International standards for internationally active banks
The Basel Committee on Banking Supervision (BCBS) continues to encourage full, timely and consistent adoption and implementation of the Basel standards. The final Basel III standards were agreed by the Group of Central Bank Governors and Heads of Supervision in December 2017, with adjustments to the market risk framework endorsed in January 2019.
The final Basel standards have been designed to restore credibility in the calculation of risk-weighted assets (RWAs) and improve the comparability of banks' capital ratios by:
- enhancing the robustness and risk sensitivity of the standardised approaches for credit risk, credit valuation adjustment (CVA) risk and operational risk
- constraining the use of the internal model approaches, by placing limits on certain inputs used to calculate capital requirements under the internal ratings-based (IRB) approach for credit risk and by removing the use of the internal model approaches for CVA risk and for operational risk
- introducing a leverage ratio buffer to further limit the leverage of global systemically important banks (G-SIBs)
- replacing the existing Basel II output floor with a more robust risk-sensitive floor based on the Committee's revised Basel III standardised approaches.
The implementation date, initially set for January 1, 2022, was deferred by one year in response to the Covid-19 crisis to January 1, 2023, with a five-year phase-in for some elements (notably the output floor). The Bank for International Settlements (BIS) reported in May 2025 that about 70% of the BCBS's member jurisdictions had implemented, or would shortly implement, the standards. Notably, however, the U.S. and the UK have not yet done so.
Although the UK published “near-final” rules in 2023 and 2024, it was announced in June 2025 that implementation would be further delayed from January 1, 2026 to January 1, 2027, to allow “more time for greater clarity to emerge about plans for its implementation in the United States”.
Initial implementation proposals in the U.S., the so-called “Basel endgame”, were met with much industry consternation. Although revised proposals were anticipated in Q3 2024, the presidential elections and subsequent changes in the administration and authorities have meant further delays. Current expectations are that the U.S. will publish revised proposals in Q1 2026, as part of a broader package of prudential reforms.
As jurisdictions take differing approaches to the substance and timing of implementation, firms are faced with challenges arising from divergent capital requirements globally. In a time of focus on international competitiveness, this is an area of concern for the banking sector. Although a number of common areas of divergence from the Basel standards have emerged, suggesting consensus that some elements of the standards need change, the BCBS is of the view that all jurisdictions must first implement before the standards are re-opened to address areas where issues with the standards, agreed in 2017–2019, have been identified.
UK
In line with the UK's post-Brexit regulatory framework for financial services, implementation of the final Basel III standards in the UK (referred to as Basel 3.1) will be effected mainly by additions and amendments to the Prudential Regulation Authority (PRA) Rulebook and other PRA supervisory materials. HM Treasury (HMT) will revoke provisions of the UK's version of the Capital Requirements Regulation (CRR) that was assimilated into UK law as the new standards come into effect.
The PRA published its policy on the implementation of Basel 3.1 in two parts back in 2023 and 2024. In each instance the PRA described the policy as “near-final” rules but confirmed that it did not intend to change the policy or make substantive alterations to the instruments before the making of the final policy material. As noted above, however, implementation timing has changed in light of U.S. delays and concerns around the impact on the competitiveness of UK banks.
Final rules together with the statutory instrument necessary to revoke the provisions in the UK CRR that will be replaced by PRA rules are now expected in Q1 2026. Although implementation has been delayed to January 1, 2027 (except for market risk provisions for which an implementation date of January 1, 2028 is currently anticipated), the output floor transitional period is still expected to expire on January 1, 2030, in line with the EU.
A number of other final policy papers have been tied to publication of the final Basel 3.1 policy by the PRA. In particular, final PRA rules on the simplified capital regime for small domestic deposit takers (discussed further below) are expected at the same time or shortly after.
EU
Regulation (EU) 2024/1623 (CRR III) and Directive (EU) 2024/1619 (CRDVI) were published in the Official Journal of the European Union on June 19, 2024.
CRR III contains the EU's final Basel III implementation and has applied generally from January 1, 2025, although the date of application of the Fundamental Review of the Trading Book (FRTB) standards for banks' calculation of own funds requirements for market risk was deferred to January 1, 2026. In June 2025, the European Commission (Commission) adopted a delegated act, which entered into force on September 20, to further postpone by one additional year (i.e. until January 1, 2027) the FRTB provisions. This was considered necessary “in order to align its implementation with other major global jurisdictions and to preserve the global level playing field for internationally active European banks in respect to their trading activities”.
In November, the European Commission issued its second targeted consultation for 2025 and, separately, a call for evidence on the application of the market risk prudential framework. The Commission is evaluating whether to use the empowerment granted under Article 461a of the Capital Requirements Regulation to adopt a delegated act by the end of March 2026 to mitigate potential negative impacts arising from an unlevel playing field in the international implementation of the FRTB.
It would also aim to incorporate those targeted changes already proposed by other jurisdictions that the Commission believes can improve the EU framework (e.g. removing excessive rigidity and preventing excessive operational burden on banks). Firms will be monitoring the outcome of these developments as they assess whether, how and when to prepare to implement the FRTB provisions and to understand divergences across the markets and any potential consequences.
During the postponement period, institutions should continue to use their current (pre-FRTB) methodologies to calculate their own funds requirements for market risk. In parallel, the FRTB Standardised Approach will be used for the output floor calculation. These elements therefore need to continue to be reported to competent authorities based on the current reporting requirements.
