EUROPEAN COMMISSION

Strasbourg, 18.4.2023

COM(2023) 212 final

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the Single Supervisory Mechanism established pursuant to Regulation (EU) No 1024/2013

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the Single Supervisory Mechanism established pursuant to Regulation (EU) No 1024/2013

1. Introduction

1.1 Objectives of the report

The Single Supervisory Mechanism (SSM) was established in November 2014 as a key first step towards the Banking Union to ensure high-quality supervision of credit institutions in the EU, implement the EU’s policy on prudential supervision of credit institutions in a logical and effective manner, and to apply the single rulebook consistently. The SSM was conceived as an integrated architecture combining the European Central Bank (ECB) as supranational authority, and national competent authorities (NCAs) in the Member States that are part of the euro area and in the Member States that have entered a close cooperation agreement with the ECB.

The SSM’s functioning and responsibilities are based on the regulation that confers supervisory tasks on the ECB, Regulation (EU) No 1024/2013 (‘SSM Regulation’). This Regulation requires the Commission 1  to undertake a broad review of the overall application of the SSM Regulation every 3 years. The review aims to identify the potential impact on the smooth functioning of the internal market.

The first review was completed in 2017, and the Commission report was published in October 2017 2 . The second review was due in 2020 but was postponed until 2022 due to the COVID-19 pandemic and prioritisation of the work on the 2021 Banking Package. The Commission is now publishing its report on the second review.

1.2 Scope of the review

The review follows up on the findings of the 2017 SSM Review Report to assess whether the shortcomings identified at the time have been duly addressed. It also covers areas in scope of the mandate in Article 32 of the SSM Regulation that were not assessed during the 2017 review, as at that time, there was no sufficient information available to draw conclusions (for example, there were no cases of close cooperation agreements to examine). Moreover, the review focuses on specific high-priority developments and risks to the financial stability of the banking sector, namely:

·fit and proper assessment – an important supervision tool that represents the bulk of the decisions adopted by the ECB Governing Council in the area of banking supervision;

·risks linked to climate and environmental, social and governance (ESG) factors – climate change is taking an increasingly significant toll on the economy and could pose a major threat to financial stability in the coming years;

·money laundering and terrorist financing risks – high-priority item on the EU political agenda;

·third country groups in the post-Brexit context – the challenge for supervision deriving from a number of large third country banks establishing new subsidiaries in the EU;

·ICT and cyber risk – in light of the increased digitalisation of financial services and high geopolitical tensions.

The review process consisted of: (i) desk research; (ii) input from the SSM; (iii) informal interviews with all the NCAs participating in the SSM, as well as with the non-SSM EU NCAs; (iv) informal interviews with the European Banking Authority (EBA) and the Single Resolution Board (SRB); and (v) informal discussions with industry stakeholders.

As part of the desk research, the Commission team reviewed a number of publicly available documents, as well as documents provided by the ECB (for example guides, procedures and presentations). The team has also had numerous interactions with ECB staff throughout the process, including an on-site visit to the ECB.

Informal meetings with representatives of all 21 NCAs that are part of the SSM or have cooperation agreements with the SSM provided useful feedback on the overall state of play of the SSM as seen from the NCAs’ perspective, on SSM activities and on the priority areas covered by the review. Furthermore, informal meetings with representatives of the six EU NCAs that do not participate in the SSM were useful to hear their perspective on cooperation with the SSM.

The Commission also met with several industry organisations 3 to discuss their views on the functioning of the SSM and on the priority areas in scope of the review.

1.3 Main messages and structure of the report

The review leads the Commission to conclude that overall, the SSM is functioning well. It has become a mature, established supervisory authority that delivers on the objectives set out when it was created. It helps ensure that banks are well prepared and capitalised for economic and financial crises. It also provides good quality and proactive banking supervision, rapidly adapting to supervisory challenges, as shown during the COVID-19 crisis. Cooperation within the SSM between the ECB and the NCAs is working well. Equally positive is the feedback on how close cooperation is working.

The report is organised as follows: Section 2 offers a historical perspective on EU supervision and on the functioning of the SSM and its evolution towards a mature, established supervisory authority. Section 3 focuses on cooperation aspects, which are the cornerstone of the SSM. Section 4 examines the quality and effectiveness of the supervisory activity, particularly in light of the recent COVID-19 crisis, the war in Ukraine and emerging risks. Section 5 deals with the impact of the SSM on the functioning of the internal market. Finally, Section 6 summarises the conclusions of the review.

2. Historical perspective and follow-up from previous report

2.1 Overview

The start of the SSM in 2014 marked a significant change in how banking supervision would be conducted in the euro area. After the adoption of the SSM Regulation in 2013 and an asset quality review of significant banks in the euro area, in 2014, the ECB took up the responsibility to supervise credit institutions established in the Banking Union. It directly supervises significant institutions (SIs): as of 1 January 2023, this encompasses 111 banks in the countries participating in the Banking Union. Those directly supervised banks represent 82% of total banking assets in the participating countries 4 . Less significant institutions (LSIs) are supervised by NCAs, under the oversight of the ECB. In addition, the ECB is solely competent for all the decisions that need to be taken on common procedures applicable to both SIs and LSIs (such as authorisation and qualifying holdings). The ECB also retains the power to directly supervise any of the LSIs to ensure that high supervisory standards are applied consistently in the Banking Union 5 . This framework relies on a strong central body – ECB Banking Supervision – and on smooth coordination and cooperation between the ECB and the NCAs. 

The establishment of the SSM required a new governance structure and new processes and tools, as well as the development of a novel way of thinking about banking supervision. In the first few years, the ECB had to develop its own supervisory rulebook to implement high-quality supervisory practices.

In October 2020, the ECB introduced changes to the internal organisation of ECB Banking Supervision. Both NCAs and other stakeholders pointed out that the reorganisation has improved the way in which the SSM conducts its supervisory activities and its ability to progress and adapt to challenges.

These changes mark a further shift towards enhanced risk-based supervision and a reinforcement of the supervisory strategy, the risk management function and the role of thematic supervisory reviews, which are coordinated centrally. The objective was to ensure more effective supervision and greater consistency in the supervisory outcomes, and to improve the transparency and predictability of supervisory actions.

