Open search form Open menu
Search for a lawyer
Search
Financial Services
  • 18 Jun 2025
  • 11 min read

EBA releases 2024 Annual Report – Key developments, regulatory initiatives and strategic priorities

Written by

Dr. Michael Huertas

RegCORE Client Alert | Banking Union

QuickTake

The European Banking Authority (EBA) published its 2024 Annual Report in May 2025 (the Report), providing a comprehensive overview of its regulatory, supervisory and policy activities throughout 2024. The Report states that the EBA had completed 93% of its tasks set out in its 2024 Annual Work Programme. The Report details the EBA’s progress in implementing the globally agreed (yet now, partly delayed) Basel III reforms, advancing sustainable finance, digital innovation and the development of oversight frameworks for the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets Regulation (MiCAR).

The EBA’s work in 2024 was set against a backdrop of persistent geopolitical tensions, economic uncertainty and rapid technological change, with a continued focus on financial stability, consumer protection and the transition to the EU’s new anti-money laundering and countering the financing of terrorism (AML/CFT) framework. The Report also sets out details on the EBA’s efforts advanced within its institutional mandate to strengthen (but also streamline) the EU’s expanding Single Rulebook for financial services.

As explored in this Client Alert, the Report also reiterates the EBA’s supervisory priorities for 2025-27See also standalone coverage on the EBA’s priorities in its 2025 Annual Work Programme here and how these interact with plans of other EU authorities here.Show Footnote and should thus also be read together with our standalone coverage on individual developments raised in the Report as well as in similar annual reports published by the other European Supervisory Authorities (ESAs), those of the European Central Bank (ECB), acting in its role at the head of the Single Supervisory Mechanism (SSM) of the EU’s Banking Union,See coverage here and here.Show Footnote as well as “Navigating 2025” setting out how these interact with plans of other authorities.Available here.Show Footnote

Key takeaways from the Report

The Report focuses on a number of headline issues that the EBA advanced during 2024. These include:

Implementation of Basel III and enhancement of the Single Rulebook

The EBA made significant progress in the timely and faithful implementation of the Basel III reforms within the EU, supporting the resilience of the banking sector. In 2024, the EBA issued consultation papers and delivered mandates on key aspects of credit, market and operational risk as well as providing updated guidelines on capital instruments, liquidity standards and the supervisory review process (SREP). The EBA’s work on the chapters of the Single Rulebook within its mandate included updated guidelines on Common Equity Tier 1 (CET1), TLAC/MREL and the net stable funding ratio (NSFR), including confirmation in parts where no major legislative changes deemed necessary. The EBA also addressed proportionality, aiming to reduce compliance burdens for smaller banks while maintaining prudential standards.

In terms of implications for firms this may mean:

  • Increased complexity and compliance burden: The volume and technical detail of new standards require significant investment in risk management, data infrastructure and internal controls across certain firms.
  • Proportionality: The EBA, following recommendations from the Advisory Committee on Proportionality, is seeking to reduce compliance burdens for smaller and non-complex institutions (SNCIs). However, firms must carefully assess whether they qualify for proportionality measures and should adapt accordingly.
  • Third country access: The new regime for third country branches and groups operating in the EU introduces harmonised requirements, reducing national discretion but increasing the need for non-EU firms to reassess their EU market-entry strategies. This may equally require revisiting legal entity and market access structures and thus reviewing, repapering and amending existing as well as drafting new client-facing documentation.

Sustainable finance and ESG integration

The EBA played a significant part in advancing the EU’s sustainable finance agenda, contributing to the European Green Deal and the Renewed Sustainable Finance Strategy. Key outputs included guidelines on ESG risk management, a final report on greenwashing and scenario analysis for climate-related risks. The EBA conducted a one-off climate risk stress test in collaboration with other European authorities, finding limited direct impact from transition risks but highlighting potential vulnerabilities when combined with adverse macroeconomic conditions. The EBA is preparing to integrate climate risks into the EU-wide stress-testing framework from 2027 onwards.

In terms of implications for firms this may mean

  • Mandatory ESG risk management: Firms must step-up efforts to embed ESG considerations into risk frameworks, governance and disclosure practices. This includes scenario analysis and transition planning.
  • Data and reporting challenges: The need for high-quality, granular ESG data is acute and many firms may need to further invest in systems to capture, process and report such data.
  • Supervisory scrutiny: Supervisors will increasingly review ESG risk management as part of SREP assessments, which is itself in the process of being updated.