With respect to the rest of the CRR III provisions, the European Central Bank (ECB) has flagged in its supervisory priorities for 2026–28 that it will be looking to ensure adequate capitalisation and consistent implementation of CRR III with closer supervisory scrutiny accounting for the increasing role that the standardised approach plays in determining banks’ solvency, including through the calculation of the new output floor. Supervisors will combine targeted on-site inspections with targeted reviews to assess the adequacy of banks’ capital frameworks. Remediation of the associated findings will be addressed through regular JST follow-up.
Supervisors will also conduct an initial review of banks’ application of the new non-model-based approach for operational risk, to identify potential outliers, based on banks’ reported risk-weighted assets and other qualitative assessments, and will subsequently perform a targeted review of those banks with a higher risk of miscalculation.
CRD VI inserts a new Article 21c into the EU’s directive on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (Directive 2013/36, “CRD IV”). Subject to certain limited exemptions, Article 21c prohibits the provision of cross-border core banking services by non-EU banks or significant investment firms. Any non-EU bank or significant investment firm looking to provide deposit-taking, lending or guarantees or commitments in the EU will be required to do so through a licensed branch in each relevant member state from January 11, 2027. Existing transactions will be “grandfathered” if entered into before July 11, 2026. Please see our most recent briefings on CRD VI which consider the EBA’s draft regulatory technical standards which elaborate on requirements for EU branches of non-EU banks and third-country bank and non-bank lending into the EU post-CRD VI.
Throughout 2025, non-EU banks have been monitoring individual member state transposition of the new branch requirements, assessing the impact on their various business lines and planning for compliance. Although the deadline for transposition is January 10, 2026, at the time of writing only Denmark and the Czech Republic had finalised their legislation (and industry remains hopeful that the Danish legislation remains subject to amendment in 2026). A number of jurisdictions are still to make public their transposition proposals.
Furthermore, although the prohibition on the provision of cross-border banking services set out in the directive is expressed to take effect from January 11, 2027, a few jurisdictions (including the Czech Republic) have set an earlier implementation date in 2026. Firms will continue to plan and implement for compliance throughout 2026, anticipating finalised implementing and regulatory technical standards and guidelines on key issues such as reporting and booking arrangements.
Prudential regimes for cryptoasset exposures
The BCBS has also published standards for internationally active banks on the prudential treatment of cryptoasset exposures, which it initially expected its members to implement by January 1, 2025. In May 2024, it deferred implementation by a year to January 1, 2026, to ensure that all members were able to implement the standard in a full, timely and consistent manner. As with implementation of the final Basel standards discussed above, however, national implementation in the major jurisdictions is delayed. The industry has voiced a number of concerns about the standards, their practicality and proportionality and requested a pause and recalibration of the standards. In November 2025, the BCBS announced an expedited review of targeted elements of the standards.
The standards divide cryptoassets into two groups. Tokenised traditional assets and stablecoins with effective stabilisation mechanisms that meet classification conditions will attract the same own funds requirements as their reserve assets or the assets they reference, with the possibility for supervisors to impose add-ons. The second group, which comprises the riskiest forms of cryptoassets, is to be risk-weighted at 1,250% unless they meet certain hedging recognition criteria, in which case they must be treated according to market risk rules. Holding limits will also apply to the second group of assets.
Banks would also be required to perform due diligence to ensure that they have an adequate understanding of the stabilisation mechanisms of stablecoins to which they are exposed, and the effectiveness of those mechanisms. As part of the due diligence performed, banks would be required to conduct statistical or other tests demonstrating that the stablecoin maintains a stable relationship in comparison to the reference asset.
A number of global financial trade associations wrote to the BCBS in August 2025 to propose a set of non-exhaustive recommendations to improve the cryptoasset standard, including: eliminating the distinction between permissioned and permissionless ledgers for Group 1 classification; revising classification condition 2; reconsidering the treatment of regulated stablecoins; recognising certain cryptoassets as eligible collateral; reassessing the treatment of Group 2 cryptoassets; and allowing the use of internal models for market and counterparty risk. The BCBS’s “targeted review” of the standards will be followed with interest by the market.
Additionally, the BCBS published its final expectations on disclosure requirements related to banks' cryptoasset exposures in July 2024, which include a standardised disclosure table and set of templates for banks' cryptoasset exposures. Banks are expected to make qualitative disclosures on an annual basis on their activities related to cryptoassets and the approach used in assessing the classification conditions. They should also make disclosures on a semi-annual basis on:
- cryptoasset exposures and capital requirements
- accounting classification of exposures to cryptoassets and cryptoliabilities
- liquidity requirements for exposures to cryptoassets and cryptoliabilities.
UK
In December 2024, the PRA published a data request for information on firms' current and expected future cryptoasset exposures and application of the Basel framework for the prudential treatment of cryptoassets. Firms were asked to complete the information request at the highest level of UK consolidation, to the extent relevant to their business, exposure or activities by March 24, 2025. This exercise was to inform the PRA and Bank of England’s work on the calibration of the prudential treatment of cryptoasset exposures, the analysis of costs and benefits of different policy options, and how the regulators will monitor the financial stability implications of such cryptoassets. The PRA is expected to consult on implementation of the Basel standards on the prudential treatment of firms’ exposures to cryptoassets in Q4 of 2026.
