As announced as part of the government’s Financial Services Growth and Competitiveness Strategy, the Prudential Regulation Authority (PRA) has introduced a more responsive approach for receiving, reviewing, and approving Internal Ratings Based (IRB) model applications . This new approach is designed to enhance the model approval process for banks with existing internal models. Key elements of the PRA’s updated approach include: Enhanced Pre-Application Engagement: PRA will work more closely with firms before formal submissions to assess readiness and flag complex issues early. Dedicated Submission Slots: Firms will have designated slots for application submission, increasing procedural clarity and predictability on both sides. Accelerated Documentation Quality Checks: The PRA aims to complete thorough checks on application documentation within 4 weeks. Defined Review Timelines: Complete submissions will undergo review within 6 months if no additional information is needed. Final Decision Targets: PRA targets concluding decisions on applications within 18 months. Implications for Banks This transparent and disciplined approach is welcomed by firms. However, it makes banks’ committed model submission dates more important than ever. Firms need to be confident that they will be able to deliver the model in a certain month (with a foresight of a year in advance), having gone through a robust governance and validation process. They will also need to ensure all parts of the submission are complete and of good quality. Failure to deliver on time or to the expected standard will risk putting them ‘at the back of the queue’, resulting in more costly re-developments and potentially supervisory add-ons. We see leading banks taking the opportunity to enhance their IRB model delivery and submission strategies. Conduct a Comprehensive End-to-End Stock-Take of IRB Submissions Across the board, we have observed the following best practices to fully review the current IRB model submission plans. This stock-take includes: Evaluate the feasibility and readiness of each submission relative to the PRA’s timelines and quality expectations. This is done in the light of both previous supervisory feedback and modelling challenges, to come to an honest assessment of whether a model can be delivered in a certain month. Integrate business and strategic priorities—focus should be placed on portfolios that align with the bank’s risk strategy and have the highest business impact. Evaluate levers to shorten delivery timelines – most banks now have elements of parallelization of different model development activities rather than a sequential ‘waterfall’ type approach Incorporate implementation readiness: given the PRA's more certain and shortened review timelines, banks should rigorously assess their ability to implement approved models within the required timeframe. Implementation timelines should be a critical dimension in deciding which models are "ready" for submission, ensuring that operational systems and infrastructures are aligned to support timely deployment post-approval. Enhance planning and regulatory engagement Our experience shows that the following three pillars are critical to ensuring a smooth, timely, and successful approval: Rigorous project management: the more formally and firmly committed timelines demand rigorous project management and discipline to meet deadlines. Late or rushed submissions significantly increase the risk of extensions and requests for additional information Avoid pitfalls from weak or incomplete documentation: all components of the submission package and in particular model documentation need to be planned from the outset to avoid gaps or quality issues that can jeopardise the model review proceeding as planned by ‘stopping the clock’ and having to re-submit Maximize the impact of pre-engagement meetings: the new pre-engagement meetings are an opportunity to present key elements of the model to the PRA end-to-end and provide specialists with the answers to key questions early on. In order to use this valuable time in the most impactful way, banks should prepare materials that directly address the PRA’s key areas of focus, including: Quality and depth of data and historical information used Key judgments and modelling assumptions Evidence of senior management involvement and ownership Thoroughness of internal model validation and challenge processes By preparing high-quality, thoughtful presentations, banks can avoid surprises during the review phase. How We Can Help We recognise that the evolving supervisory approach poses new challenges and have worked with our clients to address these: Ensuring high-quality, complete submissions that meet PRA expectations and pass documentation quality checks first time Providing targeted project support to help banks meet the PRA’s accelerated regulatory timelines without sacrificing rigor Assisting clients in strategically prioritizing IRB submissions to align with both regulatory readiness and broader business goals, maximizing impact and resource efficiency By partnering closely with our clients on these fronts, we help them transform regulatory requirements into competitive advantages and successfully navigate this evolving regulatory landscape.