Financial stability, risk monitoring and stress testing

Amid high interest rates, slow economic growth and heightened geopolitical risks, the EBA intensified its monitoring of financial stability risk and resilience. The authority published biannual Risk Assessment Reports and updated its stress-testing methodology, incorporating new elements such as net fee and commission income projections and market risk sensitivity. The EBA’s analysis confirmed the robust capitalisation and liquidity of EU/EEA banks, with average CET1 ratios around 16% and liquidity coverage ratios at 167%. However, the Report notes that asset quality deterioration, particularly in commercial real estate and increased operational and cyber risks will require continued vigilance.

In terms of implications for firms this may mean:

  • Scenario planning: Firms must ensure their internal stress testing frameworks are robust, forward-looking and aligned with EBA methodologies, including the gradual integration of climate risk.
  • Capital and liquidity management: High levels of capitalisation and liquidity are expected. Firms must be prepared for increased supervisory scrutiny of buffers, funding structures and exposures to vulnerable sectors (e.g., commercial real estate, sovereign debt as well as more pervasive impacts from geopolitical and tariff-related developments).

Data infrastructure and reporting

The EBA continued to enhance its data strategy, focusing on the acquisition, use and dissemination of regulatory data through the EUCLID platform. The authority expanded its data offerings to support transparency and market discipline, including the annual transparency exercise covering 123 banks and over 9,500 data points per bank. The EBA also advanced the development of the Pillar 3 Data Hub and worked towards integrated reporting frameworks in collaboration with the ECB-SSM and other stakeholders.

In terms of implications for firms this may mean:

  • Integrated reporting: Firms will face increasing demands for timely, accurate and harmonised data submissions. The move towards integrated reporting and semantic data integration will require investment in data governance and IT systems.
  • Transparency and market discipline: Enhanced public disclosure (e.g., through the annual transparency exercise) increases market scrutiny and reputational risk for firms with outlier risk profiles or deficiencies.

Digital innovation, DORA and MiCAR

The EBA, together with the other ESAs, finalised policy mandates under DORA and MiCAR, establishing the foundation for oversight of critical ICT third-party providers (CTPPs) and crypto-asset markets. Preparations included the creation of new governance structures, joint examination teams (JETs) and ICT systems to support supervisory activities.

The EBA delivered 20 technical standards and guidelines under MiCAR (including issuing statements to issuers and consumers on MiCAR requirements and completed preparatory actions for its new supervisory responsibilities), developed frameworks for the supervision of significant asset-referenced (ARTs) and electronic money tokens (EMTs), established the Crypto-Assets Standing Committee (CASC) to support supervisory convergence and launched training programmes to build supervisory capacity in digital finance.

In terms of implications for firms this may mean:

  • AI and digitalisation: Firms adopting AI and machine learning must anticipate future regulatory requirements (e.g., under the EU AI Act) and ensure ethical, explainable and compliant use of such technologies.
  • Operational resilience: DORA imposes stringent requirements on ICT risk management, incident reporting and oversight of CTPPs. Firms must review and upgrade their ICT frameworks, contractual arrangements and incident response plans as DORA compliance is likely to be very much subject to supervisory scrutiny across the EU. 
  • Crypto-asset regulation: MiCAR’s harmonised regime for crypto-asset issuers and service providers was pivotal. So too is the EBA taking on direct supervisory responsibilities for significant ARTs and EMTs. Firms in the crypto-asset sector (in particular those that could become significant ART and EMT issuers) must ensure compliance with new governance, prudential and consumer protection standards that in certain components differs conceptually from more established EU TradFi focused rules and principles.
  • Supervisory convergence: The establishment of joint oversight structures and standing committees (e.g., CASC for crypto-assets) will likely serve to drive more consistent supervisory expectations across the EU and the evolution of further supervisory principles and guidance is certainly to be expected.

Consumer protection and AML/CFT

The EBA strengthened its focus on consumer protection, monitoring the conduct of financial institutions, non-bank lenders and the implementation of complaints handling procedures. The EBA monitored emerging financial technologies, including decentralised finance (DeFi), artificial intelligence (AI) and tokenised deposits, publishing thematic reports and guidance on regulatory consistency. Consumer protection efforts included monitoring non-bank lenders, complaints handling and fair access to financial services.