Throughout 2025, the UK regulators have published various pieces of the jigsaw of regulation pertaining to the cryptoassets markets, including the prudential regime. In addition to the prudential regulation of cryptoasset exposures of existing regulated firms, firms engaged in regulated cryptoasset activities will, once the regime enters into force, also require authorisation and be subject to Financial Conduct Authority (FCA) prudential regulation (please see further discussion in the Fintech/Digital assets section of this report).
In May 2025, the FCA consulted on proposed prudential rules and guidance for issuing qualifying stablecoins and safeguarding qualifying cryptoassets. In December 2025 it launched a second consultation containing additional proposed prudential rules applying to all regulated cryptoasset activities. The overall prudential framework for cryptoasset firms will be set out across two separate sourcebooks of the FCA Handbook: COREPRU and CRYPTOPRU.
Crypto firms will be required to calculate their own funds requirement as the highest of three components: a permanent minimum requirement (PMR); fixed overhead requirement (FOR); or based on the application of K-factors, which seek to address the various risks. The FCA’s prudential treatment of cryptoasset holdings by firms differs from the Basel standards and is more lenient in a number of respects. The FCA expects to publish its final policy in 2026, with the regime taking effect on October 25, 2027.
EU
In the EU, CRR III required the Commission to submit a legislative proposal by June 30, 2025 to implement the BCBS standard. No such proposal has been published to date, perhaps unsurprisingly given the ongoing debate around the calibration of the standards. Meanwhile, CRR III specifies the prudential treatment applicable to banks' cryptoasset exposures in the transitional period, until implementation of such legislation. That transitional treatment is required to take into account the legal framework introduced by MiCAR.
During the transitional period, tokenised traditional assets, including e-money tokens, should be recognised as entailing similar risks to traditional assets and cryptoassets compliant with MiCAR and referencing traditional assets other than a single fiat currency should benefit from a capital treatment consistent with the requirements of MiCAR. Exposures to other cryptoassets, including tokenised derivatives on cryptoassets different from the ones that qualify for the more favourable capital treatment, should be assigned a 1,250 % risk weight. It also prescribes exposure limits.
On August 5, 2025, the European Banking Authority (EBA) published a final report on draft regulatory technical standards for the calculation and aggregation of cryptoasset exposures under the transitional regime, including how to calculate the value of the exposures in cryptoassets and how to aggregate short and long positions in cryptoassets for the purposes of the calculation during the transitional period and for the application of the total exposure limit in other cryptoassets (i.e. 1% of an institution’s Tier 1 capital). The draft standards are largely consistent with the BCBS standards.
CRR III also requires firms to disclose prescribed information on cryptoassets and cryptoasset services as well as any other activities related to cryptoassets. This includes direct and indirect exposure amounts, the total risk exposure amount for operational risk, the accounting classification for cryptoasset exposures, a description of the business activities related to cryptoassets and their impact on the risk profile of the institution and a description of their risk management policies related to cryptoasset exposures and cryptoasset services. For further information on the prudential and capital requirements for issuers of Asset-Referenced Tokens (ARTs) and Crypto-Asset Service Providers (CASPs), finalised in 2025, please see our briefing.
Prudential treatment of securitisation exposures
In tandem with the review of the securitisation frameworks in the UK and the EU (see the Financial markets section of this report for further information), the relevant authorities have reviewed the prudential treatment of securitisation exposures, with a view to revitalising the securitisation markets in a safe and prudent manner.
UK
In line with the general approach to the UK’s post-Brexit regulatory framework, the UK’s securitisation framework is being reformed in a phased manner. Further to the revocation and restatement in the PRA Rulebook of the majority of the requirements in Part Two of the CRR relating to the definition of own funds and supervisory expectations relating to the use of unfunded credit protection in synthetic SRT securitisations, the PRA consulted in October 2024 on restating firm-facing requirements in Chapter 5, Title II, Part Three of the CRR in the PRA Rulebook and for related policy materials. It finalised its changes in July and October 2025.
The July policy statement addressed securitisation prudential reforms which the PRA regarded as not conceptually linked to the UK’s implementation of the final Basel standards and the changes take effect on January 1, 2026 with unfunded credit protection newly eligible in UK synthetic securitisations. The October policy paper set out changes linked to Basel implementation and accordingly will take effect on January 1, 2027. 2026 will see impacted firms weighing up the reforms relating to the SEC-SA p factor, the prudential treatment of HMT’s Mortgage Guarantee Scheme (MGS), the risk weight limits for prudential simple, transparent and standardised (STS) eligibility, and refinements to the credit risk mitigation approach hierarchy for securitisations. Please see our briefing for more detail.
EU
In June 2025, the Commission published a legislative package to amend the Securitisation Regulation, the CRR and the Liquidity Coverage Ratio Delegated Regulation and which, among other proposals, envisaged significant reforms, under all risk-weighting approaches, to the p factors, risk-weight floors and high-quality liquid assets (HQLA) treatment of securitisation positions, and to the notification process, quantitative tests and permitted structural features associated with significant risk transfer (SRT). In December 2025, the European Council reached its position on the proposals.
The review process is still ongoing within the European Parliament and it is anticipated that trilogues will commence in spring 2026. EU banks will be monitoring the outcome of the prudential calibrations and their impact on the effectiveness of securitisations in freeing up capacity to further lend, and the market will be watching with interest these developments more broadly in the context of the progress of the savings and investment union (see the Financial markets section of this report for further discussion of securitisation-related developments).
