EBA Supervisory Convergence Report 2025: What It Means for SREP and Prudential Reporting

Last updated: July 2026

Every summer a reporting team somewhere builds its data roadmap around the wrong supervisory priorities, then spends the following cycle explaining the gap. The EBA supervisory convergence report is the document that lets you avoid that. Published on 29 June 2026 as EBA/REP/2025/16, the 2025 edition sets out where prudential supervisors across the EU actually spent their attention last year, and where they will keep spending it. Read it as a to-do list rather than a retrospective and it tells you which data your competent authority is most likely to interrogate at your next supervisory dialogue.

The report is the EBA’s annual account, required under Article 107(2) of the Capital Requirements Directive (Directive 2013/36/EU), of how consistently national supervisors apply the supervisory review and evaluation process (SREP). It matters to reporting and SREP teams for a plain reason. Convergence is the mechanism by which a priority the EBA sets in Frankfurt becomes a question your relationship manager asks about your COREP submission, your ICAAP, or your stress-test governance. The convergence report is where that translation is written down.

This year the EBA framed the publication around a second theme, a simpler and more efficient EU prudential framework. That framing changes how you should read it. The report is itself a deliverable of the EBA’s simplification and efficiency programme, not merely a scorecard on supervisors, and it signals structural changes to how supervisory priorities are published and how the SREP will run from 2027. Below is what the 2025 convergence report says, what it confirms about supervisory focus, and the concrete items reporting and SREP teams should move on now.

Related reading: the EBA’s revised SREP guidelines on ICAAP, ILAAP and Pillar 2 capital

What the 2025 EBA supervisory convergence report actually is

The legal anchor sits in two places. The EBA’s own objective to enhance supervisory convergence comes from Article 1(5) of its Founding Regulation (Regulation (EU) No 1093/2010), supported by convergence tasks such as building a common supervisory culture under Article 29(1) and assessing the degree of convergence under Article 30. The obligation to publish an annual account of the SREP specifically comes from Article 107(2) of the CRD, under which the EBA reports to the European Parliament and the Council on how convergent supervisory practices are.

The report covers five areas the EBA works across: prudential supervision, resolution and crisis management, digital finance, consumer protection, and, until the end of 2025, anti-money laundering and countering the financing of terrorism (AML/CFT). That end date is deliberate. The EBA’s AML/CFT mandate transferred to the new Anti-Money Laundering Authority (AMLA), so this is the last convergence report in which the AML/CFT chapter reflects EBA-led supervision. If your firm tracks EBA AML output, the responsible body has changed and your source list should change with it.

One structural change deserves a line in your regulatory-watch log. The annual priorities that used to be published as a standalone European Supervisory Examination Programme (ESEP) will no longer appear as a separate document. From 2026 the EBA folds them into its Annual Work Programme. The 2025 ESEP was the last of its kind, published in July 2024 and assessed through a questionnaire that 26 competent authorities answered across nine qualitative questions. Teams that bookmarked the ESEP page as their source for supervisory priorities need to repoint that bookmark to the Annual Work Programme.

The three supervisory priorities that shaped 2025, and what carries into 2026

For 2025 the EBA set three key topics for supervisors’ attention, and the convergence report confirms how deeply each one landed in national supervisory programmes.

The first key topic was testing and adjusting to increasing economic and financial uncertainties. Supervisors looked at whether capital and liquidity planning, stress-testing severity and recovery options hold up under geopolitical and macro-financial stress. Every competent authority reported considering this topic, 89 percent fully and 11 percent partially. The second key topic was digital challenges, meaning ICT and cyber risk, operational resilience and third-party dependencies, closely tied to Digital Operational Resilience Act (Regulation (EU) 2022/2554) implementation. It was the most consistently adopted, taken up explicitly by 96 percent of authorities. The third key topic was the transition to Basel III and the EU banking package, covering capital planning, data aggregation and the revised credit and operational risk requirements. It was incorporated fully by 81 percent of authorities, with the remaining 19 percent partial, often because they scheduled parts of the assessment, such as data-aggregation reviews, into 2026.

Here is where teams misread the signal. The convergence report is not a description of ECB Single Supervisory Mechanism priorities for significant institutions only. It reports on all competent authorities, including national supervisors of less significant institutions. A smaller bank supervised nationally sits inside the same three key topics as a directly ECB-supervised group. The proportionality is in how deep the supervisor goes, not in whether the topic applies. If you run reporting for an LSI and you assumed these priorities were a large-bank concern, that assumption is the gap.