2.2 Follow-up on previous findings

The Commission team reviewed the actions taken by the ECB to address the findings identified in the 2017 SSM Review Report and found them overall effective. The most significant ones are presented and assessed below, with others included in dedicated sections in the report (e.g. fit and proper assessment, cooperation within the SSM) 6 .

On internal model approvals, the 2017 SSM Review Report included a comprehensive assessment of the ECB’s and NCAs’ process for approving new models (‘model approval process’) and the ongoing review of existing ones (the Targeted Review of Internal Models – TRIM). It also mentioned the existence of a backlog in model approvals due to the set-up of the model approval and review functions that potentially increased the duration of approvals in the initial phase. At the time, the SSM was confident that it would be able to address the backlog in the future. Since then, the SSM has put in place processes to streamline model investigations and the model approval process. These include (i) the new intensity framework for model investigation and a lighter approval process for less material requests based on the EBA internal ratings based (IRB) repair programme; (ii) approving requests related to the new definition of default via off-site assessments; (iii) integrating some model approval requests in the scope of TRIM investigations; and (iv) prioritising, since 2021, for credit risk, the assessment of approval requests related to the implementation of new EBA regulatory products that could be assessed via internal model investigations. These initiatives have helped address some of the concerns linked to the duration of model approvals.

There is, however, an acknowledged shortage of capacity at SSM level in processing model applications and change requests due to a lack of resources and, in some areas, specific skills (e.g. market risk models), that still results in delays. This aspect was highlighted by both industry stakeholders and the ECB itself. In recent years, the number of model applications by the newly established third country banks, post-Brexit, have also contributed to the delays in model approvals.

In addition, in some cases banks that applied for model approval notified the authority shortly before the start of the model reviews by the authority or even at the beginning of the examination that they had not finalised their model implementation as expected. This resulted in missions being cancelled and the SSM being unable to reallocate resources at short notice to other missions.

This area remains critical since delays in the approval process may result in the use of inappropriate models or risk being underestimated. However, it is hardly feasible for a supervisor to have sufficient resources to respond immediately to very varying demands from banks in relation to model applications, including model changes.

In the area of early intervention measures and failing or likely to fail declaration, the SSM entered into a revised memorandum of understanding with the SRB. It allowed for closer cooperation in the area of bank crisis management. Some further steps to ensure that cooperation works even more smoothly are under discussion, showing that the degree of cooperation between the ECB and the SRB is growing over time, based on experience. One element of attention is the asymmetry between the ECB’s and SRB’s participation in their respective managing bodies. While the ECB is a permanent observer in the SRB executive and plenary sessions (as mandated in Article 43(3) of the Single Resolution Mechanism Regulation), the SRB can only be invited to the SSM Supervisory Board as an observer of specific agenda items. In practice, the ECB invites the SRB to discussions on individual banks, as well as on horizontal matters and policy issues, to ensure that the SRB participates in all discussions relevant to its tasks. This regular participation of an SRB representative in the SSM Supervisory Board contributes to good cooperation between the two bodies.

The first review recognised the SSM’s achievements in applying the supervisory review and evaluation process (SREP) consistently and swiftly incorporating regulatory developments into its methodology. Further progress has been made in several areas, specifically on improving communications with the NCAs on the methods used to adjust, at horizontal level, the SREP decisions proposed by joint supervisory teams (JSTs) and incorporating EBA feedback as part of convergence assessment work. The current testing of a SREP pilot methodology, aimed at using a base SREP as a default methodology, complemented by a comprehensive SREP at least every 3 years, is an example of the further shift towards a supervisory process focused more on idiosyncratic risks of banks, in addition to a baseline evaluation that is expected to be more appropriate for the bank-specific nature of the SREP. It is important that the decisions made during the SREP, including those linked to benchmarking against other banks, are communicated to relevant stakeholders in a transparent manner, to ensure the quality of exchanges with the banks and their understanding of the expectations and outcomes sought by supervisors.

In the area of credit risk, and in particular in relation to non-performing loans (NPLs), the first SSM review report pointed out that the ECB can increase the level of provisioning by banks using its supervisory tools 7  within the limits of the applicable accounting framework. The review shows that the ECB uses predominantly moral suasion to encourage banks to apply prudent provisioning policies to credit risk and sets out supervisory expectations as a tool for communicating the desired outcome. For instance, at the beginning of the COVID-19 pandemic, the ECB sent letters 8 to bank CEOs providing additional guidance and supervisory expectations on credit risk management.

In terms of exchanging information with the European Court of Auditors (ECA), the first SSM review suggested that the ECB put in place a more efficient system to exchange information with the ECA. This was addressed by the ECB by entering into an inter-institutional agreement with the ECA on exchanging information 9 .

On the Administrative Board of Review (ABoR), the first review underlined the potential advantages of improving the transparency of decisions, for instance by publishing summaries of decisions on the ECB’s website while duly observing confidentiality rules. Indeed, transparency has increased in general, partly due to more explanations on the ECB Banking Supervision website about the functioning of the ABoR over the past few years, including the matters considered and elements of its own jurisprudence.

Finally, the first review found that the ECB could have considered embedding more proportionality in its fee methodology. This has largely been achieved via the review of the Supervisory Fee Regulation 10 that was implemented from the 2020 fee period onwards. The new process introduced, among other methodological improvements, a discount on the minimum fee component of the ECB supervision for smaller LSIs.

3. Cooperation aspects

3.1 Overview

The good functioning of the SSM and the institution’s success in its leading supervisory role over EU banks rely significantly on cooperation and coordination between the ECB and the NCAs, and on the continuous exchange of information. The review finds that, in recent years, the ECB was able to improve cooperation with NCAs and promote a series of organisational and operational initiatives aimed at strengthening coordination and communication in most supervisory areas, within its existing staffing resources.

The increase in the quality of cooperation with the ECB was broadly commended in the discussions with the NCAs. These highlighted, among others, the support and training available for NCAs, the constructive and pragmatic exchange of information across the networks and the access to SSM-developed IT tools to facilitate consistent reporting and supervisory reviews. It has also been acknowledged that the increased complexity of the supervisory activity, illustrated also by the increase in the number of new supervisory initiatives, requires significant resources, both at ECB and NCA level. If those resources are not available, solutions to optimise the supervisory processes need to be implemented.

Increasing supervisory responsibilities have also led the ECB to focus more on aspects that pose higher risks to global financial stability. As a result, some initiatives that the NCAs might see as a priority (e.g., updating LSI supervisory guidance) have been delayed in some cases.