Investment firms prudential regimes
UK Investment Firm Prudential Regime (IFPR)
The Prudential Sourcebook for MiFID Investment Firms (MIFIDPRU), the prudential sourcebook for solo-regulated investment firms, defines regulatory capital through a number of cross-references to a “frozen in time” version of the UK Capital Requirements Regulation. The FCA confirmed, in October 2025, that these references will be removed from April 1, 2026, bringing the definitions into MIFIDPRU 3, amending where necessary to be more applicable to investment firms.
Non-standard capital structures will be permitted, subject to enhanced disclosure requirements and the FCA is moving from a permission-based to a notification-based approach for recognition of interim profits. No changes to the eligibility or quantum of regulatory capital of UK investment firms are proposed. MIFIDPRU investment firms, and their parents subject to consolidated supervision, will need to consider their internal policies and documentation, whether disclosures need to be made and, where relevant, review their partnership agreement and minority interests.
The FCA also published an engagement paper on market risk requirements applicable to investment firms in December 2025. As well as removing other cross-references to a “frozen in time” version of the UK Capital Requirements Regulation in this context, the paper also explores whether the nature of investment firms and the risks of harm they pose may justify more proportionate, tailored rules. The FCA expects to consult on reforms to the market risk framework for FCA investment firms in H2.
EU Investment Firms Regulation (IFR)/Investment Firms Directive (IFD)
In February 2023, the European Commission sent a call for advice to the EBA and the European Securities and Markets Authority (ESMA) asking for their joint report on the prudential framework for investment firms that has applied since June 2021. This call for advice was in relation to the Commission's mandate to report, with legislative proposals if necessary, by June 26, 2024 on topics including:
- the conditions for investment firms to qualify as small and non-interconnected firms
- the modification of the definition of credit institution in the CRR to include systemically important investment firms
- the framework for equivalence in financial services
- the Article 1(2) conditions for investment firms to apply the requirements of the CRR
- the provisions on remuneration in the IFD and the IFR as well as in the Alternative Investment Fund Managers Directive (AIFMD) and the Undertakings for Collective Investment in Transferable Securities (UCITS) Directive with the aim of achieving a level playing field for all EU investment firms
- the cooperation of the EU and member states with third countries in the application of the IFD and IFR.
In June 2024, the EBA and ESMA issued a joint discussion paper and data collection concerning the European Commission's call for advice. The deadline for responses was September 3, 2024. Somewhat delayed, in October 2025 the EBA and ESMA published their technical advice. Although the EBA and ESMA express their overall opinion that the current framework achieves the original general objectives, their work has identified a number of technical issues and areas for potential improvement for the prudential framework that justify changes to the IFR, the IFD or to the related delegated regulations. As such, 2026 may see legislative proposals from the European Commission to amend the EU's prudential framework for investment firms.
CRDVI will amend, from January 11, 2026, Article 8a of the Capital Requirements Directive (CRD), which prescribes the requirements for the authorisation of significant investment firms as credit institutions. In particular, the amendments clarify that the group asset test threshold (EUR30 billion) applies to all “undertakings in the group established in the EU, including any of its branches and subsidiaries established in a third country”.
Amongst the recommendations in the EBA and ESMA’s technical advice is to use the scope and methodology of the EUR30bn threshold as a benchmark for the calculation of the other two thresholds on which the categorisation of investment firms under the IFR is based. Although outside the scope of IFR/IFD amendments, the EBA and ESMA also recommend further clarifying in Article 8a(1)(a) of the CRD what the scope of the solo test is, i.e. “total value of consolidated assets of the undertaking established in the European Union, including any of its branches and subsidiaries established in a third country”.
Non-bank financial intermediation
While implementation of the FSB’s recommendations on liquidity management by open-ended funds and on non-bank financial intermediation (NBFI) leverage remains a priority, much of the focus on the risks posed by the growth of the NBFI market currently centres on banks’ interconnections with such entities. In July 2025, the BCBS published a report on this topic, concluding that linkages have likely been shaped by the regulatory reforms since the global financial crisis. It suggests that differences between bank and NBFI regulations may have incentivised the shift of business activities to the NBFI sector, which is drawing on services provided by banks. Notwithstanding banks’ increased resilience since the global financial crisis, the BCBS reports that their central role as providers of services to NBFIs may make the system as a whole vulnerable to procyclical reactions during market stress.
Additionally, the report states, tight interconnections between banks and NBFIs may also lead to spillovers between these sectors when banks depend on NBFIs for risk management and risk transfer purposes, for funding, or when they own NBFI entities. The BCBS considers that continued monitoring and information sharing of banks’ interconnections with NBFIs is imperative to better understand the risks but that data gaps may impede this.
UK
The PRA has sought to address the risk of interconnectedness, in part at least, with new rules on step-in risk which enter into force on January 1, 2026. The new rules are based on BCBS guidelines and require CRR firms and CRR consolidation entities to assess their step-in risk (the risk that they provide financial support to an unconsolidated entity that is facing stress, in the absence of, or in excess of, any contractual obligations to provide such support).
Banks that do not qualify as small domestic deposit takers (see further below) are required to have policies and processes to identify and evaluate their relationship with certain unconsolidated entities where they act as a sponsor, invest in their debt or equity, or have other contractual or non-contractual exposures that lead them to be exposed to the performance of the entity. They should consider whether there are any indicators of significant step-in risk in relation to those entities that have been assessed as being material and determine whether mitigating action is needed when significant step-in risk is identified.
An accompanying supervisory statement details the factors that the PRA expects firms to consider when identifying potential step-in risk and in deciding, where necessary, on potential mitigating action. The rules also require firms to report their assessment to the PRA alongside their Internal Capital Adequacy Assessment Process (ICAAP) assessment.