The forward view is explicit. Looking to 2026 the report says the EBA will prioritise deeper Basel III and CRR3 convergence, comprehensive resolution testing and enhanced Markets in Crypto-assets Regulation supervision, and the EBA’s press release for the report also names strengthening oversight under the Digital Operational Resilience Act among the 2026 priorities. Two of the three 2025 key topics therefore carry forward by name: the Basel III and CRR3 transition, and the digital and operational-resilience strand, now framed as DORA oversight. Resolution testing and Markets in Crypto-assets Regulation supervision are new, standalone entries in the 2026 forward view rather than continuations of a named 2025 key topic.

What “simpler and more efficient” really means for your reporting stack

The simplification framing is genuine, and it is worth understanding precisely so you plan against what it will actually change rather than what the headline implies. The EBA presented this convergence report as a deliverable of its programme, “Simplifying to strengthen: building a more efficient EU prudential and supervisory framework,” specifically as delivery of a recommendation to increase transparency in its convergence work. That efficiency programme is documented in the EBA’s report on the efficiency of the regulatory and supervisory framework (EBA/REP/2025/26), which set out recommendations including the piloting of supervisory platforms that bring authorities together on specific institutions.

The most concrete simplification for SREP teams is the consolidation of the SREP rulebook itself. The EBA’s revised SREP guidelines, finalised in June 2026 and applying from 1 January 2027, pull the separate strands into a single framework. They repeal the standalone Guidelines on ICT risk assessment under the SREP (EBA/GL/2017/05) and integrate that ICT assessment into the main guidelines, and they replace the current SREP guidelines (EBA/GL/2022/03). They also add new content on ESG factors, operational resilience, third-country branches, and the interaction between the revised Pillar 1 and Pillar 2 requirements, including the output floor. On the liquidity side, the EBA has said it aims to consolidate its past liquidity guidance into a single report by 2027. The ECB’s parallel move to consolidate its supervisory guidance runs in the same direction.

What simplification does not mean is fewer data points in your next submission. Consolidating guidance into one document reduces the number of places you have to look, not the substance of what supervisors assess. The revised SREP guidelines widen coverage into ESG and operational resilience even as they simplify structure. Treat the programme as a change to where the rules live and how the SREP is sequenced, and keep the underlying reporting build on its existing track. For a fuller picture of the reporting side of this agenda, see the EBA’s supervisory reporting simplification work.

The Pillar 2 findings: where P2R and P2G still diverge

The heart of the report for capital and SREP teams is the Pillar 2 convergence analysis. The EBA built it on data covering 286 banks under the direct supervision of 28 competent authorities, the 27 national authorities plus the ECB, representing 79 percent of the European banking sector’s assets. That is a large enough sample to draw EU-level conclusions for bigger institutions, though the EBA cautions that coverage of less significant institutions is thinner in some jurisdictions.

Overall SREP scores stayed stable, but Pillar 2 Requirements (P2R) still vary across authorities in ways that are not fully explained by differences in bank risk profiles, particularly for concentration and interest rate risks. Nine authorities set P2R using SREP-score-based approaches that weigh both inherent risk and the quality of internal controls, while others lean on internal supervisory benchmarks, and for risks outside Pillar 1 the report notes common anchors such as the supervisory outlier test for interest rate risk in the banking book and the Herfindahl-Hirschman Index for concentration risk. Pillar 2 Guidance (P2G) methodologies are converging, helped by wider use of a bucketing approach, but some authorities still set P2G at zero while others do not, and a few apply ceilings such as 4.5 percent or 10 percent. Two smaller data points show how young some tools still are: a leverage-ratio P2R had been imposed on only 11 institutions, around 4 percent of the sample, and a leverage-ratio P2G on 23 institutions, around 8 percent.

The CRR3 and CRD6 interaction is the operational detail to carry into your own ICAAP narrative. Several authorities have already reflected the revised framework in the 2025 SREP cycle, and the report is specific about how. They compared operational risk total risk exposure amounts as of 31 March 2025 against 31 December 2024 to check that P2R calibration still holds, and they looked to remove double-counting where an existing P2R add-on covered a Pillar 1 model weakness that no longer exists under CRR3. The examples given are pointed: the removal of the Advanced Measurement Approach for operational risk, the discontinuation of own loss-given-default and credit-conversion-factor estimates for exposures to institutions and large corporates, and the higher risk weights for foreign currency lending to unhedged borrowers under new CRR Article 123a. If your firm still carries a Pillar 2 add-on that was built to compensate for one of those, expect the question of whether it now double-counts.

The common error here is assuming the output floor is already shaping your capital stack. It is not, yet. In 2025 only two institutions in the entire EU sample, one significant institution and one less significant institution under the SSM, were reported as constrained by the output floor. The report is clear that most institutions expected to become bound will do so between 2026 and 2030. The convergence work now is about method, ensuring supervisors keep Pillar 1 and Pillar 2 complementary as the floor phases in, which is why the topic moves into the forthcoming SREP guidelines. If you want the mechanics of the transitional path, our note on the CRR3 output floor phase-in sets out the timeline.