Feedback from industry associations highlighted some areas that the SSM could address in order to improve exchanges with the institutions supervised and raise awareness of its strategy and objectives at individual level and across industry. One area where industry is looking for improvements is better communication, in particular in relation to the scope and objectives of thematic reviews and surveys, which at times might be resource-intensive for the banks and involve tight deadlines. Some industry stakeholders would also like the results of the benchmarking conducted during the SREP and of the thematic reviews to be communicated more systematically.

3.2 Direct supervision of significant institutions

The SSM’s direct supervision of SIs has been effective and timely even during exceptional circumstances (e.g. exercise of pragmatic SREP during the COVID-19 pandemic) and covers new types of risks (money laundering and terrorism financing, cyber risks, ESG).

Joint supervisory teams (JSTs) composed of ECB and NCA staff constitute the main pillar of SI supervision. Feedback from NCAs and industry stakeholders indicate that the current set-up of JST supervision is effective in general, with clear reporting lines and responsibilities. In some specific cases, JSTs have faced a shortage of specific skills (e.g. languages, technical expertise). The SSM regularly assesses the types of skills missing in these teams so it can train staff where possible or recruit new hires.

The current SREP is evolving from a detailed and exhaustive exercise to a more risk-based process. This allows more time for JSTs to focus on the main idiosyncratic risks of each SI. The benchmarking conducted by the ECB’s horizontal functions throughout the SREP allows for a consistent and coherent application of SREP decisions. Since the last review, the NCAs have been more involved in the process, particularly in terms of the methods employed at horizontal level to adjust the SREP decisions proposed by JSTs.

In addition, the SSM has been developing supervisory methodologies and processes, especially with regard to the application of Pillar 2 requirements and Pillar 2 guidance, with the aim of following a harmonised approach in its supervision. This harmonisation of supervisory processes is also applied to the outcomes of on-site inspections.

Before and during the pandemic, the ECB identified leverage lending activities as a major vulnerability for SIs, that require increased scrutiny and follow-up actions 11 . The high growth of leverage loans and the significant risks inherent in these transactions, driven also by a lack of covenants and lower rating quality as well as deficiencies in banks’ risk management, prompted the ECB to consider leverage finance as a supervisory priority (2022-2024).

In response to the changes in the rates environment, the ECB also prioritized reviews of the interest rate risk and credit spread risk management 12 , starting from the second half of 2021. The ECB included those risks in its supervisory priorities in 2022.   

3.3 Indirect supervision of less significant institutions

During the bilateral exchanges, NCAs gave positive feedback on the quality of cooperation with the ECB on the supervision of LSIs, further building on a good outcome on this point during the 2017 review. NCAs pointed out areas of significant improvement:

·a steady increase in the quality and frequency of discussions between NCAs and ECB country desks (in practice also facilitated by the virtual work environment);

·the creation of senior management networks to discuss policy implementation;

·the contribution of new SSM horizontal functions to the increasing harmonisation of supervisory practices;

·the use of the Information Management System (IMAS) portal for LSIs on a voluntary basis.

The supervisory methodologies agreed at SSM level for LSIs are generally adopted by NCAs, with some degree of proportionality. NCAs have noted that the LSI methodology, which is crucial for them to ensure supervisory consistency, is not comprehensively updated every year (the last comprehensive revision is from 2020). At the same time, specific elements of the LSI methodology have been revisited more recently, such as the inclusion of IT risk under operational risk. Supervisory guidance on the inclusion of money laundering and terrorism financing risks will be integrated into the LSI methodology in 2023. In addition, the bilateral exchanges with NCAs confirmed the different frequency of supervisory reviews of LSIs, notably of small and non-complex institutions.

Some of the initiatives introduced on a voluntary basis could also benefit from further mainstreaming, such as the use of IMAS for all high-risk and high-impact LSIs and for some other elements of ongoing LSI supervision, where the risk profile of such LSIs justifies close cooperation with the ECB. IMAS could be extended to small banks with a high-risk business model as this precautionary measure would allow the ECB to exercise closer oversight and take over the direct supervision of specific institutions if necessary.

In relation to both SI and LSI supervision, some NCAs noted that the significant amount of work carried out by the SSM can, in some instances, impose a strain on NCAs with fewer staff resources, for instance due to participation in different initiatives, working groups and training courses. To address this, the SSM has recently focused on creating regional hubs of expertise. These aim to develop broad and in-depth knowledge on a particular type of risk, finding solutions to mitigate it and then share this knowledge across the SSM. One of the examples already piloted is the establishment of a securitisation hub led by the French supervisory authority (ACPR). These hubs illustrate not only the close cooperation between the ECB and NCAs, but also the objective of optimising available resources while achieving consistent results across the SSM.

3.4 Close cooperation agreements

Since the 2017 SSM Review, the SSM has entered into two close cooperation agreements (CCAs) with Bulgaria and Croatia, whose authorities now participate in the SSM 13 . The CCAs contain a very specific feature, as the relevant NCA joins the SSM on a slightly different footing compared to the NCAs of participating Member States from the euro area. The main difference is that the NCAs of Member States in close cooperation participate in the SSM, but in terms of decision-making, they act based on instructions that the SSM delivers to the NCA, and they translate these instructions into national decisions.

The experience with onboarding Bulgaria and Croatia has been positive. CCAs were preceded by in-depth exchanges and thorough preparation. This helped smooth the process, in particular by giving Bulgarian and Croatian authorities sufficient time to adapt their policies and practices to the newly established cooperation framework.

Because of the way CCAs are designed, the decision-making process based on instructions takes more time compared to SSM internal decision-making. One example is that national authorities normally receive instructions in English, which must then be translated into the national languages and implemented via national legal instruments. In addition, the organisation of joint on-site inspections is cumbersome because the SSM Regulation only assigns the ECB the role of ‘observer’ for inspections in CCA countries.

However, the CCAs have been working well in general, with rapid achievements in several areas following the establishment of the agreements. This includes the timely establishment of direct communication channels between the supervised entities and the JSTs, smooth integration of the supervised entities in the centralised SREP and SSM leveraging of Bulgarian and Croatian supervisory expertise on local topics and experience with the national SIs.