The PRA’s amendments relating to the large exposures framework and in particular on shadow banking entities and groups of connected clients (see further below) are further pieces of the PRA’s policy jigsaw in this area.
EU
CRR III requires large, listed institutions to use new, dedicated Pillar 3 templates to disclose their aggregate exposure to shadow banking entities from December 31, 2026. The EBA’s 2026 work programme includes guidelines on exposure limits for shadow banking entities in Q4.
Progress on development of the UK's post-Brexit regulatory framework
Phased work on revoking UK CRR and other EU law relating to prudential regulation (which forms part of assimilated law post-Brexit) to replace it with the relevant regulator’s rules and statements of policy continues into 2026. Restatement of certain CRR and Solvency II requirements in PRA rules will take effect on January 1, 2026, and the PRA’s final policy on the restatement of the remainder of UK CRR is expected in Q1, with final policy on the restatement of key UK CRR definitions expected in Q2 2026. It is anticipated that restating the remaining CRR requirements into PRA rules will take effect on January 1, 2027 or shortly thereafter, aligned with the go-live date for implementation of Basel 3.1 standards and the new simplified capital regime for small domestic deposit takers.
The rationale behind the restatement of assimilated law with regulators’ rules is to make the framework more agile. An example of this in practice is the PRA’s ongoing review of the large exposures framework. Originally set out in Part Four of the CRR, the Financial Services Act 2021 removed these requirements and empowered the PRA to apply large exposure standards in PRA rules. They were transferred into the Large Exposures (CRR) Part of the PRA Rulebook in January 2022 with amendments to implement certain of the Basel large exposure limits.
The PRA has since consulted on amendments to the framework, including proposals to remove the possibility for firms to use internal model methods to calculate exposure values to securities financing transactions, introducing a mandatory substitution approach to calculate the effect of the use of credit risk mitigation techniques, and amending the limits to trading book exposures for third-party exposures and for exposures to intragroup entities.
The review has been conducted in two parts; part 1 amendments take effect on January 1, 2026, while the regulator’s second policy statement is anticipated in H1 2026. The amendments taking effect in January include the removal of the option to use immovable property as credit risk mitigation for large exposures purposes and removal of the option for firms to exempt exposures to the UK’s deposit guarantee scheme from large exposure limits.
The PRA’s supervisory statement on the identification of groups of connected clients for large exposures purposes also takes effect on January 1, 2026, while the PRA expects to finalise its policy on shadow banking entities (SBEs) in due course. In the meantime, firms are expected to make every effort to comply with the existing EBA guidelines on limits on exposures to shadow banking entities (SBEs).
The PRA is also taking a phased approach to its review of Pillar 2A methodologies and guidance; first addressing the consequential impacts of Basel 3.1 Pillar 1 changes on Pillar 2 in an off-cycle review of firm-specific requirements, followed by a review of the Pillar 2A methodologies after the PRA’s rules to implement the Basel 3.1 standards are finalised. A policy statement on refined methodology to Pillar 2A is expected in Q1, to take effect on January 1, 2027, with the PRA’s policy statement on phase 1 of the Pillar 2A review expected in Q2.
The PRA flags in its consultation paper that it is assessing the adequacy of the standardised approach conversion factors for non-retail unconditionally cancellable commitments (wholesale UCCs). The PRA is therefore initiating a voluntary data request, to gather evidence from firms that assess that they have material wholesale UCC portfolios, on the likelihood of certain wholesale UCCs coming onto the balance sheet in the 12 months prior to a default event, as evidenced from their portfolio. Firms are asked to submit (voluntary) data by March 31, 2026. It is possible that this exercise could lead to further reform to Pillar 2 requirements.
The PRA’s review of the UK’s leverage ratio requirement thresholds also concluded in 2025 and an increased retail deposits threshold of GBP75bn takes effect on January 1, 2026. In 2024, the PRA published a direction for modification by consent the effect of which was to disapply the entire Leverage Ratio: Capital Requirements and Buffers Part until the review was complete. The modification was available to a firm that did not meet the leverage ratio requirement thresholds before September 10, 2024 but expected to meet the criteria after the next accounting reference date or any accounting reference date before December 31, 2025. Now that the review has concluded, the modification by consent will cease to have effect at the end of June 30, 2026.
The PRA proposes to review the liquidity supervisory framework in 2026.
UK Strong and Simple regime
The prudential regime applicable to "small domestic deposit taker” firms (SDDTs) nears finalisation. The scope of the regime was confirmed by the PRA in December 2023, together with the PRA's policy on liquidity and disclosure requirements for SDDTs. Proposals for simplifying the capital stack and the calculation of regulatory capital, and additional liquidity simplifications for SDDTs, were published in September 2024 and near-final rules and policy material were set out in a policy statement published in October 2025.
The PRA’s final policy and rule instruments relating to the simplified capital regime are anticipated in Q1 2026, alongside, or shortly after, its policy statement on its final rules on the implementation of Basel 3.1, and to take effect from January 1, 2027. Revisions to SoP 2/23 on the operation of the SDDT regime and to the Internal Liquidity Adequacy Assessment Process (ILAAP) and Internal Capital Adequacy Assessment Process (ICAAP) frequency for SDDT firms will take effect when the final policy statement is published.