Where reporting data quality is now under the microscope

This is the section reporting teams should read twice, because it is the one that turns a convergence report into a work item. The EBA’s 2025 review of large exposures reporting across European credit institutions found significant inconsistencies in how firms allocate similar exposures to economic sectors and NACE codes. The report is blunt about the consequences. Divergent application of CRR definitions and reporting technical-standard instructions feeds through to risk weights, large exposure limits and liquidity metrics, and ultimately to the level playing field.

The EBA’s response is not another guideline. It launched a corrective exercise, still in progress, to build reference lists for a large share of large exposures subject to sector and NACE coding, giving supervisors a concrete benchmark and cutting the discretion firms exercise when they code a counterparty. When I reconcile a large exposures reporting under COREP LE submission, the counterparty-to-NACE mapping is exactly the field where two analysts can defensibly disagree, and that discretion is what the EBA is now closing. The practical read is simple. Sector and NACE coding on your large exposures returns has moved from a low-visibility mapping decision to a comparability metric the EBA is actively policing. Tidy that mapping and document the logic before a reference list makes your current choices look like outliers.

Data quality is not confined to large exposures. Under the third key topic, supervisors repeatedly flagged data aggregation and reporting capabilities as a hurdle in the Basel III and CRR3 transition, alongside interpretation of new requirements and system constraints. The EBA even points to its own staff work on the impact of prudential reporting distortions and the case for prioritising data integrity. What that tells a reporting officer is that the supervisory conversation is shifting from whether you submitted to whether your submitted figures are internally consistent and comparable with peers. The number that survives that scrutiny is the one with a clear lineage from source system to template cell.

How to prepare your SREP engagement now

The convergence report is, in effect, a preview of the questions your next SREP dialogue will contain. A few concrete moves follow directly from it, framed as what the regulation and supervisory practice now expect rather than as advice for your specific institution.

First, align your ICAAP and ILAAP narratives to the three key topics. The report shows supervisors assessing how geopolitical and macro-financial risk is reflected in ICAAP and ILAAP, in stress scenarios and in risk appetite, and flagging weak spots in scenario calibration, the forward-looking integration of emerging risks, and the governance and escalation of stress-testing outcomes. If your stress narrative does not visibly connect a scenario to a capital or liquidity action, that is the gap supervisors reported finding. Our explainer on how ICAAP and ILAAP feed the SREP covers the mechanics.

Second, be ready to defend your Pillar 2 story against the CRR3 recalibration. If a supervisor is now removing add-ons that duplicated Pillar 1 model weaknesses, you want to have done that analysis yourself first, so that your own funds requirement reflects the revised framework rather than a legacy overlay.

Third, treat the 1 January 2027 revised SREP guidelines as a planning horizon, not a distant event. They consolidate the rulebook, integrate the ICT assessment that used to sit in a separate guideline, and operationalise the output-floor interaction. Mapping your current SREP inputs against the consolidated guidelines during 2026 is cheaper than discovering a coverage gap in the first cycle they apply.

Colleges, resolution and the cross-cutting tools behind the findings

Two further chapters give useful context on how the EBA actually drives convergence, and both touch reporting indirectly. On colleges, the EBA closely monitored six supervisory colleges in 2025 and its staff took part in nine college meetings across the supervisory cycle, following risk assessments and joint decisions on capital and liquidity. Colleges are where a cross-border group’s consolidated and subsidiary reporting is reconciled in practice, so the joint-decision timeline the EBA observes is the same timeline your group reporting has to feed.

On resolution and crisis management, the report notes steady progress in operationalising bail-in tools, valuation management information systems and liquidity strategies, with testing becoming more embedded through simulation exercises. Persistent challenges include delivering valuation data within short timelines, mobilising collateral that is not central-bank eligible or marketable, and the bail-in of liabilities governed by third-country law. The EBA has published a handbook on simulation exercises for resolution authorities and will take on a new role under the revised Bank Recovery and Resolution Directive to test coordination for EU cross-border groups. Resolution reporting teams should read the valuation-data timeline point as a direct expectation on their systems.

Behind all of it sit the cross-cutting convergence tools: the EBA’s Q&A process, peer reviews covering deposit guarantee schemes, gender diversity and PSD2 authorisations, breach of Union law investigations, and a training programme that ran 25 courses for more than 2,900 participants in 2025. On the consumer side, the EBA launched a payment fraud dataset covering more than 6,000 providers to lift transparency on scams and unauthorised transactions. These are the levers that turn a written priority into consistent supervisory behaviour across 27 Member States.

Frequently Asked Questions

What is the EBA supervisory convergence report and how often is it published?