3.5 Cooperation with third country supervisors and impact of Brexit

Many SIs supervised by the SSM have a significant international presence. In this context, cross-border cooperation and coordination in identifying and mitigating risks to financial stability are essential.

In recent years, the SSM has worked on deepening its strategic cooperation with third country authorities on supervisory issues. It has signed more than 15 memorandums of understanding with banking and market supervisory authorities established outside the EU, which are published on the ECB’s website subject to the consent of the partner authority. This type of agreement facilitates smooth supervisory cooperation and the exchange of information.

Since 2016, international banks reorganised after Brexit to ensure a continued EU presence. This resulted in around 25 Brexit-related authorisation procedures for the SSM. This involved both the establishment of new credit institutions and the restructuring of existing ones. The SSM had to address the challenge of onboarding them in a relatively short period of time which was particularly complex for subsidiaries of large international banks, with different business models.

The ECB published its supervisory expectations of banks’ booking models in August 2018. These focused on ensuring that the newly established entities under SSM supervision have sound risk management and control frameworks and are operationally resilient in a crisis.

Against this background, and as part of its supervisory tasks to ensure that third country subsidiaries have adequate governance and risk management, the SSM is in the process of completing a review of booking and risk management practices across trading desks (‘desks mapping review’). The review focuses on the booking and risk management practices across trading desks active in e.g. market-making activities, treasury and derivatives 14  within ‘incoming Brexit banks’.

The review is a key supervisory tool that allows the SSM to check whether industry practices are converging towards the ECB’s supervisory expectations of all SSM entities, including the EU subsidiaries of third country groups. It showed that most incoming banks had fallen short of the expectations set by the SSM, exhibiting some empty shell features. The SSM has set out different risk indicators for each trading desk to better capture the materiality of the trading activity and all relevant risks to which it gives rise. The ECB will address these deficiencies in legal orders to relevant banks in Q2 2023, with appropriate phasing.

3.6 Cooperation with non-bank supervisory authorities

The SSM has put in place a number of cooperation mechanisms with the supervisors of other financial sector entities such as insurance undertakings and investment firms (‘non-bank supervisors’). This form of cooperation is particularly important as a number of banking groups control insurance undertakings, investment firms and other financial sector entities that are subject to financial supervision by other supervisory authorities. In addition, given that a significant number of SSM-supervised credit institutions issue securities on EU regulated markets, the SSM has established communication channels with markets and securities supervisors.

The SSM’s primary objective in this domain is to exchange information to make sure that coordinated action can be taken if need be. Within the SSM, it is generally the JSTs that ensure that information flows properly with non-bank supervisors.

One focal point is that the effective exchange of information between the SSM and non-bank supervisors depends on how financial market supervision is organised at national level. While the SSM’s tasks only cover the prudential supervision of credit institutions, in some Member States the relevant national authorities in charge of supervising the financial sectors (banking, insurance, securities) are integrated in a single supervisory authority or split between a prudential authority and a financial conduct authority. A mechanism for the exchange of information between the SSM and third country market supervisors may also be warranted. The new memorandum of understanding entered into by the U.S. Securities and Exchange Commission and the ECB in 2021 could serve as an example in this regard.

Furthermore, the SSM is one of the key players in the supplementary supervision of financial conglomerates. These are groups consisting of a banking, insurance and investment arm, which are subject to supplementary supervisory rules laid down by the Financial Conglomerates Directive. In particular, the Directive provides that among the sectoral supervisors in charge of the different arms of a conglomerate, one is appointed as coordinator 15 . Given that the SSM supervises SIs, it is often tasked with the role of coordinating supervisor of some of the largest financial conglomerates active in the EU. Until recently, the focus of the SSM in this area has been day-to-day supervision, namely the identification of priority supervisory issues. The ECB has since entered into cooperation agreements with insurance supervisors in order to foster cooperation and the exchange of information on banking and insurance conglomerates. In addition, the ECB is now cooperating more actively with the European Insurance and Occupational Pensions Authority to share expertise and information in order to better capture conglomerate-specific risks and has set up an internal formalised workstream on financial conglomerates.

3.7 Progress on cooperation in other areas of ongoing supervision

Fit and proper

As acknowledged in the first SSM report, fit and proper (FAP) assessments represent the bulk of the decisions adopted by the Governing Council, following the ECB Supervisory Board’s proposal.

Since the last SSM review, significant progress has been made in enhancing cooperation with the NCAs in the FAP assessment area. This has been widely acknowledged by the NCAs in the discussions during the review. They generally praise what the SSM has achieved, in particular on the risk-based decision-making system and implementation of new IT tools.

The ECB, together with the NCAs, form the FAP network that works on developing and updating the relevant guides and templates to make the assessments and approval process of FAP assessment procedures within ongoing supervision more consistent, streamlined and effective. These documents cover key elements such as (i) interview templates for different managerial positions, including for key function holders; (ii) drafting guidance to ensure that consistent wording is used in all FAP procedures and decisions; (iii) a FAP guide providing a description of SSM applicable policies, practices and processes when assessing the suitability of members of the management bodies of significant credit institutions; and (iv) a handbook to support JSTs and NCA case handlers in the day-to-day application of the SSM FAP stances when preparing a draft FAP assessment.

Since the previous SSM review, the SSM has stepped up its actions to take FAP decisions more effectively. It has simplified the decision-making process by implementing both a delegation process and a fast-track process for less complex decisions and has focused on developing appropriate IT tools to cope with the number of FAP assessments while ensuring effective supervision. In a few specific cases, it has considered ad hoc solutions aimed at addressing FAP issues specific to some Member States and is exploring the implementation of successful approaches to similar cases.

In addition, the SSM put in place the alternative fit and proper process (AFAPP) in 2018. This is a fast-track decision-making procedure to increase efficiency, shorten the processing time of FAP decisions and allow for a more risk-based focus. Under this procedure, instead of working on a preliminary proposal at NCA level and on a joint NCA/ECB assessment, the NCA is responsible for drafting the proposal together with the JST member. The proposal is then submitted directly to the SSM Secretariat for a quality check and to ECB senior managers for adoption 16 .

To streamline the FAP assessment and manage the large volume of information, the SSM has worked on improving its IT tools. Introduced in early 2021 to support the supervisory process, the SSM has started using the IMAS portal, to enable banks to transfer all required documents for FAP applications directly and in a secure way. Relevant information on the FAP process, such as updated procedures and templates, are uploaded to the internal network to provide NCAs with easy access to the most recent documentation.