The SDDT regime operates on an opt-in basis. Firms meeting the SDDT criteria (SDDT-eligible firms) can enter the regime by consenting to a Modification by Consent (MbC) to become an SDDT. Firms have until March 31, 2026 to inform the PRA of their intent to consent to the SDDT MbC in advance of implementation.
EU simplification proposals
In December 2025, the European Central Bank published the recommendations of the Governing Council’s High-Level Task Force on Simplification to simplify the European regulatory, supervisory and reporting framework. The proposals intend to simplify the framework while maintaining the resilience of the European banking system and include a recommendation to introduce a materially simpler prudential regime for smaller banks, at least expanding the degree of proportionality in the EU under the existing regime for small and non-complex institutions and further increasing consistency in the application of the proportionality principle in supervision.
Other recommendations include reducing the number of elements in the risk-weighted and leverage ratio framework to reduce the complexity of the capital stack, increase transparency and facilitate capital planning for banks and investors, particularly for banks operating across multiple jurisdictions. On the capital stack, the task force suggests that the different EU capital buffers could be merged into two: a non-releasable buffer (merging the capital conservation buffer and the higher of the other systemically important institutions (O-SII) and global systemically important institutions (G-SII) buffers) and a releasable buffer (merging the countercyclical capital buffer and the systemic risk buffer). Pillar 2 Guidance (P2G) would be kept separate, on top of the releasable buffer. On the leverage ratio framework, the task force suggests that one way to simplify this while maintaining Basel compliance would be to merge or adjust the EU-specific elements (P2G and Pillar 2 requirements and leverage ratio Pillar 2 requirements (P2R LR) add-ons).
With respect to the quality of capital, the task force suggests that the going-concern loss-absorbing capacity of the capital stack could be improved by adjusting the design or the role of Additional Tier 1 (AT1) (and Tier 2) instruments. It suggests that this could be done in two ways. First, the features of AT1 instruments could be enhanced to further ensure their loss absorption capacity in going concern and provide additional clarity to banks and investors on the going-concern loss-absorption.
Alternatively, non- Common Equity Tier 1 (CET1) instruments could be completely removed from the going-concern capital stack. This could be achieved either by fully or partially replacing them with CET1 instruments or by eliminating them without any replacement in the going-concern framework although the task force recognise that this would raise difficult questions with regard to maintaining resilience and Basel compliance.
The recommendations will be presented to the European Commission. The European Commission’s response remains to be seen.
Remuneration
UK
Following the reforms to the remuneration rules applicable to banks in 2025, the FCA is expected to update on remuneration rules for alternative fund managers, UCITS management companies and investment firms in 2026. The FCA is reviewing the operation and effectiveness of its solo remuneration rules and engaging with industry and other stakeholders to understand the value and costs of these rules. The FCA is expected to provide an update in early 2026.
Ring-fencing
UK
In July 2025, as part of the so-called Leeds reforms, a reform of the ring-fencing regime was announced with the Economic Secretary tasked with leading a review into how changes could strike the right balance between growth and stability, including protecting consumer deposits. The existential question of whether ring-fencing is really necessary in the post-global financial crisis era, given other regulatory developments (in particular in recovery and resolution), was an outstanding issue discussed in the Skeoch Review published in March 2022. The outcome of this new review is anticipated in early 2026. Please see our thought piece on why and how we think the ring-fence should be recalibrated.
Recovery and resolution
By way of reminder, this report does not address the developing recovery and recognition regimes applicable to insurers or any associated requirements.
UK
Consistent with the general reforms to the UK's post Brexit regulatory framework for financial services, the UK government intends to revoke assimilated law relating to the implementation of Directive 2014/59/EU (BRRD), including delegated regulations that supplemented the BRRD, replacing it with regulator's rules and statements of policy. To date, no timeframe has been given.
Additionally, as discussed in the Prudential regulation section above, on January 1, 2026 a number of provisions of UK Capital Requirement Regulation (CRR) will be revoked, including relating to the definition of capital and total loss-absorbing capacity and the minimum requirement for own funds and eligible liabilities (MREL). Linked to this, the Bank of England published amendments to its approach to MREL, the majority of which also enter into force on January 1, 2026. The Bank of England has sought to simplify the framework, consolidating provisions in its updated MREL Statement of Policy. The indicative threshold for setting a stabilisation power preferred resolution strategy and requiring MREL has been increased from total assets of GBP15–25 billion to GBP25–40bn, with reviews every three years, starting in 2028.
The PRA has consulted on changes to MREL reporting and disclosure requirements, including changes to Pillar 3 reporting to allow for specific MREL tables. Final policy is expected in Q1 2026 with a proposed implementation date of 1 January 2027. Q4 2026 data is expected to be reported during February 2027. The Bank of England has also proposed to delete six templates of the assimilated EU law Technical Standard 2018/1624 on resolution reporting (COREP13) effective ahead of the next annual reporting cycle that is due for submission in April 2026.
Recovery assessment framework (RAF)
The PRA has also proposed an increase in the threshold for the application of the public disclosure aspects of the Resolution Assessment Framework (RAF) from £50bn of retail deposits to £100bn, expected to come into effect in H1 2026. The proposals would also see small domestic deposit takers subject to reduced frequency of reviews of their recovery plans from at least annually to at least every two years (see the Prudential regulation section of this report for more detail on the incoming new prudential regime applicable to such entities).
