of ethical rules within European banking supervision.

To avoid “revolving door” situations, the CGO assessed possible conflicts of interest arising from staff members considering job offers from the private sector, advised on the applicable rules and imposed mitigating measures, as appropriate. Of the staff resignations in 2025, one case triggered a temporary prohibition on taking up another occupational activity in line with the ethics framework. In six cases, additional safeguarding measures, such as reassigning tasks, transferring staff to other positions and/or cutting access rights, were imposed to avoid a revolving door situation, essentially internalising the cooling-off period.

The CGO organised its annual compliance monitoring exercise on staff members’ and high-level ECB officials’ private financial transactions. As in previous years, this exercise only identified a limited number of instances of non-compliance, of which approximately 55% were related to ECB Banking Supervision staff. None of these instances involved intentional misconduct or other serious cases of non-compliance.

The Ethics and Compliance Committee, the Eurosystem and the SSM-wide forum for collaboration on ethics and integrity matters established a dedicated task force on ethics and artificial intelligence (AI). Through this initiative, the Committee developed non-binding guiding principles aimed at fostering the ethical and responsible design and use of AI systems and providing practical guidance for institutions across the Eurosystem and European banking supervision. In line with its commitment to promoting awareness of ethics and integrity, and based on input provided by a working group, the Committee organised a Eurosystem/SSM ethics challenge knowledge quiz as well as a speaker session on ethics, public trust and human behaviour from a behavioural science perspective. Participation in both initiatives was high and there was active engagement by institutions across the Eurosystem and European banking supervision.

6.5 Principle of separation between monetary policy and supervisory tasks

In 2025 the principle of separation between monetary policy and supervisory tasks was mainly applied to the exchange of information between different policy areas.

In line with Decision ECB/2014/39 on the implementation of separation between the monetary policy and supervision functions of the ECB^[66], this exchange of information was subject to a need-to-know requirement: each policy function had to demonstrate that the information it was requesting from the other policy function was necessary to achieve its policy goals.

Under Decision ECB/2014/39, Executive Board approval is required for the exchange of non-anonymised common reporting (COREP) and financial reporting (FINREP) data, other raw data, and information containing assessments or policy recommendations. The business areas of the ECB’s two policy functions exchanged such data under the framework approved and periodically reviewed by the Executive Board.

Where the requested information pertained to anonymised data or non-policy sensitive information, access to confidential information was granted directly by the ECB policy function that owned the information, in line with Decision ECB/2014/39.

In view of the heightened geopolitical tensions, in 2025 the emergency provision in Article 8 of Decision ECB/2014/39 was activated to allow a time-limited exchange of information between the monetary policy and supervision functions.

Separation at the decision-making level did not raise concerns and no intervention by the Mediation Panel was required.

7 Reporting on budgetary consumption

The SSM Regulation requires the ECB to dedicate adequate resources to carrying out its supervisory tasks effectively. These resources are financed through a supervisory fee borne by the entities subject to direct and indirect supervision by the ECB. The ECB makes every effort to reprioritise and optimise its resources to ensure that the supervisory function can perform its tasks in a changing environment, thus improving its effectiveness and containing its planned costs in line with the cost stabilisation commitment of the whole organisation.

The expenditure incurred for supervisory tasks is separately identifiable within the ECB’s budget. The expenditure incurred consists of the direct expenses of the ECB’s supervisory function. The supervisory function also relies on shared services provided by the ECB’s support business areas^[67]. As the ECB is committed to rigorously pursuing efficiency improvements, it routinely refines the cost allocation mechanisms to ensure an accurate allocation of costs that reflects improved efficiency and evolving tasks across the institution.

The budgetary authority of the ECB is vested in its Governing Council. The Governing Council adopts the ECB’s annual budget, following a proposal by the Executive Board in consultation with the Chair and the Vice-Chair of the Supervisory Board for matters related to banking supervision. The Governing Council is assisted by the Budget Committee, which consists of members from all national central banks of the Eurosystem and the ECB. The Budget Committee assists the Governing Council by providing it with evaluations of the ECB’s reports on budget planning and monitoring.

7.1 Expenditure for 2025

In 2025 the actual annual expenditure on ECB supervisory tasks was €689.8 million, €14.0 million lower than the estimated expenditure of €703.8 million communicated in March 2025, reflecting a utilisation rate of planned expenditure on supervisory tasks of 98.0%.

The classifications provided in Table 11 are used to identify the split of the annual costs to be recovered through annual supervisory fees from supervised entities based on their supervisory status as significant or less significant in accordance with Article 8 of the Fees Regulation^[68].^[69]

Table 12 provides more granular information on the expenditure based on the activities performed.

In 2025 expenditure on supervisory tasks increased by 1.3% as compared with 2024. This €9.1 million year-on-year increase in total expenditure can be attributed to the biennial EU-wide stress tests which took place in 2025 (see Section 1.1.1), additional costs related to the new mandate from the Digital Operational Resilience Act (DORA) (see Sections 1.2.2.3 and 4.1.1.5) as well as continued investment in supervisory technology (see Section 5.2).

