EBA publishes its Annual Work Programme 2025 and sets out the path to 2027

RegCORE Client Alert | Banking Union

QuickTake

Every year, usually during the fourth quarter, EU-level authorities such as the European Banking Authority (EBA) publish their Annual Work Programmes (AWPs) setting out their priorities and resourcing for the coming calendar year. Some authorities, such as ESMA also publish a multi-year priority plan in what is known as a Single Programming Document (SPD). Both the AWPs and SPDs are of relevance to national competent authorities (NCAs) and more importantly the relevant firms within the scope of ESMA’s and NCA’s regulatory and supervisory mandate. 

On 2 October 2024, EBA published its AWP outlining the key priorities and initiatives for 2025 and, as a SPD, the path through to 2027Available here.Show Footnote. As in previous years, EBA’s AWP is structured to address the evolving market context, legislative and regulatory changes as well as technological advancements impacting the financial services sector and those financial market participants within its mandate. The EBA, in its role as regulator is the gatekeeper of certain parts of the Single Rulebook for financial services within its mandate and tasked with regulatory and supervisory convergence amongst NCAs and across markets. Accordingly, the EBA shapes how NCAs (both in and outside of the EU’s Banking Union) apply the legislative and regulatory requirements as well as expectations in the supervision of financial market participants within EBA’s regulatory mandate. 

The EBA’s AWP 2025 is structured around policy and convergence work, risk assessment and data activities, governance, coordination and support tasks. This comprehensive approach ensures that the EBA can adapt to new EU priorities and economic or geopolitical developments while operating with slightly increased resources. This includes specifically the EBA taking on new mandates (i) in the context of the EU’s Regulation for a Digital Operational Resilience Act (DORA)DORA aims to enhance digital operational resilience across the financial sector.  Supervised firms must focus on effective implementation, fostering cooperation among stakeholders and addressing emerging risks.  ESMA will oversee CTPPs to promote convergence and strengthen digital operational resilience.  Firms should prepare for new tasks and powers conferred on ESMA related to DORA, including implementing a cyber-incident report system and developing supervisory convergence tools. On 1 October 2024, ESMA and its sister ESAs announced the appointment of Marc Andries as DORA Joint Oversight Director. This role will be responsible for implementing and running the oversight framework for CTPPs at a pan-European scale. Mr. Andries has held senior responsibilities in the areas of ICT project management, oversight and supervision, including at France’s NCAs.Show Footnote, where it will be overseeing designated critical third-party service providers (CTPPs) jointly with its sister European Supervisory Authorities (ESAs), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA); and (ii) overseeing significant crypto-asset providers; as well as (iii) transitioning anti-money laundering (AML) and countering the financing of terrorism (CFT) powers and mandates to the new EU AML authority (AMLA). Overall, the list of activities and deliverables for 2025, which are set out in Chapter 2 of the AWP are, when compared to priorities for 2024, more comprehensive. 

This Client Alert discusses the relevant issues and key legal and regulatory considerations for relevant market participants as well as the key differences between EBA’s 2024 and 2025 publications. This Client Alert should be read together with other thematic deep dives on reforms and developments as well as our standalone analysis of all relevant 2025 work programmes from the European Commission, the ESAs as well as those of the Banking Union authorities (ECB-SSM and SRB). Readers may also find benefit in consulting excellent publications from PwC’s Risk Network as well as PwC Legal’s “Navigating 2025”, a comprehensive playbook providing a more granular annual outlook from PwC Legal’s EU RegCORE on the forthcoming regulatory policymaking agenda, the supervisory cycle and assessment of commonalities and trends across plans for 2025 and beyond.