Submit RFP
Submit RFP
Previous search terms

    SSM supervisory priorities 2025 - 2027

    What do the priorities mean for banks?
    Skyscraper with horizon

    December 2024

    On Tuesday 17 December, the European Central Bank (ECB) published its updated supervisory priorities for the years 2025 2027. As every year, this update is based on an extensive evaluation of the key risks and vulnerabilities confronting significant institutions under its direct supervision. It also takes into account the advancements achieved in addressing priorities from previous years, alongside the findings of the 2024 Supervisory Review and Evaluation Process (SREP), which were published on the same day. The ECB also published their methodologies for some elements of the SREP, continuing their recent move towards more transparency of their supervisory processes.

    As in prior years, the priorities begin with a positive tone – the ECB once again acknowledges that European banks are reporting strong capital and liquidity positions, that asset quality has continued to show resilience in the face of a challenging macro-financial environment, and that profitability has reached an all-time high since the inception of EU banking supervision.

    However, despite this resilience, the ECB emphasises the need for prudence, in particular given the persistently high geopolitical tensions and the resulting uncertainty surrounding the macroeconomic outlook. As in previous years, the ECB calls for banks to stay vigilant in the face of several emerging challenges, and to ensure that they regularly assess any implications that they could face due to such events. In light of this ‘cross-cutting nature of geopolitical shocks’ the ECB specifically highlights the requirement for a ‘holistic supervisory strategy’ going forward. It is clear that over the next few years the ECB will focus on supervised institutions’ ability to withstand these shocks.

    Building on this holistic strategy, the ECB calls for banks to further strengthen their efforts to address material shortcomings that have already been identified by supervisors in previous cycles. Unsurprisingly, risk data aggregation and risk reporting (RDARR) is called out specifically and once again the ECB points to expectations around full compliance with climate-related and environmental (C&E) risks as a priority. Looking towards future technological advances, the ECB underscores the importance of banks enhancing their digitalisation efforts and improving the management of risks associated with the adoption of new technologies.

    Against this background, the ECB priorities for 2025 – 2027 are threefold. Each addresses a specific set of prioritised vulnerabilities for which dedicated strategic objectives have been set and work programmes have been developed. KPMG professionals have summarised the three priorities, the associated vulnerabilities, plus the special focus on geopolitical risks that those three overarching priorities seek to address:

    Figure 1: ECB supervisory priorities for 2025 – 2027

    Source: ECB Banking Supervision, 2024

    A recurring theme across all three priorities is the ECB’s special focus on geopolitical risks - indeed, the first priority names this as a key factor. Specific examples identified in the first priority include deficiencies in credit risk management frameworks, operational resilience frameworks (in particular DORA compliance, IT outsourcing and IT security/cyber risks) and the specific incorporation of the management of geopolitical risks in supervisory priorities. This special focus will be assessed via a range of activities, especially with respect to the way in which it is captured within credit and operational risks by banks. The ECB also states that banks should expect this to be a key component of the 2025 EU-wide stress test.

    In the context of the second priority, the ECB has built upon previous years’ priorities to insist upon the remediation of persistent material shortcomings identified in the course of extensive supervisory scrutiny over the last few years. Two areas were specifically referenced (i) strategies and management of C&E risks and (ii) RDARR capabilities. Reiterating statements made throughout 2024 the ECB highlights its readiness to use all available escalation tools where necessary, and mentions specifically periodic penalty payments and use of sanctions for C&E risks and RDARR respectively.

    Lastly, the third priority echoes similar themes to prior year, focusing on strengthening digitalisation strategies and emerging challenges from the use of new technologies. Here the ECB recognises the need for banking supervisors to develop targeted strategies in order to better understand banks’ responses to many of these topics, including the use of AI.   

    What do the priorities mean for banks and what do KPMG professionals recommend?