As regards tools specifically developed to support the FAP assessment, the SSM is piloting a machine learning tool with two NCAs to facilitate the reading and assessment of FAP questionnaires and signal potential concerns at an early stage of the process. The objective is to widely deploy the tool by the first half of 2023.

While acknowledging the progress made together with the NCAs 17 , challenges still remain, particularly due to the lack of harmonisation between national frameworks and the existence of national specificities. This has been highlighted by some NCAs, who pointed out the limits of the SSM’s efforts without further harmonisation. The Banking Package proposed by the Commission in October 2021 includes a proposal to further harmonise the regulatory framework for FAP assessments. The package is now being discussed in the European Parliament and the Council.

Enforcement and sanctioning powers

The 2017 SSM Review Report pointed out that more practical experience was needed to assess the ECB’s enforcement and sanctioning powers. Some 8 years after it was established, the SSM has demonstrated that it has gradually acquired that experience. The last SSM report on sanctioning activities 18 shows that enforcement has mainly targeted breaches of prudential requirements in the area of internal governance (in line with the SSM supervisory priorities for 2021). In addition, it shows an increase in sanctioning activities that target breaches of supervisory reporting obligations. In terms of methodology, the ECB published a guide on setting administrative penalties in March 2021, which improved transparency.

Among its enforcement powers, the ECB may apply periodic penalty payments 19  if there is a continuous breach of a regulation or ECB supervisory decision. So far, this enforcement tool has been used by the ECB in a limited number of cases. 

The SSM applies its sanctioning powers within the boundaries of the CRD transpositions into the national laws of the participating Member States. However, the differences in the implementations by Member States of important elements of the sanctioning regime undermine the ECB’s capacity to provide appropriate sanctions consistently.

The Banking Package proposal seeks to harmonise certain supervisory and sanctioning powers in the EU. First, it aims to expand the scope of the sanctioning powers by supplementing the list of breaches subject to administrative penalties and sanctions with additional prudential requirements. Second, it aims to provide NCAs with greater powers to enforce rules by introducing into legislation periodic penalty payments so that credit institutions swiftly comply with prudential requirements. The CRD VI proposal would therefore provide effective, proportionate and dissuasive enforcement and sanctioning tools for supervisors.

4. Banking supervision adapting to new challenges

4.1 Overview

The challenges faced by the banking sector since the global financial crisis have highlighted the importance of strengthening supervisory practices for the overall economy. Effective high-quality bank supervision, cross-border and cross-sectoral supervisory communication and cooperation are essential for ensuring that risks to the safety and soundness of credit institutions and to financial stability are rapidly identified and addressed. To achieve this, supervisory authorities need to carefully define their objectives, develop and maintain a forward-looking assessment of the risks to financial stability, and follow a proactive integrated approach to banking supervision and their capability to extrapolate across the financial sector in order to achieve the desired targets.

The review has assessed four areas of challenges to supervision:

·response to the COVID-19 crisis;

·supervision of IT and cyber risks;

·supervisory challenges related to climate risks;

·supervisory challenges related to money laundering;

The SSM’s response to the war in Ukraine was assessed only indirectly during this review, through the lens of the impact of increased geopolitical risk on banks’ financial stability and banking supervision, in particular on cyber risk and credit risk. It can be noted that, similarly to its response to the COVID-19 pandemic, the SSM reacted swiftly and comprehensively 20 to mitigate key risks. These risks included exposures of a number of supervised banks to Russia, the impact of sanctions, cyber-attacks and the deteriorating macro-economic outlook as a result of the emerging energy crisis. In its supervisory priorities for 2023-2025, the SSM has identified the war in Ukraine and the emerging risks as one of its key areas of concern 21 . The SSM has shown that it was able to adapt to a new type of crisis shortly after the COVID-19 pandemic, even if it is still too early to assess the longer-term impact of the measures taken.

4.2 Response to the COVID-19 pandemic

From a banking supervision perspective, the outbreak of the COVID-19 pandemic represented a significant test of the SSM’s capabilities to quickly adapt to supervisory challenges. As recognised by NCAs and industry stakeholders, the SSM response to the pandemic is considered to have been swift and agile. The tools available to supervisors were sufficient and effective to address the impact of the crisis, as part of the broader public policy response to the pandemic. Cooperation between the ECB, NCAs and European Supervisory Authorities also functioned well during the crisis.

Even if it may be difficult to gauge the exact effects of individual capital and liquidity relief measures – fiscal and monetary supporting measures were taken at the same time at EU and national level –, the following measures taken by the SSM to address the fallout of the pandemic have proven effective:

·Operational relief measures: these measures, which industry deemed particularly helpful, such as longer deadlines to comply with supervisory obligations (e.g. for the implementation of remediation actions stemming from recent on-site inspections and internal model investigations), were taken in a timely manner and provided banks with the necessary capacity to deal with the immediate fallout of the crisis. 

·Ongoing monitoring of banks’ risks: the outbreak of the pandemic highlighted the need to intensify and deepen the supervision of credit risk management. A large majority of NCAs praised the insights gained through banks’ responses to the ‘Dear CEO’ letter.

·The dividend distribution recommendation: the ECB’s recommendation on dividends for significant institutions was effective and preserved EUR 28 billion of capital in banks acting as an additional capital buffer throughout the pandemic. The practical application of the recommendation for LSIs, although followed by all NCAs, was less effective, with a significant number of LSIs still paying out dividends 22 - an issue raised by stakeholders from a level playing field perspective.

·Buffer usability: during the COVID-19 pandemic, the ECB allowed banks to dip into their Pillar 2 Guidance funds and use capital and liquidity buffers to withstand a potential deterioration in their balance sheets and their liquidity positions. Given the magnitude of the public and monetary support measures taken, banks did not face major losses and, moreover, did not make use of their buffers due to maximum distributable amount 23 restrictions and perceived market constraints (e.g. potential market stigma effects).

The COVID-19 pandemic has highlighted areas of banking supervision that could be improved. Among these, the experience with a ‘pragmatic’ SREP has provided valuable insights for potential simplifications of the regular SREP in normal times. In the area of credit risk, the COVID-19 pandemic brought to light significant shortcomings in banks’ credit risk management which were less prominent on supervisors’ radar before the pandemic due to the low NPL ratios 24  (e.g. divergences in credit risk policies for forbearance, unlikely-to-pay identification and provisioning policies). Measures taken to address these gaps will remain an area of increased supervisory scrutiny in the future.

