On Monday 12 December, the European Central Bank (ECB) released their update of the supervisory priorities for 2023-2025, which is based on a thorough assessment of the main risks and vulnerabilities faced by the significant institutions under its direct supervision, as well as considering the progress made on the 2022 priorities and the 2022 Supervisory Review and Evaluation Process (SREP). In a turbulent year, both geopolitically and economically, the ECB has understandably updated its three-year horizon to consider these new circumstances, which have “materially changed compared to last year”. Although they emphatically state that the previous year’s supervisory priorities and corresponding activities that were set out in 2022 still remain suitable, they acknowledge the need for “some adjustments” to tackle emerging risks from the conflict in Ukraine and high inflation.

With these new risks in mind, the ECB has incorporated the above points and finalised its risks and priorities exercise to again coordinate its supervisory activities over a medium-term time horizon i.e.: three years. Given the fast-changing geopolitical environment, we may assume that further tweaks will continue over the medium-term time horizon.

The ECB priorities for 2023-2025 are threefold; each priority is of equal importance and associated with an underlying high-level work programme to address identified vulnerabilities, as outlined within the priority along with an overview of the planned supervisory activities. We have summarised the three priorities below, along with the details for each of the identified vulnerabilities:

Figure 1: SSM priorities 2023–2025

SSM three priorities

Source: ECB Banking Supervision, 2022

Aside from expected priorities such as credit risk, in comparison to last year we see two new key areas of focus, namely on funding risks and on risk data aggregation and reporting. The ECB notes that many banks have a material reliance on TLTRO III funding and are subsequently more vulnerable to increases in market funding costs. The ECB will focus on these banks, as well as on a broader analysis of banks’ liquidity and fundings plans, aimed at identifying weak practices. The second new key area of focus is on risk data aggregation and reporting. It seems the ECB will refine and communicate supervisory expectations related to the implementation of these principles and will perform a horizonal analysis across banks with persistent shortcomings.

Moreover, banks can look forward to the announced publication of two further supervisory expectations on the topics of digital transformation strategies and banks’ governance arrangements and risk management.

What do the priorities mean for banks and what do KPMG professionals recommend?

In alignment with the above, the ECB has outlined its key supervisory activities that it intends to undertake for each vulnerability. Banks have been requested to do the following – and KPMG Banking and Financial Services professionals have included, per priority, some key recommendations on what they can do now:

Priority 1: Strengthen their resilience to immediate macro-financial and geopolitical shocks

  • Continue to closely follow remedial action plans to address gaps identified in the 2020 “Dear CEO” exercise, in particular regarding forbearance, unlikeliness-to-pay (UTP) and provisioning practices
  • Prepare for several additional targeted reviews, deep-dives and on-site inspections (OSIs) named by the ECB on the following: loan origination (focused on real estate); IFRS 9 (large corporates, small and medium-sized enterprises and retail portfolios, and commercial real estate); forbearance and UTP policies; and energy and commodity traders
  • Be prepared for additional scrutiny on areas highlighted in the 2022 SREP, namely institutions’ risk controls, classification of distressed borrowers and provisioning frameworks
  • Assess adequacy of the internal ratings-based (IRB) models, accounting models and credit risk management frameworks for material portfolios in vulnerable sectors.
  • Look to close outstanding gaps relative to expectations for leveraged loans
  • Evaluate how interest rate and credit spread assessments in both the trading and banking books are monitored and managed, especially in preparation of observing further episodes of high volatility and repricing in the financial markets
  • For banks with material reliance on TLTRO III financing, and thus more vulnerable to increases in market fundings costs, prepare for targeted reviews on this topic
  • Get ready to review – and, if needed, redevelop – liquidity and funding plans, identify weaknesses in advance of targeted OSIs on this topic and pro-actively discuss the follow-up with Joint Supervisory Teams (JSTs)

Priority 2: Address digitalisation challenges and strengthen management bodies’ steering capabilities

  • Prepare for the publication of supervisory expectations on digital transformation strategies as well as the outcome of the benchmarking in 2022
  • Be ready to discuss directly with the JST any weaknesses identified, and pro-actively manage resourcing to develop and carry out remedial actions based on these discussions and benchmarking
  • Further prepare for targeted OSIs on digital transformation which will combine both IT and business model aspects, as well as on outsourcing and cyber security management
  • Collect evidence for upcoming data collection of outsourcing registers, and analyse in particular significant concentrations in any third-party providers
  • Prepare documentation and review policies around management bodies’ collective suitability and diversity, in advance of the publication of supervisory expectations regarding banks’ governance arrangements and risk management
  • Assess progress with respect to persistent risk data aggregation and reporting deficiencies, and expect the refinement and communication of supervisory expectations related to the implementation of risk data aggregation and risk reporting principles
Priority 3: Step up their efforts in addressing climate change
  • Expect targeted deep-dives to follow up on remediation plans following the 2022 climate risk stress tests and thematic review
  • Keep-in mind new ITS reporting and Pillar 3 disclosure requirements related to climate risk and get prepared for benchmarking of these practices
  • For selected banks, prepare for deep-dives on reputational and litigation risks associated with climate-related and environmental strategies
  • Be aware that OSIs on climate-related aspects may now be stand-alone or within reviews of individual risks (e.g., credit, governance, business model)

In short, at a minimum we would advise banks to analyse the priorities, identify the most challenging areas and the ones most likely to be implemented in their supervisory examination plans and develop action plans to prepare themselves in advance. With the publication of new supervisory expectations for digitalisation, governance and risk data aggregation, and clear focus on persistent legacy issues at banks, the ECB is expecting banks to develop a more strategic and pre-emptive approach to many topics.


Mark Van Vugt

Partner, Financial Risk Management.

KPMG in the Netherlands

Maureen Finglass

Senior Manager, FS ECB Office

KPMG in Germany

We will keep you informed by email.
Enter your preferences here.