The European Banking Authority (EBA) published on 26 June 2026 its final revised Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing, introducing a 30% reduction in the overall page count while preserving the core structure. The revised framework, which will apply from 1 January 2027, aims to make EU banking supervision more risk-focused, efficient, proportionate and forward-looking. It consolidates the existing SREP Guidelines (EBA/GL/2022/03) and the standalone Guidelines on ICT risk assessment (EBA/GL/2017/05) into a single comprehensive framework, and incorporates new mandates from the Capital Requirements Directive (CRD VI), including the treatment of third-country branches and the operationalisation of the output floor.
The revision is a core deliverable of the EBA's efficiency and simplification agenda, following the EBA Report on the efficiency of the regulatory and supervisory framework published on 1 October 2025 and a subsequent report on simplifying the stacking orders of the EU prudential and resolution framework. Since their adoption in 2014, the SREP Guidelines have provided a common language for assessing credit institutions across the EU, underpinning the Single Supervisory Mechanism (SSM) and enabling the Banking Union. The revised Guidelines introduce targeted rationalisation measures: a streamlined, non-duplicative set of provisions that merge liquidity and funding risk assessments; enhanced and forward-looking risk coverage with increased focus on ICT, ESG, and credit spread risk from non-trading activities (CSRBB); a strengthened risk-based approach calibrating assessments to institutions' risk profiles; a high-level escalation framework; and a clarified risk taxonomy and interaction between Pillar 1 and Pillar 2 requirements, including the application of the output floor. ICT risk treatment incorporates the Digital Operational Resilience Act (DORA), and ESG factors are integrated within the existing SREP framework.
The Guidelines are addressed to competent authorities as defined in the EBA Regulation. They must report compliance within two months of translation into EU official languages. The EBA encourages supervisors to consider the revised guidance ahead of the 1 January 2027 application date. Upon entry into force, the Guidelines repeal and replace EBA/GL/2022/03 and EBA/GL/2017/05.
EU banks will face a more streamlined but potentially more demanding supervisory process, with increased focus on emerging risks such as ICT and ESG, requiring adjustments to risk management frameworks. National competent authorities and the SSM will benefit from a more efficient and risk-based allocation of supervisory resources, but must adapt to the new escalation framework and clarified Pillar 1/2 interaction. EU consumers and taxpayers stand to gain from a more effective supervisory regime that better identifies and mitigates systemic risks, though the direct impact is indirect. The EBA itself reinforces its role as a key standard-setter, delivering on its simplification agenda and enhancing the coherence of the EU supervisory architecture.