4.3 ICT/cyber risk

Among the risks that emerged in the last 5-10 years following increased digitalisation of financial services and the exponential growth of data volumes used by banks, improving ICT and cyber risk supervision has been a priority on the supervisory agenda. Cyber risks and outsourcing risks have been mentioned as the two most important topics. The SSM has acknowledged this, identifying ICT/cyber risk supervision as a high priority area in the short to medium term.

The review showed that the SSM has sufficient formal supervisory powers to address ICT/cyber risks – even more so with the forthcoming Digital Operational Resilience Act. The ICT and cyber risk supervision framework is deemed appropriate in light of cyber-attacks observed so far. A cyber risk scenario was requested for recovery plan submissions in 2022/23, and a cyber risk stress test is being considered for 2024 to assess the banks’ level of preparedness for cyber incidents.

The outsourcing of IT services by banks raises concerns about concentration risks (reliance on a small number of providers), the reliance on intragroup entities in third countries (due to potential geopolitical risks) and the risk of the emergence of chains of outsourced activities. The ECB has therefore requested SIs to submit on an annual basis a register of all their outsourcing arrangements. The aim is to provide the ECB with the information necessary to assess the risks deriving from outsourcing arrangements, with the ultimate goal of cultivating more robust outsourcing arrangements in all SIs. Furthermore, the ECB and the NCAs are able to perform horizontal analyses of outsourcing risks. This enables JSTs to benchmark the outsourcing risks of their banks against their peers, and generally assess financial sector interconnections with third party service providers and the potential concentration risk at institution and sector level. The first submission was due in July 2022, and the ECB has already concluded its first horizontal analysis. This will feed into future supervisory activities.  

In terms of cooperation between the ECB and NCAs, the review found that the cooperation was working well. Many NCAs praised the work of the SSM network on cyber risk, where information is exchanged regularly between NCAs and the ECB. Some NCAs mentioned that the ECB’s role in LSI supervision on this topic could be strengthened, for instance by developing best practices for LSIs. The ECB could also provide further clarity when starting a new initiative for SIs if NCAs expect it to be expanded for LSI supervision as well.

A central theme that emerged from the review was the lack of ICT resources, cyber risk resources and expertise in the supervisory community both at NCA and ECB level. Given the competition from other market players to attract talent in this area, specialist recruitment can be difficult. Training staff both at the ECB and in NCAs is important but will only partly address the issue.

4.4 Climate change

The importance of climate change related risks for the stability of the financial system, and therefore for prudential supervision, has driven the SSM to significantly increase its involvement in this area by undertaking several supervisory initiatives. These initiatives, implemented well before similar measures taken by supervisors in most other non-EU jurisdictions, are examples of the SSM’s adaptability and ability to proactively address emerging supervisory challenges. It contributes to the SSM being widely perceived as a front runner in this emerging risk area.

Being at the forefront of supervisory efforts in the area of climate change risk means finding appropriate solutions to a number of global issues not usually encountered when addressing traditional risks. These issues include the forward-looking nature of climate-related risks and the lack of readily available, detailed and comparable data.

To help mitigate this, in 2020, the SSM provided, in the form of a guide, supervisory expectations on how banks should prudently manage and transparently disclose climate-related risks. The ECB assessed compliance with these expectations, but there was also a self-assessment exercise that banks were required to do. To complement these point-in-time exercises, the ECB publishes regular updates on the progress banks have made on disclosing climate and environmental risks, providing market participants with examples of best practices. Furthermore, the ECB conducted a climate risk stress test exercise in 2022 to assess how prepared banks are for dealing with financial and economic shocks stemming from climate risk. This also incentivised banks to actively collect data and develop proxies on their exposures. The results indicate that banks do not currently have robust climate risk stress test frameworks and lack relevant data. In 2022, the ECB also conducted the first on-site inspections dedicated to climate risk.

The SSM review highlighted the good cooperation between the ECB and the NCAs on climate change related risks. As an example of the two-way exchange of information and cooperation on climate-related risks, the ECB has leveraged the relevant supervisory practices already in place at some NCAs and extended them to the whole SSM. This has encouraged further dialogue and, as a result, consensus about best practices. The quality and extent of cooperation on these topics was widely acknowledged by the NCAs during the review. Overall, NCAs are very satisfied with the supervisory approach taken, with consensus on the need to take a step-by-step approach to climate-related risks in order to steadily raise awareness of these risks in the industry and effect the required changes.

The ECB has supported the NCAs by providing training programmes. Horizontal teams and a common network dedicated to climate risks have also been created. The NCAs used these to provide input on the ECB’s climate-related products such as its guide on supervisory expectations and on the set-up of the 2022 climate risk stress test. The ECB has also provided the opportunity to NCAs to let LSIs participate in some of their exercises, for example the 2022 thematic review on climate-related and environmental risks.

At the same time, some NCAs have developed and published their own guidelines on ESG risks for supervised LSIs, which complement the ECB’s own guidelines for SIs. Although the review did not highlight that this was leading to significant different expectations for LSIs, it was found that despite a number of actions taken by the ECB – in the guide on climate-related risks, in several round-table discussions on climate-related risk supervision and in a stock take and benchmarking of NCA approaches to climate-related risk supervision –, there is the perception that coordination between NCAs in their approach to LSIs on this topic could be improved further; lack of coordination at LSI level may lead to different supervisory expectations and practices for LSIs. The ECB could benchmark these supervisory practices to ensure that the supervisory approaches for this emerging risk area are further harmonised. The outcome of this benchmarking analysis could then be integrated into the supervisory methodology for LSIs to ensure a consistent approach to supervisory practices.

The JSTs conducted the thematic review on climate and environmental-related risks in 2022 and praised the support received from horizontal functions in the ECB, particularly in light of the review being carried out at the same time as the SREP. An important next step will be the integration of climate risk into the regular SREP to ensure that climate risk supervision becomes part of the regular supervisory process. For this, the SSM is working on updating its supervisory methodology.

