EU/EEA banks are required to integrate geopolitical risk into their business processes and risk assessments, focusing on exposures to vulnerable sectors amid heightened global tensions. Maintaining operational resilience is essential as banks face rapid changes in geopolitical and technological environments, with increased investment in cybersecurity a priority. As defense financing needs rise, banks must apply robust underwriting standards. Market volatility underscores the importance of prudent capital buffer management and timely bond issuance. Effective cost and provision management, sustainable revenue strategies, and the integration of ESG risks into risk frameworks are also mandated.
The PRA's 2025 priorities for UK international banks emphasize robust governance, risk management, and controls. Key areas include risk management frameworks, data accuracy for regulatory returns, financial and operational resilience (especially with the March 2025 deadline), and continued assessment of Basel 3.1 implications despite implementation delays.
The FCA's proposed new regulations require firms to report operational incidents that could harm consumers or the financial system. This broadens the scope of reporting beyond traditional principles. Additionally, firms must notify the FCA of material third-party arrangements, including those that pose risks to the financial system or the firm's ability to meet regulatory obligations. This expanded regulatory focus on the entire lifecycle of services and activities highlights the increasing importance of operational resilience and third-party risk management.
The paper reviews the DORA Regulation, highlighting challenges in supervisory convergence, solution centralization, and oversight fragmentation. It argues that despite DORA's positive steps for digital resilience, Europe's fragmented supervision system hampers its effectiveness. The authors suggest that a more centralized, cross-sectoral supervisory approach is needed for better regulation and supervision.