The third RAF assessment of major firms will commence in October 2026, with a focus on the continuity and restructuring outcome, including an assessment of the readiness of the major UK banks to quickly plan for and execute restructuring options to address the causes of failure and restore viability. Firms are expected to submit their reports by Friday 2 October and publish a disclosure by Friday 11 June 2027. Going forward, the timing of resolution assessment report submissions and disclosures will be on a periodic basis, rather than fixed two-year cycles. Firms continue to be subject to reporting and disclosure obligations on their resolvability but on a periodic basis with the reporting and disclosure dates to be communicated in advance of each cycle by the PRA, taking account of the need to provide time for firms to plan and prepare their reports.
EU
The ECB’s High-Level Task Force on Simplification (HLTF) has issued a number of recommendations for simplifying the European prudential regulatory, supervisory and reporting framework for banks (see the Prudential regulation section of this report for more information). These include aligning the MREL and TLAC frameworks more closely without reducing gone-concern resources and reviewing their interactions with the going-concern framework. The task force suggests that an option would be to reduce the number of elements and stacks in the MREL framework; that MREL could consist of a uniform floor, calibrated at the level of the TLAC requirement, with a bank-specific component determined by the resolution authority on top.
The EBA expects to report on recovery plan dry runs in Q1 and review the RTS on resolution planning and on resolution colleges. The European Resolution Examination Programme 2026 key topics are said to be a continuation from previous years, focusing on operationalisation of resolution tools and ensuring adequate liquidity and funding strategies in resolution. The EBA, in its 2026 work programme states that for the operationalisation of the bail-in tool, one of the focus areas will continue to be addressing complexities associated with bailing in third-country liabilities and that resolution authorities should also address potential obstacles to the bail-in of specific types of liabilities. On liquidity and funding strategies, the EBA’s expectation for 2026 is that they should not be considered in isolation but should be linked and considered in the context of the expected resolution tools to be used. The SRB have announced that they expect to run a public consultation on the review of the operational guidance on liquidity in resolution in Q1.
The SRB's priorities for 2026 reflect its ambition to deepen operational readiness and strengthen cooperation across the resolution community. It will launch the multi-annual testing framework, established under the EBA guidelines, carry out a series of dry runs and produce a revamped resolvability assessment, in cooperation with the national resolution authorities. The SRB will continue to progressively expand its on-site inspections and deepen its analysis of governance and key operational capabilities. At the same time, it intends to contribute to broader discussions on simplification, competitiveness, the single market, and the savings and investment union. Together with national resolution authorities, it will conduct in 2026 a mid-term review of the SRM Vision 2028 strategy, including to identify areas for further improvement in light of a changing financial and geopolitical landscape.
EU resolution groups have until 2 February to finalise their 2026 resolvability work programme, endorsed by banks’ management bodies, which outlines how they intend to address expectations and concrete resolvability priorities through different deliverables, timelines, milestones and budget and their first self-assessment report. The 2026 resolution planning cycle (RPC) will be the third after the completion of the phase-in of the Expectations for Banks (EfB). The common priorities for the 2026 RPC, as communicated in the 2026 priority letters sent to banks, will target further work on separability and transferability, as well as bank testing of bail-in operationalisation and operational continuity in resolution (focused on Management Information System (MIS) capabilities). New resolution reporting standard templates apply for the 2026 RPC.
The EBA will also conduct a peer review in 2026 looking at the activities of resolution authorities with a view to assessing and strengthening the outcomes of aspects of resolution planning.
Crisis management and deposit insurance
The European Parliament and Council reached provisional political agreement on the crisis management and deposit insurance (CMDI) framework in June 2025 to improve the resolution process for small and medium sized banks. The package will result in amendments to the BRRD, Directive 2014/49 on deposit guarantee schemes (DGSD) and Regulation 806/2014 (SRM Regulation). The amendments will revise the powers of competent authorities to intervene in the affairs of banks that are in financial difficulties but that are not yet failing or likely to fail (FOLTF) and the application of the public interest assessment (PIA) as part of the process for determining whether to trigger resolution. It contains new provisions on the conditions for the use of public funds in the form of extraordinary public support and measures intended to promote the use of deposit guarantee schemes (DGSs) in resolutions. The framework provides for a harmonised approach to carrying out the so-called ‘least cost test’ to determine whether a bank should be able to use the resources of the DGS instead of using other measures such as liquidation through an insolvency procedure. It seeks to ensure that any use of DGS funds cannot exceed the amount of covered deposits held by the bank in question. The agreed text retains the current preference for the repayment of DGS-protected depositors in the first instance, and a second tier for deposits of households and SME depositors not covered by the DGS.
The HLTF’s recommendations for simplification encourage the finalisation of the savings and investment union, including completion of the banking union, to reduce national fragmentation and allow for more efficient capital markets. This includes taking concrete steps towards the finalisation of the European deposit insurance scheme (EDIS), with a clear timetable for implementation. The EDIS has provided politically very sensitive and as such, progress on this remains a challenge for the European authorities.
CCP Recovery and Resolution
With frameworks already established for the recovery and resolution of central clearing counterparties (CCPs), the focus in 2026 will remain on ensuring their effectiveness.
UK
The UK’s framework for the recovery and resolution of CCPs and the Bank of England's resolution powers for CCPs were enhanced by the Financial Services and Markets Act 2023. In H1 2026, the Bank of England is expected to set out further detail on how it intends to assess CCP resolvability.