4.5 Anti-money laundering and countering the financing of terrorism (AML/CFT)

Beyond the direct negative impact that money laundering and the financing of terrorism (ML/FT) have on society, such behaviour also has the potential to erode trust in individual banks and the financial sector as a whole, damaging its reputation and potentially impacting its stability and orderly functioning. Breaches of AML/CFT requirements have often been linked to shortcomings in internal risk management controls within banks. The set of reports 25 published in 2019 by the Commission on AML/CFT clearly illustrate several cases of supervision that failed to prevent ML/TF risks. 

It is therefore essential that prudential supervisors take into account prudential implications of ML/TF risks and that they and AML/CFT authorities cooperate in an effective manner. When exercising its prudential supervisory tasks, the ECB has to take into account ML/TF risks from the perspective of the prudential soundness of the supervised entity, as its ECB mandate is limited by the fact that the ECB is not the AML/CFT supervisory authority.

Since the last SSM review, several amendments to EU legislation have further clarified the interplay between prudential supervision and AML/CFT supervision and have mandated prudential supervisors to act on AML/CFT-related information in areas such as the SREP, granting authorisations and FAP assessments 26 .

Since 2019, and as a result of the legislative changes, the ECB has been systematically reflecting on the prudential implication of ML/TF risks as part of the SREP 27 . The ECB has entered into a multilateral agreement with a number of AML/CFT supervisors of credit and financial institutions of EEA Member States, which has helped increase the exchange of information. Since 2019, the number of AML/CFT supervisors that have signed the multilateral agreement with the ECB has exceeded 50.

Moreover, the ECB has improved its own decision-making process for sharing ML/TF-relevant information with AML/CFT supervisors since the last European Court of Auditors’ report on AML 28 , which pointed out some delays in the ECB’s communication of relevant ML/TF information to AML/CFT supervisors. In 2019, the ECB established a horizontal unit focusing on AML/CFT topics from a prudential perspective and acting as a central contact point for different authorities 29 . The unit provides technical support and a common methodology on AML/CTF issues to assist JSTs, ensuring better coordination and a consistent supervisory approach 30 . For example, the horizontal unit provides a list of prudential warning signals that the JSTs integrate in SREPs, leading to the proactive reflection of prudential implications of potential ML/TF risks in prudential supervision. It also provides support to LSI supervision in the context of the ECB’s oversight function.

The ECB also participates as on observer in AML/CFT supervisory colleges. As outlined by an EBA report26, such participation provides a further channel for the exchange of information between the ECB and AML/CFT supervisory authorities on those significant institutions for which such colleges have been established. Furthermore, the ECB, as a prudential supervisor, is a contributor to the EBA’s AML/CFT database (EuReCA).  

However, progress still needs to be made in this area in terms of harmonising supervisory approaches towards ML/TF risks. Given that each AML/CFT authority has its own methodology for assessing ML/TF risks, the ECB must deal with different methodologies. That can increase the risk of inconsistencies in how the ML/TF risks are addressed and how their prudential implications are reflected across supervised entities.

To address these shortcomings, the Commission proposed 31  setting up an EU AML/CFT authority (AMLA) that would play a central role in strengthening cooperation and facilitating the exchange of information between all the supervisory authorities involved, where relevant, therefore leading to further improvements on how prudential implications of ML/TF risks are reflected in prudential supervision.

5. SSM’s impact on the functioning of the internal market

The completion of the Banking Union remains one of the EU’s policy priorities. Significant progress towards a more unified banking market has already been made through the establishment of the SSM and the Single Resolution Mechanism. They were set up to overcome the issues highlighted by previous financial crises. In some cases, these led to the break-up of integrated cross-border banking groups along national lines to manage banking crises with national resources. The SSM established strong banking supervision for the entire Banking Union, which helps to address the fragmentation of the banking market and pursue genuine European interests. However, persistent policy and political challenges to completing the Banking Union have so far proven to be an obstacle to deliver a fully efficient internal market for banking.

Against this background, there are limits to the impact that the SSM’s effectiveness alone can have on the internal market. The centralised banking supervision activities that the SSM has been carrying out since its inception, including those in response to the crises from recent years, can be seen as making a significant contribution to building up trust between Member States by ensuring that the EU banking sector is more resilient and by improving cooperation on banking supervision across the EU 32 . Indeed, exchanges with NCAs highlighted clear progress in integrating them into the decision-making process on supervisory matters, better communication and participation in the definition of supervisory priorities and strategy, and improved pooling of supervisory resources for cross-border inspections. In addition, the SSM contributed to the effective risk reduction in the EU banking sector, achieving significant progress in improving banks’ risk management of NPLs 33 . However, while the SSM has continued to function better in recent years and has matured and evolved as an institution, its impact on the smooth functioning of the internal market remains constrained by the political challenges to the Banking Union. In practice, these translate into some degree of market segmentation along national borders and also into limited consolidation between banks based in different Member States.

One concern that was raised when the SSM was established centred on the risk that it might create different patterns of integration between banks in participating Member States and banks in non-participating Member States, therefore fragmenting the internal market. In practice this concern has not materialised, on the one hand because integration in the banking system in participating Member States is still insufficient; and on the other hand, because cooperation between the ECB and the competent authorities in non-participating Member States has been smooth, in particular through colleges and information exchanges underpinned by solid frameworks (memorandums of understanding).

6. Conclusions

The analysis undertaken during the review and presented in this report supports the notion that the SSM has developed into a mature organisation that is functioning well. More than 8 years since its inception, the SSM has proven to be a respected supervisory authority capable of delivering on its mandate as set out in the SSM Regulation.

Since the last SSM review, the SSM has continued to improve its supervisory practices and further establish its authority. In recent years, it has developed more harmonised, transparent and comparable supervisory practices, for example for determining banks’ Pillar 2 Requirements and Pillar 2 Guidance, as well as for the fit and proper assessments conducted. These improvements have had a positive impact on the close cooperation between the ECB and the NCAs, which is an important and unique dimension of the SSM. The feedback received during the review was very positive on this cooperation and underscored the mutual trust that exists between the ECB and NCAs, including those participating in the SSM through close cooperation. This in turn allows the SSM to further develop its risk-based approach in supervision, as shown with the SREP pilot exercise. This results in a more efficient allocation of resources.

The SSM has also shown to be capable of rapidly adapting to emerging supervisory challenges as well as to unexpected adverse events. The review found that the SSM was generally praised, including by industry stakeholders, for its swift and agile approach to addressing the challenges posed by the COVID-19 crisis. At the same time, the SSM is proving to be proactive and able to take a forward-looking approach to banking supervision, as illustrated by its efforts in the area of climate-related risks.