Increases in costs were offset by the reduction in the amortisation of the initial expenditure on the Information Management System (IMAS) and the Stress Test Account Reporting platform (STAR) at the start of European banking supervision. The amortisation charge, which was applied for the last time in 2025, decreased from €19.0 million in 2024 to €3.8 million in 2025. In addition, lower costs related to supervisory initiatives and shared services further offset the overall increase (Chart 9).

In addition to its internal resources, the ECB uses external consultancy services for specialised expertise or integrated consultancy under qualified guidance, particularly during peak workloads. In 2025 the ECB spent €37.1 million on consultancy services for core supervisory tasks, a decrease of €5.0 million as compared with 2024, mainly owing to lower external consultancy needs for supervisory initiatives and on-site inspections.

The split of costs between expenditure directly attributable to ECB supervisory tasks and expenditure for shared services remained broadly similar to the previous year (Chart 9).

Chart 9

Cost of ECB supervisory tasks by cost category

(EUR millions)

The directly attributable expenditure is composed of core supervisory staff costs, supervisory initiatives (including costs relating to asset quality reviews), expenditure on dedicated information technology and other operating expenditure such as business travel and training.

The total spending on directly attributable costs increased by €14.7 million in 2025 as compared with 2024, reflecting an increase of €30.4 million in staff-related costs that was offset by decreases in other cost categories. The increased costs mainly reflect the additional full-time equivalent positions approved by the Governing Council for (i) the biennial stress tests; (ii) finalising the internalisation of consultancy costs associated with on-site and internal model investigations; and (iii) the new mandate stemming from DORA, as well as additional staffing of projects dedicated to banking supervision whose costs are directly allocated in this category.

Notably, increases in spending on dedicated supervisory technology and the new mandate stemming from DORA were more than offset by the lower amortisation charge for IMAS and STAR of €15.2 million. In 2025 there was an increase in projects developing IT systems dedicated to banking supervision (including Project Olympus and the single supervisory cockpit), while spending on maintaining dedicated IT systems decreased compared with 2024. Expenditure on activities related to supervisory initiatives also decreased as compared with 2024, as only regular asset quality reviews took place.

Expenditure in the shared services category amounted to €264.6 million, encompassing services that are used by both the central banking function and the supervisory function.^[70] These costs are split between the two functions using a cost allocation mechanism applying industry standard metrics such as full-time equivalents, office space and number of translation requests.

Shared services costs decreased in 2025: lower costs associated with investments in IT hardware and services and ECB contributions to the European School Frankfurt reduced expenditure within the categories of information technology and human resources services.

These reductions were offset by increases in costs for premises and facilities resulting from the maintenance of two buildings in 2025^[71] as well as the launch of a long-term asset strategy related to the replacement of assets at the end of their life cycle. This strategy is expected to be completed in 2029. In addition, there was an increase in legal, audit and administrative services. This mainly resulted from an internal reorganisation of the ECB’s internal audit function, which was aimed at further strengthening the separation between supervisory and other ECB tasks within shared services.

7.2 Outlook for expenditure on ECB supervisory tasks in 2026

The 2026 planned budget ceiling for supervisory tasks stands at €706.7 million, an increase of €2.9 million compared with the 2025 planned budget (€703.8 million). The ECB’s budget is prepared taking into consideration expected tasks and balancing the principles of reprioritisation and resource optimisation to maintain the ECB’s commitment to cost stabilisation. Consistent with the trend seen in 2024 and 2025, the ECB anticipates close to full utilisation of the planned budget in 2026. This means there is less financial flexibility to react to exogenous factors that could arise during the budget period.

The 2026 estimate reflects the continued investment in supervisory technology and additional budget needs stemming from DORA. From January 2026, costs associated with the participation of ECB experts in joint examination teams involved in the oversight of critical ICT third-party providers (see Section 4.1.1.5) will be reimbursed by the lead overseer, so are not included in the ECB’s supervisory fees.

Furthermore, the recruiting patterns related to the biennial EU-wide stress tests have been adjusted, with the resources needed for preparatory tasks now budgeted for in non-stress test years. This change should help even out the impact of biennial headcount variations. The planned costs for 2026 do not contain any amortisation expenses for IMAS or STAR. Furthermore, cost increases are offset by reduced expenditure stemming from the ECB consolidating from three buildings to two.

The annual supervisory fee for 2026, to be levied in 2027, will be calculated only at the end of the 2026 fee period and will comprise the actual expenditure for the entire year 2026, adjusted for amounts reimbursed to or collected from individual banks for previous fee periods, late payment interest and non-collectable fees.

The ratio of the total amount to be levied on each category for 2026 is estimated to be 95.8% for significant institutions and 4.2% for less significant institutions.

7.3 Fees framework for 2025

7.3.1 Total amount to be levied for the fee period 2025

The annual supervisory fee to be levied for the fee period 2025 amounts to €690.0 million. This is almost completely composed of the actual annual expenditure for 2025, amounting to €689.8 million, with adjustments of €275,638 for (net) reimbursements to individual banks for previous fee periods and €30,444 for late payment interest received, amounting to an overall adjustment of €245,194.