In July 2025, the Bank of England launched a consultation on ensuring the resilience of CCPs. This included the proposals to move requirements in UK EMIR and the related delegated regulation related to disaster recovery plans into the Business Continuity Part of the Bank’s CCP rules, with a number of modifications. The proposals also include the introduction of a second tranche of CCP capital ("skin in the game" or SITG) in the default waterfall. This second tranche of SITG, referred to as SSITG, would be at the level of mutualised default fund and would be used pro rata with the default fund contributions of non-defaulting members in a default loss scenario. The Bank of England is also proposing changes to the porting requirements which are aimed at increasing the likelihood of porting client positions. Among other things, CCPs will be required to:
- include porting in their testing of default management procedures;
- trigger porting to a pre-agreed, backup clearing member that has been designated by all of the clients in the omnibus account without proactively seeking consent from clients in the porting window; and
- consider the portability of each clearing member's client portfolio when determining default fund contribution allocations between clearing members.
Final rules are anticipated ‘no earlier’ than the end of H1 2026. Once published, CCPs will have six months to adapt and implement the rules with proposed extended implementation times for the SSITG requirement, which would be phased in over two years, and the requirement for CCPs to provide a margin simulation tool, which would apply 12 months after the final rules are published. See the Financial markets section for further discussion of developments related to financial market infrastructure, including CCPs.
EU
Article 96 of Regulation 2021/23 on a framework for the recovery and resolution of central counterparties requires the Commission to produce a report on a review of the implementation of the regulation, accompanied if appropriate with legislative proposals revising the regulation, by 12 February 2026. The Commission is required to assess at least the following:
- the appropriateness and sufficiency of financial resources available to the resolution authority to cover losses arising from a non-default event;
- the amount of own resources of the CCP to be used in recovery and in resolution and the means for its use; and
- whether the resolution tools available to the resolution authority are adequate.
Given the European Commissions ‘de-prioritisation’ of various deliverables announced in 2025 and its focus on matters such as the savings and investments union, it remains to be seen whether such a report will be delivered on time.
Outsourcing and operational resilience
International
Regulation or legislation is now generally in force in the EU and UK to require banks to have robust and resilient operational risk management frameworks, with mitigants and effective contingency plans for the risks posed to their critical infrastructures to enable them to continue to deliver important business services. The focus has now shifted to ensuring that banks can demonstrate continuous, embedded operational resilience and consistent implementation of the applicable standards and requirements.
Cybersecurity is a particular area of concern given the increase in number and sophistication of attacks and increase indigitalisation. Additionally, it has long been recognised that banks are heavily dependent on a handful of third-party service providers, which poses risks to the market. These concerns continue to shape the supervisory focus of regulators in the UK and EU.
UK
In H1 2026, final Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) rules on operational incident and outsourcing and third-party reporting are expected, following the regulators’ joint consultation in December 2024. The PRA and FCA’s consultation proposed a new way for firms to report operational incidents, with rules to clarify what constitutes an “operational incident”, when to report and standard templates.
In addition, the regulators proposed to expand the scope of existing obligations to report on material outsourcing to also encompass material non-outsourcing arrangements. Non-outsourcing arrangements would include the purchase of data, hardware, software and other information and communication technology (ICT) products and would include intra-group arrangements. Under the proposals consulted on, firms would be required to maintain a register of all material third-party arrangements.
The original proposals anticipated an implementation date no earlier than H2 2026, but a delay in publication of the outcome of the consultation (originally expected in H2 2025) may mean that implementation slips to 2027.
The FCA, PRA and Bank of England are also expected to launch a joint consultation on expectations around the management of ICT and cyber resilience risks in H1.
EU
The European Central Bank’s (ECB) supervisory priorities for 2026–28 include strengthening banks’ operational resilience and fostering robust ICT capabilities. The ECB notes that operational risk and ICT risk continue to receive the worst average scores in the EU’s Supervisory Review and Evaluation Process (SREP).
Following past supervisory reviews of IT security/cyber resilience and IT outsourcing risk management, targeted follow-up will now take place with those banks with material shortcomings in these areas. Supervisors will conduct a deep dive to evaluate targeted banks’ preparedness for potential service disruptions caused by a major cloud service provider, and banks should note the ECB’s guide on outsourcing cloud services to cloud service providers finalised in July 2025. ECB Banking Supervision will also conduct a targeted review of ICT change management to identify gaps in basic control frameworks and improve banks’ change management capabilities, having identified ICT system changes as the primary root cause of unplanned downtime in banks.
Two on-site inspection campaigns focusing on cybersecurity and third-party risk management will be carried out targeting more vulnerable banks, as identified by the Joint Supervisory Teams (JSTs). Threat-led penetration testing will also take place to promote improvements in banks’ cyber resilience strategies. Further, ECB Banking Supervision expects to “gradually step up its effort to engage with banks on how they use new technologies, and in particular AI, to exploit the potential gains while also being aware of the associated risks”. The ECB expects that this engagement will assist the development of a future supervisory approach.
The oversight of critical third-party providers under the Digital Operational Resilience Act (DORA) oversight framework will launch in January 2026 to “complement but not substitute sound third-party risk management”. The European Supervisory Authorities (the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA)—the ESAs) published their first list of designated critical ICT third-party providers (CTPPs) under DORA in November 2025.
Cyber risk and digital resilience will also drive the agenda of ESMA’s Union Strategic Supervisory Priorities for 2026. ESMA is calling on National Competent Authorities (NCAs) to keep up their efforts in 2026 to continue ensuring effective supervisory implementation across the EU. For this, ESMA sees coordination between authorities’ supervisory work and the DORA oversight framework as essential.