It is the EBA’s annual account of how consistently national supervisors apply the supervisory review and evaluation process across the EU, published under Article 107(2) of the CRD (Directive 2013/36/EU). The 2025 edition is EBA/REP/2025/16, published on 29 June 2026. A new one appears each year.

Does the convergence report create any new reporting obligation for my bank?

No. The report is an assessment of supervisory practice, not a binding instrument, so it does not add templates or fields on its own. Its value is that it tells you which existing data, such as large exposures sector coding or ICAAP stress inputs, supervisors are scrutinising most closely.

Where do I find the annual supervisory priorities now that the ESEP is discontinued?

From 2026 the EBA no longer publishes the European Supervisory Examination Programme as a standalone document. The priorities and key topics for prudential supervisors are integrated into the EBA Annual Work Programme, which becomes the source to monitor.

What were the three supervisory key topics for 2025?

Testing and adjusting to increasing economic and financial uncertainties, digital challenges centred on ICT and cyber risk and DORA, and the transition to Basel III and the EU banking package. All three were incorporated into most competent authorities’ own priorities in 2025. For 2026, the EBA carries two of the 2025 key topics forward by name, the Basel III and CRR3 transition and, in its press release for the report, digital operational resilience under DORA, joined by resolution testing and Markets in Crypto-assets Regulation supervision as recast standalone priorities.

Is the output floor already affecting Pillar 2 requirements?

For almost all banks, not yet. The report states that in 2025 only two institutions in the EU sample were constrained by the output floor, and that most affected institutions will become bound between 2026 and 2030. The immediate convergence focus is keeping Pillar 1 and Pillar 2 complementary as the floor phases in.

Why is the EBA looking at NACE codes on large exposures returns?

Its 2025 review found that credit institutions allocate similar exposures to sectors and NACE codes inconsistently, which distorts risk weights, large exposure limits and liquidity metrics. The EBA is building reference lists as a supervisory benchmark to reduce that discretion and improve comparability across the EEA.

What changes for the SREP from 1 January 2027?

The revised SREP guidelines apply from that date. They consolidate the SREP rulebook into a single framework, repeal and absorb the separate ICT risk assessment guidelines (EBA/GL/2017/05), replace the current guidelines (EBA/GL/2022/03), and add content on ESG, operational resilience, third-country branches and the output-floor interaction.

Does this report still cover AML/CFT supervision?

This is the last convergence report in which the AML/CFT chapter reflects EBA-led supervision, because the EBA’s AML/CFT mandate transferred to the Anti-Money Laundering Authority at the end of 2025. For current AML/CFT supervisory expectations, AMLA is now the responsible authority.

Related Articles

Key Takeaways

  • The 2025 EBA supervisory convergence report (EBA/REP/2025/16, published 29 June 2026) is the EBA’s Article 107(2) CRD account of how consistently supervisors apply the SREP, and it reads as a preview of your next supervisory dialogue.
  • Three key topics shaped 2025: macro-financial resilience testing, digital and DORA operational resilience, and the Basel III and CRR3 transition; for 2026 the EBA carries the Basel III and CRR3 transition and, in its press release, DORA oversight forward from the 2025 key topics by name, alongside resolution testing and Markets in Crypto-assets Regulation supervision as recast standalone priorities.
  • The priorities apply to all competent authorities, including national supervisors of less significant institutions, not only to ECB-supervised significant institutions.
  • Pillar 2 is converging but P2R still diverges on concentration and interest rate risk; supervisors are already removing add-ons that duplicate Pillar 1 weaknesses no longer present under CRR3.
  • The output floor constrained only two EU institutions in 2025; most affected banks become bound between 2026 and 2030, so the current work is method not capital impact.
  • Large exposures sector and NACE coding is now a comparability metric the EBA is policing through reference lists, so clean and document that mapping.
  • From 2026 the standalone ESEP is discontinued and priorities move into the EBA Annual Work Programme; from 1 January 2027 the revised, consolidated SREP guidelines apply.
  • This is the last convergence report in which the AML/CFT chapter reflects EBA-led supervision, following the transfer of the mandate to AMLA at the end of 2025.

Sources and References

Reading the convergence report as a reporting roadmap

The temptation with an annual convergence report is to skim the executive summary and file it. The more useful habit is to treat each finding as a question you will eventually have to answer. When the EBA says supervisors struggled with forward-looking scenario integration, that is a hint about your ICAAP. When it says large exposures coding is inconsistent, that is a hint about your COREP LE lineage. The 2025 report, wrapped in a simplification message, still hands reporting and SREP teams a precise list of where supervisory attention will fall next, and the teams that act on it before the next cycle are the ones that spend that cycle answering questions rather than explaining gaps.

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Similar Posts