The amount to be recovered through annual supervisory fees is split into two parts based on the status of the supervised entity as either significant or less significant and therefore on the extent of the ECB’s supervisory activities. Expenditure is allocated either to the significant or less significant institution in accordance with a methodology that is continuously reassessed based on the actual supervisory tasks performed. For 2025, the amounts levied for significant and less significant institutions represent 95.5% and 4.5% respectively of the total annual supervisory fee.

To put the ECB’s supervisory fees into perspective, they represent 0.16% of the total administrative expenses and depreciation of entities supervised, directly or indirectly, by the ECB^[72] (0.19% for significant entities and 0.04% for less significant entities).

7.3.2 Individual supervisory fees

At entity or group level, the fees are calculated according to a bank’s importance and risk profile using annual fee factors for the supervised entities.

More information on supervisory fees is available on the ECB’s banking supervision website.

7.4 Other income related to banking supervisory tasks

The ECB is entitled to impose administrative penalties on supervised entities for failure to comply with applicable EU banking law on prudential requirements (including ECB supervisory decisions). The related income is not taken into account in the calculation of the annual supervisory fees, nor are reimbursements of such penalties in the event that previous sanction decisions are amended or annulled. The related amounts are recorded in the ECB’s profit and loss account. In 2025 the income arising from penalties imposed on supervised entities amounted to €28.5 million.

8 Legal instruments adopted by the ECB

The legal instruments adopted by the ECB include regulations, decisions, guidelines, recommendations and instructions to national competent authorities. This section lists the legal instruments in the area of banking supervision that were adopted in 2025 by the ECB and published in the Official Journal of the European Union and on EUR-Lex. It covers legal instruments adopted pursuant to Article 4(3) of the SSM Regulation and other relevant legal instruments.

8.1 ECB regulations

ECB/2025/24
Regulation (EU) 2025/1520 of the European Central Bank of 15 July 2025 amending Regulation (EU) 2016/445 on the exercise of options and discretions available in Union law (ECB/2016/4) (ECB/2025/24) (OJ L, 2025/1520, 28.7.2025)

ECB/2025/31
Regulation (EU) 2025/1958 of the European Central Bank of 9 September 2025 amending Regulation (EU) 2015/534 on reporting of supervisory financial information (ECB/2015/13) (ECB/2025/31) (OJ L, 2025/1958, 17.10.2025)

8.2 ECB legal instruments other than regulations

ECB/2025/1
Decision (EU) 2025/94 of the European Central Bank of 10 January 2025 laying down the criteria for notifying supervisory decisions for the purpose of supervisory stress tests (ECB/2025/1) (OJ L, 2025/94, 16.1.2025)

ECB/2025/7
Decision (EU) 2025/451 of the European Central Bank of 21 February 2025 amending Decision (EU) 2024/461 on the reporting by national competent authorities to the European Central Bank of information on remuneration, gender pay gap, approved higher ratios and high earners for the purposes of benchmarking (ECB/2024/2) (ECB/2025/7) (OJ L, 2025/451, 6.3.2025)

ECB/2025/8
Decision (EU) 2025/507 of the European Central Bank of 7 March 2025 on the total amount of annual supervisory fees for 2024 (ECB/2025/8) (OJ L, 2025/507, 27.3.2025)

ECB/2025/10
Decision (EU) 2025/673 of the European Central Bank of 24 March 2025 amending Decision (EU) 2023/1681 on the provision to the European Central Bank of supervisory data reported to the national competent authorities by the supervised entities (ECB/2023/18) (ECB/2025/10) (OJ L, 2025/673, 4.4.2025)

ECB/2025/13
Decision (EU) 2025/873 of the European Central Bank of 24 April 2025 amending Decision (EU) 2022/1981 on the use of services of the European System of Central Banks by competent authorities (ECB/2022/33) (ECB/2025/13) (OJ L, 2025/873, 12.5.2025)

ECB/2025/14
Decision (EU) 2025/874 of the European Central Bank of 24 April 2025 amending Decision (EU) 2022/1982 on the use of services of the European System of Central Banks by competent authorities and by cooperating authorities (ECB/2022/34) (ECB/2025/14) (OJ L, 2025/874, 12.5.2025)

ECB/2025/25
Guideline (EU) 2025/1521 of the European Central Bank of 15 July 2025 amending Guideline (EU) 2017/697 on the exercise of options and discretions available in Union law by national competent authorities in relation to less significant institutions (ECB/2017/9) (ECB/2025/25) (OJ L, 2025/1521, 28.7.2025)

ECB/2025/26
Recommendation of the European Central Bank of 15 July 2025 amending Recommendation ECB/2017/10 on common specifications for the exercise of some options and discretions available in Union law by national competent authorities in relation to less significant institutions (ECB/2025/26) (OJ C, C/2025/4190, 28.7.2025)

ECB/2025/40
Guideline (EU) 2025/2595 of the European Central Bank of 10 December 2025 on the supervisory approach by national competent authorities to coverage of non-performing exposures held by less significant supervised entities (ECB/2025/40) (OJ L, 2025/2595, 19.12.2025)