Regulatory Outlook 2030

More than seven years after the publication of the final Basel III reforms ("Basel IV") by the Basel Committee in December 2017, the EU implementation came into force on 1 January 2025 in the form of CRR III. It is a decisive milestone in the further development of European banking regulation. At the same time, it represents a preliminary finalisation of the regulations on capital and risk management. The focus is on risk-weighted assets (RWA), particularly for credit and operational risks, as well as the output floor, which is intended to limit the relief effects of internal models.

• Following publication in the EU Official Journal in June 2024, many banks finalised their concepts and transferred them to technical implementation. After banks worked flat out to submit the initial notification, implementation is now entering a stabilisation phase. This phase includes optimising technical solutions,
• the elimination of manual workarounds and
• preparing for external audits - in particular annual audits and special supervisory audits.

From spring 2026, the focus will increasingly shift to the further development of CRR III implementation. Originally, a largely RWA-neutral transition was expected. However, initial surveys by the regulators (Quantitative Impact Study/Basel III Monitoring) show that The output floor in particular will lead to a significant increase in average core capital requirements in the European banking sector.

Although the burden will be extended until 2030 thanks to generous transitional provisions, it is already essential to integrate the effects into long-term capital planning. In particular, it is important to assess the consequences for product and borrower portfolios as well as risk-bearing capacity at an early stage.

A proactive analysis of the impact on capital costs and interest conditions is essential, especially for long-term financing - for example in the area of property financing.

Against this backdrop, institutions are already beginning to identify potential for optimising RWA and are planning to implement these successively after the stabilisation phase in order to meet regulatory requirements and ensure their long-term competitiveness.

At the same time, institutions are faced with a large number of new regulatory requirements introduced by the European Banking Authority (EBA) as part of CRR III. More than 140 level 2 mandates relate to key topics such as credit risk, market risk, ESG risks and governance. The EBA roadmap published in December 2023 sets out an ambitious implementation timeframe that will continuously present institutions with professional, procedural and technical challenges over the coming years.

The regulatory requirements for banks are evolving - and with them the reporting system. A fundamental reorganisation is imminent in the coming years: with the Integrated Reporting Framework (IReF), the European supervisory authority is creating the basis for a future-proof, data-based reporting system.

In concrete terms, this means that the reporting of aggregated data in predefined table formats, which is still common today, will be gradually replaced by granular data reporting. This will not only make the reporting system more flexible, but also more transparent and easier to analyse.

The starting signal will be given in 2029: IReF will then become mandatory throughout Europe. In a first step, this will primarily affect statistical reports: the statistics on the assets and liabilities of monetary financial institutions (Balance Sheet Items - BSI), the statistics on interest rates for deposits and loans in new business (Monetary Interest Rates - MIR), the statistics on securities holdings by sector (Securities Holdings Statistics by Sector - SHS-S) and the data set of granular credit information (Analytical Credit Datasets - AnaCredit). Both the frequency of the reports and the requirements for the level of detail are standardised for these areas.

IReF marks the start of a new chapter in cooperation between the supervisory authority and banks - one that focuses more strongly on technology, efficiency and standardisation.

Since 31 December 2022, large capital market-oriented institutions have been obliged to disclose ESG information every six months in accordance with the CRR. The ESG disclosure includes qualitative information on business strategy and risk management as well as quantitative information on transition and physical risks.

When CRR III came into force, the scope of ESG disclosure was extended to all institutions and an ESG reporting system was introduced. In addition to large, listed institutions, large non-listed institutions, other institutions and small and non-complex institutions (SNCIs) are now also required to make disclosures. While smaller institutions are subject to reduced reporting in line with the proportionality principle, existing requirements for large institutions have been specified and expanded to include new content - for example on physical risks by geographical location, emission intensities, fossil fuel sector exposures and NACE-based sector analyses. In addition, a further technical implementation standard on ESG reporting is expected, which will define reporting formats, frequencies and deadlines. In view of the methodological complexity and implications for data budgets, early preparation is crucial.

The new Pillar 3 Data Hub (P3DH) of the European Banking Authority (EBA) marks a further step towards digital and transparent banking supervision. In future, the platform will be the first point of contact for disclosures - standardised and directly analysable for third parties.

This will noticeably increase the requirements for institutions: In addition to the automation of data processes, the quality and plausibility of disclosures will also become more of a focus. In future, disclosures will no longer only have to be formally fulfilled - they will also have to pass the EBA's validation rules before publication is even possible.

Further EBA guidelines and technical standards are expected in 2025 - including on the resubmission policy and specific disclosure requirements for smaller institutions (SNCIs). The following therefore applies to banks: setting the right course today will give you a lasting advantage in tomorrow's regulatory environment.

With the increasing outsourcing of activities and processes and the procurement of information and communication technology services (ICT third-party services), the risks for banks and financial service providers are rising. The banking supervisory authorities are responding to this with a constantly growing regulatory framework - from the EBA guidelines on outsourcing to the Minimum Requirements for Risk Management (MaRisk) and the new EU regulation

DORA (Digital Operational Reporting Act). Third-party risk management (TPRM) is therefore not just an operational issue, but has long since become a strategic management issue as well.

The large number and complexity of third-party relationships require structured, risk-orientated management. In regulatory terms, a clear trend is emerging: a move away from selective individual requirements towards a holistic understanding of third-party management. The new EBA guideline on third party risk is currently being drafted. It is intended to replace the existing guideline on outsourcing and comprehensively address all forms of third-party relationships for the first time. With the finalisation of this guideline and its implementation in national supervisory law, further adjustments to existing processes and the further development of outsourcing and third party management are to be expected in the institutions.

As part of the new Implementing Technical Standards of the EBA (EBA ITS), the previously separate reporting formats of the EBA and the Single Resolution Board SRB will be transferred to a standardised data point model. The final reporting forms are expected to be published as part of the Data Point Model (DPM) 4.2 in September 2025. The reporting forms are to be applied for the first time on 31 December 2025. An early, structured evaluation of the revised reporting requirements is essential in order to enable full reporting capability based on existing technical solutions.

In addition to harmonising the SRB and EBA reporting formats, the focus is increasingly shifting to the data quality of existing reporting formats - particularly the MREL report (Minimum Requirement for Own Funds and Eligible Liabilities), as well as the testing and operationalisation of ad hoc reports as part of resolution planning. Due to the high complexity of the reports and the often short reporting frequency, early preparation is necessary, particularly with regard to technical implementation.