    For each priority, the ECB has outlined its key supervisory activities that it intends to undertake for each vulnerability. KPMG Banking and Financial Services professionals offer the following recommendations for what banks can do now to meet ECB expectations for each priority are:

    Priority 1: Banks should strengthen their ability to withstand immediate macro-financial threats and severe geopolitical shocks resilience to immediate macro-financial and geopolitical shocks

    • Strengthen and reinforce procedures, policies and processes around the identification, analysis, monitoring and management of geopolitical risks for example by means of scenario analyses; ensure geopolitical risks are appropriately included in risk appetite frameworks.
    • Prepare for a targeted benchmarking exercise on risk appetite and risk culture focusing on reflecting the implication that geopolitical risks have for banks’ risk identification and risk appetite framework.
    • Ensure sufficient preparation for the 2025 EU-wide stress tests, in light of the ECB’s statement that geopolitical risks will be a key component, and that the exercise will include an exploratory scenario analysis assessing banks’ ability to model counterparty credit risk while under stress.
    • Continue to be prepared for the follow-up phase on the targeted review of IFRS 9, focused on overlays and coverage of novel risks (including geopolitical risks) and SME portfolios, as well as further OSIs on credit risk topics such as retail and CRE portfolios, including collateral valuations.
    • Focus on the implementation of DORA in the supervisory framework, alongside follow-up work on the findings from the 2024 cyber resilience stress test.
    • Get ready for collection of data on third party ICT providers with a view that the ECB understands the links between banks and providers, potentially identifying concentration risks and/or weaknesses in banks’ outsourcing arrangements. This could also include a targeted review on such frameworks.
    • Prepare for targeted OSIs on operational risk, DORA compliance and IT resilience.

    Priority 2: Banks should remedy persistent material shortcomings in an effective and timely manner

    • Be ready to demonstrate and actively monitor full alignment with supervisory expectations on a range of topics.
    • Assess ability to address reputational and litigation risks associated with C&E activities, and be ready for deep dives on a stand-alone basis. Targeted OSIs on C&E will continue on a stand-alone or as part of other on-site inspections (e.g.: credit risk, operational risk, business model).
    • Get ready and prepare documentation for the upcoming horizontal assessment of banks’ compliance with Pillar 3 disclosure requirements related to ESG risks.
    • Prepare documentation and adequate resources to respond to the annual questionnaire Production of the Management Report on Data Governance and Data Quality.
    • Assess progress with respect to persistent risk data aggregation and reporting deficiencies, especially with respect to the supervisory expectations related to the implementation of risk data aggregation and risk reporting principles based on the final publication in 2024. Banks should expect a continuation of the OSI campaign in the RDARR space, including the potential use of escalation tools where necessary. 

    Priority 3: Banks should strengthen their digitalisation strategies and tackle emerging challenges stemming from the use of new technologies  

    • Expect targeted deep-dives on digital transformation impacts on banks’ business models/strategies and risks on use of innovative technologies. This could include targeted OSIs on digital transformation, both from and IT and business model perspective.
    • Keep-in mind the 2024 publication of supervisory expectations and sharing of best practices on digital transformation strategies.

    Finally, the ECB has included a section that describes how they will continue other supervisory activities and follow-up on past priorities. All-in-all this publication has demonstrated the comprehensive way in which the ECB is approaching supervision over the next few years. In short, at a minimum, KPMG professionals would advise banks to analyse the priorities, identify the most challenging areas and the ones where supervisory activities have been already communicated as part of their supervisory examination plans and develop action plans to prepare themselves in advance. KPMG professionals take note that for the last years, the ECB has continued to escalate its willingness to use the full supervisory toolkit at its disposal, including the use of penalty payment and other sanctions where progress is not adequate. As in prior year, the Priorities 2025 2027 reinforce that this is the new normal – banks should focus on those persistent shortcomings in their own portfolios and employ strategies for swift and effective remediation.  

    Related content

    KPMG European Central Bank Office - Advisory Services

    KPMG ECB Office offers you information and solutions for dealing with the ECB supervisory approach under the Single Supervisory Mechanism (SSM).
    Read more
    city-view-with-tall-building-in-focus-at-riverbank-sun-blue-sky-and-bridge

    Subscribe to KPMG's "SSM Insights" newsletter

    Our KPMG ECB Office Newsletter provide news and insights into issues relating to the Single Supervisory Mechanism (SSM).

    Read more

    Our people

    henning dankenbring
    Dr. Henning Dankenbring

    Partner, Head of KPMG ECB Office

    KPMG in Germany

    Maureen Finglass
    Maureen Finglass

    Senior Manager, KPMG ECB Office

    KPMG in Germany

    Connect with us

    KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

    Contact us
    Two colleagues having a chat