The review has also highlighted some areas that will require continued focus. First, the SSM is facing challenges on the availability of the skills that are required to conduct supervision in highly specialised areas. This limits the possibility to prioritise the work in areas such as ICT/cyber risks and internal model assessments. Second, the findings of the review underscored the importance of external communication and cooperation. While transparency towards supervised entities about supervisory initiatives has improved, communication with relevant stakeholders continues to be important to ensure they understand the expectations and outcomes sought by supervisors. In recent years, the SSM has also put a lot of effort into its cooperation with other supervisory authorities, such as the Single Resolution Mechanism, European Banking Authority, anti-money-laundering authorities, non-bank supervisors and supervisors from third countries. To this end, the SSM has established memorandums of understanding with many of them. In the coming years, it is important to ensure that these are used effectively, in particular in relation to cooperation with non-bank supervisors, resulting in better supervisory outcomes. Third, a final area that will require further attention, but which falls outside the control of the SSM itself, concerns the harmonisation of certain legislative areas. The review has highlighted the difficulties that the SSM is facing in the areas of fit and proper assessment, sanctioning powers and anti-money laundering, where the SSM is largely dependent on national law. Supervision would benefit from a more harmonised legal framework as this would address concerns about an unlevel playing field within the SSM.

Overall, the review has not identified areas that would require major changes to the SSM Regulation at this stage. The Commission concludes, based on the insights obtained during the review that the supervisory pillar of the Banking Union is now well established and functions effectively. It should therefore inspire confidence in the opportunities that a completed Banking Union could deliver, not least for the internal market.

(1)

Article 32, SSM Regulation

(2)

  2017 SSM Review Report

(3)

 Discussions took place with the main banking associations active at European level, such as European Banking Federation, Association for Financial Markets in Europe, European Savings and Retail Banking Group, European Association of Public Banks, and European Federation of Building Societies.

(4)

The list of supervised entities (latest version January 2023) is available here: https://www.bankingsupervision.europa.eu/banking/list/html/index.en.html  

(5)

Article 6 of the SSM Regulation .

(6)

Some very specific findings are covered by the findings in other sections: inefficient use of resources in relation to the decision-making process [Sections 3.7 and 4.5], joint supervisory teams not having sufficient staff or language skills [Section 3.2].

(7)

Banking supervision competent authorities under the SSM framework are not empowered to impose specific provisions based on accounting standards. However, the prudential framework provides a list of available tools to influence the level of banks’ provisioning when the accounting treatment is not sufficiently prudent and would potentially trigger prudential risks for the supervised banks.

(8)

  CEO letter

(9)

Inter-institutional agreement between the ECB and the ECA on exchange of information: MOU_ECA-ECB.pdf

(10)

  Supervisory Fee Regulation

(11)

The ECB published a letter sent to CEOs of significant institutions outlining supervisory expectations regarding leveraged transactions ( Leveraged transactions ) based on the guidance published in 2017.

(12)

This focus on interest rate risk management is particularly relevant in the context of the difficulties that some US mid-sized banks encountered in March / April 2023.

(13)

Croatia joined the euro area on 1 January 2023. It also became a full member of the SSM.

(14)

  The desks mapping review – integrating Brexit banks into European banking supervision

(15)

The Financial Conglomerates Directive lays down a framework for supervisory cooperation among all the supervisors involved in the supervision of the entities within a financial conglomerate. Also, the Directive sets out the criteria for appointing a ‘coordinator’, which is the supervisor that takes the lead to exercise the supplementary supervision powers.

(16)

 Initially applicable to 11 Member States and to institutions with total assets below EUR 3 billion, this procedure was extended in 2022 to all Member States in the SSM and to institutions with total assets up to EUR 10 billion.

(17)

The average processing time for fit and proper assessments for members of the management body has decreased by 33%, from 164 days in 2017 to 110 days in 2021. The overall processing time for the fit and proper procedures completed in 2021 was 3.7 months on average.

(18)

  2021 Sanctioning report

(19)

 Article 129 of the SSM Framework Regulation enables the SSM to use periodic penalty payments.

(20)

  Supervisors’ reaction to the war in Ukraine (europa.eu)

(21)

  ECB Banking Supervision: SSM supervisory priorities for 2023-2025

(22)

925 LSIs paid dividends between March 2020 and September 2021 for a total amount of EUR 2.9 billion.

(23)

The Capital Requirements Directive introduced the concept of maximum distributable amount, which requires supervisors to automatically restrict earning distributions if a bank’s total capital falls below the sum of its Pillar 1, Pillar 2 and CRD buffer requirements.

(24)

It is worth noting that before the outbreak of the pandemic, the ECB carried out several supervisory initiatives to facilitate the decrease and prudent management of the stock of NPLs in the EU banking sector. It provided supervisory guidance on the appropriate classification, management and provisioning of NPLs. It also provided bank-specific supervisory expectations for the provisioning of NPLs. Overall, the ECB’s NPL strategy has helped reduce NPLs across the EU banking sector.

(25)

  Report_assessing_recent_alleged_money-laundering_cases_involving_eu_credit_institutions.pdf

(26)

See in particular Articles 91 and 97 of the CRD, as amended by CRD 5.

(27)

Implementation of the SREP Guidelines by the ECB in 2019 reflects its vigilant approach towards ML/TF risks.

(28)

The ECB has implemented a simplified process for exchanging information under the AML agreement after the ECA’s audit (see EU efforts to fight money laundering in the banking sector are fragmented and implementation is insufficient .

(29)

 AML/CFT authorities and financial intelligence units.

(30)

The new SREP EBA Guidelines also ensure a consistent and harmonised supervisory approach to ML/TF risks ( Guidelines for common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing | European Banking Authority )

(31)

  Commission proposal establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism

(32)

In this regard, the ECB has recently adopted a memorandum of understanding with the six EU non-SSM NCAs, as provided for under Article 3(6) of the SSM Regulation.

(33)

According to ECB’s data, the volume of NPLs in the EU banking sector reduced by 64% since 2015. Link available here: https://www.bankingsupervision.europa.eu/press/speeches/date/2023/html/ssm.sp230208~4ee762ce05.en.html