The EBA also led efforts to standardise AML/CFT practices, issuing guidelines on the ‘travel rule’ for crypto-asset transfers and preparing for the transition to the new European Anti-Money Laundering Authority (AMLA). The EBA also published reports on payment fraud, structured deposits and the use of virtual IBANs and continued to coordinate with national authorities to address emerging financial crime risks.

In terms of implications for firms this may mean:

  • Consumer protection: Enhanced monitoring of non-bank lenders, complaints handling and creditworthiness assessments will require firms to review their retail practices and ensure fair treatment of customers.
  • Behavioural insights: Supervisors are increasingly using behavioural insights to inform policy and oversight, which may lead to more targeted interventions in product design and sales practices
  • Evolving standards: Firms must keep pace with new guidelines on the “travel rule,” sanctions compliance and the use of RegTech in AML/CFT.
  • Supervisory transition: The transition to AMLA may bring changes in supervisory approach, risk assessment methodologies and enforcement priorities. Firms should monitor developments and engage proactively with both EBA and AMLA guidance.

EBA’s organisational development and stakeholder engagement

The EBA reported a 93% completion rate of its 2024 Work Programme, reflecting strong execution despite resource constraints and external challenges. Organisational enhancements included the implementation of the EBA’s Horizon 2029 HR Talent Strategy, investments in IT infrastructure and the formalisation of EBA values. The authority maintained active engagement with EU institutions, Member States, industry and international partners and contributed to global regulatory initiatives through the Basel Committee and other fora.

EBA’s additional achievements

The EBA advanced work on recovery and resolution, depositor protection, payment services (in particular the implementation of the EU’s Instant Payments Regulation) along with enhanced monitoring of payment fraud and conducted in bilateral equivalence assessments with non-EU jurisdictions. The EBA promoted supervisory convergence through peer reviews, training and the development of best practices and continued to address proportionality in all new and amended reporting requirements. Nevertheless, while the EBA is (and the other ESAs and the ECB-SSM are equally) driving convergence, areas of national discretion remain, especially in the implementation of new frameworks (e.g., third country access, AML/CFT). Firms must monitor both EU-level and national developments.

The EBA continued to invest in talent management, digitalisation and IT infrastructure, implementing the Horizon 2029 HR Talent Strategy and enhancing internal processes. The authority also used the Report to reiterate that it had absorbed inflationary pressures through tight budget management. 

EBA’s strategic priorities for 2025

Looking ahead, the EBA uses the Report to reiterate its five strategic priorities for 2025, namely:

  • Implementing the EU banking package and further enhancing the Single Rulebook;
  • Enhancing risk-based and forward-looking financial stability for a sustainable economy;
  • Advancing data infrastructure and launching a new data portal;
  • Commencing oversight and supervisory activities for DORA and MiCAR; and
  • Developing consumer-oriented mandates and ensuring a smooth transition to the new AML/CFT framework.

Outlook

The Report underscores the resilience of the EU banking sector and the authority’s commitment to regulatory efficiency, innovation and stakeholder engagement. However, the Report also highlights the need for continued vigilance in the face of evolving risks, geopolitical uncertainty and the ongoing digital and green transitions.

Regulated firms should expect sustained supervisory scrutiny in areas of capital and liquidity management, operational resilience, ESG integration and compliance with new digital and AML/CFT frameworks. Unfortunately, despite efforts on proportionality and streamlining the breadth and depth of regulatory change (Basel III, DORA, MiCAR, ESG, AML/CFT) through to 2027 will likely create significant cumulative compliance costs and operational challenges, particularly for cross-border and smaller firms. With regulatory expectations rising and resources constrained, firms must prioritise investments in areas of greatest regulatory and strategic impact and/or use RegTech to help reach those conclusions.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.

Contact us

Dr. Michael Huertas

Partner Frankfurt am Main
Financial Services

Tel.  +49 160 97375760

Email  E-Mail

Show profile

Other Expert Articles and Blogs

Litigation, Arbitration Antitrust, Public Procurement and State Aid Law
Use of personal data for AI Training does not violate DMA according to Higher Regional Court of Cologne
  • 03 Jun 2025
  • 4 min read
Financial Services
ECB publishes Guide to consultation of ECB by national authorities regarding draft legislative provisions
  • 26 May 2025
  • 9 min read
Financial Services
ECB-SSM Annual Report on Supervisory Activities 2024: Key developments, supervisory priorities and regulatory implications
  • 22 May 2025
  • 7 min read
All Expert Articles and Blogs