Skip to content
Confident young business woman working online with team on laptop on startup project

How EU banking supervision is adapting to address geopolitical challenges

Authors

  • Christopher Woolard CBE

    EY Partner, Financial Services Consulting, Ernst & Young LLP; EY UK FinTech Leader; EY Financial Services Regulatory Network Chair; EY EMEIA Financial Services Regulation Leader

  • Danielle Grennan

    Associate Director, Regulatory and Public Policy, Ernst & Young LLP

6 minute read 09 Jun 2025

Regulatory issues are increasingly politicized, pushing banks to enhance resilience to geopolitical risks amid fragmented policies.

In brief
  • The European regulatory landscape is complex, shaped by various bodies and agendas, focusing on enhancing EU strategic autonomy in financial services.
  • Geopolitical factors contribute to global regulatory fragmentation, yet the EU supervisory agenda maintains a degree of predictability.
  • Banks should focus on geopolitical risk, improving cybersecurity measures, and increasing supervisory engagement to stay competitive in the current market.

As the global political landscape continues to shift, regulatory issues are becoming more politicized, with competitiveness gaining prominence on policymakers' agendas. This in turn is leading to greater fragmentation and regional policymaking. The changing geopolitical environment necessitates that banks thoroughly address their resilience to geopolitical risks while also meeting supervisory expectations. Internationally operating banks face further challenges with increased regulatory scrutiny at the subsidiary level and divergent requirements across different jurisdictions.

The EU supervisory landscape challenging banks

At the EU level, the supervisory agenda remains stable, though it is continually influenced by the ever-changing environment. Policy priorities, such as the European Commission’s ("The Commission") recently released Competitiveness Compass and Savings and Investment Union (SIU) Strategy, are expected to impact the overall supervisory architecture. Strengthening supervisory convergence tools and achieving more unified supervision of capital markets are important aims. A key objective of the SIU is the potential transfer of certain supervisory tasks to the EU level. This initiative aims to help ensure that all financial market participants receive consistent supervisory treatment across the EU’s Single Market, regardless of their location. The Commission is seeking a new balance between EU and national mandates. Notwithstanding the ambition, greater harmonization across the EU has previously proven challenging, as evidenced by the slow progress of Capital Markets Union, the forebear of the SIU.

European banking supervision priorities according to geopolitical emerging risks

The European Central Bank (ECB) plays a central role in banking supervision, adopting a stringent supervisory approach focused on the stability of the banking system. Increasing regulatory divergence and diminishing confidence in international cooperation are prompting a detailed supervisory focus on aspects such as business models, governance, financial strength, operational resilience, and resolvability at the legal entity level.

How EY can help

  • Cybersecurity

    Learn more about how organizations are accelerating transformation and strengthening cybersecurity at the same time.

    Read more

The ECB made targeted adjustments to its three-year supervisory priorities for 2025-27, to reflect:

  • The persistently heightened geopolitical tensions and uncertainty surrounding the macroeconomic outlook.

  • The gradual shift in focus from risk identification to risk remediation in areas which have been subject to close supervisory scrutiny in the past, with the ECB clearly frustrated with progress in remediation of deficiencies.

For both international and EU headquartered banks, the ECB is concerned that global geopolitical and macroeconomic uncertainties could lead to significant systemic shocks. To address this, the ECB is focusing on enhancing banks' financial and operational resilience. The primary goal is to strengthen banks' ability to withstand immediate macro-financial threats and severe geopolitical shocks. There is a concern that banks are not adequately integrating geopolitical risks and their potential impacts into existing risk management processes and frameworks. Similarly, the ECB is of the view that persistent deficiencies in credit risk management frameworks also need to be addressed.

 

Additionally, the ECB emphasizes the need to address persistent material shortcomings effectively and promptly. One area of concern is data management capabilities. Ongoing issues in this area could negatively impact banks, potentially affecting Supervisory Review and Evaluation Process (SREP) capital outcomes and leading to possible sanctions.
 

The ECB is also focusing on banks' digitalization strategies and how they address emerging challenges from new technologies. These challenges affect banks' business models and strategies, as well as their overall operational and strategic resilience, given the competitive dynamics in the industry regulatory changes for subsidiaries of non-EU headquartered banks.

In line with the EU’s Strategic Autonomy agenda, it has become more challenging for non-EU banks to provide services at scale to EU-based customers. Article 21c under the Capital Requirements Directive (CRDVI) introduces new minimum harmonization requirements for EU branches of third-country banks. It also standardizes the definition of “banking services”, requiring international banks to obtain EU banking authorization to continue offering these services. This new regime will take effect from January 2027. Some of the key requirements include:

  • Requirement for physical presence: International (non-EU) banks must establish a physical EU authorized presence (branch or subsidiary) to provide banking services in the EU, with cross-border services generally prohibited, with limited exemptions (including in relation to reverse solicitation) being tightened.

  • Harmonized requirements for branch authorization: CRDVI introduces harmonized minimum requirements for the prudential supervision of Third Country Branches (TCBs), including capital and liquidity requirements, internal governance obligations, booking arrangements, and rules on outsourcing management.

AMLA: a response to geopolitical challenges increasing cybersecurity threats for banking

The EU's Anti-Money Laundering Authority (AMLA) is set to begin operations this year and aims to be fully operational by 2028. AMLA will be a key component of the Commission's broader legislative and supervisory framework, which includes the Sixth Anti-Money Laundering Directive (AMLD6), the Anti-Money Laundering Regulation (AMLR), and regulations on information accompanying transfers of funds and crypto assets.

AMLA's primary functions will include developing harmonized standards to help ensure consistent supervision across EU Member States. The new AML package enhances the existing regime by introducing new rules, updating and refining current requirements, and establishing a new supervisory approach with AMLA as the central authority. While all EU-based firms will fall under the new rules and supervision of AMLA, only the highest-risk financial services firms will be directly supervised by this new EU authority.

Recommended actions for banks to overcome risks and regulatory divergence:

1. Enhance strategic planning to take a more forward-looking view of regulatory change can better demonstrate strategic alignment, reduce regulatory friction and help to move highly reactive and demand-driven approaches to compliance to more efficient delivery of compliance through design.

2. Strengthen focus on EU entity governance arrangements – particularly in relation to geopolitical risk and operational resilience (including in relation to information and communication technology (ICT) processes and controls).

3. Assess whether to adapt current EU and UK operating model, considering the new EU requirements under CRD6 (via EY.com Switzerland)/CRR3, proposed new UK Basel 3.1 rules, and the potential changes to the UK regime for the supervision of international banks.

4. Document clear rationale for booking arrangements, document the booking arrangements, and have them approved by the appropriate governance body.

5. Anticipate a significant step-up in focus on anti-money laundering and combating the financing of terrorism (AML/CTF). Banks must adapt their frameworks, engage proactively with AMLA, and consider direct supervision. This includes preparing to enhance their AML/CFT control frameworks as supervisory standards increase. As regulators will always be playing “catch-up” on digital transformation, banks should seek to understand and focus on overarching regulatory intent in relation to technology enhancement to reduce the level of future retrospective compliance effort. Climate risks can be considered in a similar way.

Ed Sibley, Partner, Risk Consulting, Ernst & Young Chartered Accountants and Elaine Brownlee, Senior Manager, Risk Consulting, Ernst & Young Chartered Accountants have also contributed to this article.

Summary

Geopolitical uncertainty, along with risks to macroeconomic and financial stability, creates a more challenging regulatory and supervisory landscape for banks, particularly those operating on a cross-border basis. Banks that can demonstrably enhance their resilience to these risks will be better placed to more effectively and efficiently navigate this environment.

Related articles

Five ways banking CROs are increasing agility

The EY/IIF bank risk management survey highlights the need for increased agility against diversifying risks. Find out more.

18 Feb 2025 Nigel Moden + 2

Why the EU Anti-Money Laundering Authority brings both promise and challenges

Discover the challenges and promise of the EU’s new Anti-Money Laundering Authority (AMLA), in unifying regulations and enhancing financial crime prevention.

10 Feb 2025 Manuel Delgado + 1

Four regulatory priorities to drive financial institutions' focus in 2025

Our Global Financial Services Regulatory Outlook has four regulatory priorities to drive financial institutions' focus in 2025. Download the report.

13 Jan 2025 Christopher Woolard CBE + 2

    About this article

    Authors

    • Christopher Woolard CBE
      EY Partner, Financial Services Consulting, Ernst & Young LLP; EY UK FinTech Leader; EY Financial Services Regulatory Network Chair; EY EMEIA Financial Services Regulation Leader
    • Danielle Grennan
      Associate Director, Regulatory and Public Policy, Ernst & Young LLP
    Related topics
    Anti-money laundering regulations
    Financial Services EMEIA

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
    You are visiting EY main (en)
    main en