In October 2025, HM Treasury confirmed a long-anticipated but controversial reform to the UK’s anti-money laundering (AML) supervision framework: the Financial Conduct Authority (FCA) will assume sole responsibility for supervising AML compliance across a wide range of professional services, including the legal sector. The move, following a consultation launched in 2023, establishes the FCA as the Single Professional Services Supervisor (SPSS) and removes AML supervisory responsibilities from long-standing sectoral bodies such as the Solicitors Regulation Authority (SRA) and the Law Society of Scotland. The announcement represents one of the most significant restructurings of the UK’s financial crime oversight regime in over a decade. While the government has framed the reform as a simplification and strengthening of the UK’s defences against money laundering, early reactions from the legal profession and regulatory commentators suggest a far more complex picture, one that raises fundamental questions about proportionality, effectiveness, cost, and regulatory design. Why the Government Acted: Fragmentation, Consistency, and International Pressure At the heart of the reform lies a long-standing criticism of the UK’s AML supervisory model: fragmentation. Prior to the announcement, more than 20 professional body supervisors were responsible for AML oversight across legal, accounting, and other professional services. International assessments, including those by the Financial Action Task Force (FATF), have repeatedly highlighted uneven supervisory quality, inconsistent enforcement, and variable risk understanding across these bodies. By centralising AML supervision within the FCA, the government aims to deliver greater consistency, stronger deterrence, and clearer accountability. The move also aligns with a broader policy narrative: strengthening economic crime controls while simultaneously reducing what the Chancellor described as “business bureaucracy” through rationalisation and digitisation. However, the contradiction of tougher AML supervision alongside lighter-touch corporate reporting has not gone unnoticed. Legal Sector Concerns: Proportionality and Sector Understanding Reaction from the legal profession has been swift and largely sceptical. Representative bodies argue that the FCA’s financial-sector DNA may not translate well to the realities of legal practice, particularly for small and sole-practitioner firms. The SRA, for example, had developed a tailored AML supervisory model over nearly two decades, combining education, thematic reviews, and increasingly assertive enforcement. By 2023, it supervised more than 6,000 firms and over 23,000 beneficial owners, officers, and managers, supported by a dedicated AML team and a multi-million-pound budget. While far from perfect – as evidenced by persistent deficiencies in firm-wide risk assessments – the SRA’s approach was rooted in a detailed understanding of legal services risk typologies. Critics argue that imposing a financial-services-oriented regulator on the legal sector risks replacing targeted supervision with standardised compliance expectations. The fear is not deregulation, but over-regulation: duplicated reporting, increased formality, and a shift from judgement-based risk management to rule-driven compliance. In Scotland, concerns are even more pronounced, given the distinct legal system and the Law Society of Scotland’s enhanced regulatory powers. The prospect of a London-centric regulator supervising thousands of small law firms has raised doubts about supervisory effectiveness and accessibility. Cost, Complexity, and the Risk of Regulatory Burden Creep One of the most persistent themes in stakeholder commentary is cost. AML supervision is not free, and under the SPSS model, the FCA’s expanded remit will need to be funded, ultimately by supervised firms. There is apprehension that economies of scale may not materialise as hoped. Instead, firms may face higher fees, more extensive data requests, and parallel interactions with multiple regulators during a lengthy transition period. For smaller firms, particularly those already struggling with rising professional indemnity insurance and compliance costs, this could accelerate consolidation or market exit. From a consumer perspective, these costs are unlikely to be absorbed quietly. As several commentators have warned, increased regulatory overheads tend to be passed on to clients, raising access-to-justice concerns at a time when affordability of legal services is already under strain. A Harder Edge on Enforcement? One area where the FCA’s involvement could prove transformative is enforcement intensity. The FCA has a well-established reputation for assertive financial crime supervision in banking and investment firms, underpinned by data-driven risk assessment, intrusive reviews, and public outcomes. If this approach is extended to professional services, firms may see a marked increase in thematic reviews, skilled-person style assessments, and sanctions for weak AML frameworks, even in the absence of proven money laundering. The FCA’s long-standing focus on systems and controls failures suggests that “technical” non-compliance may attract greater scrutiny than under previous models. This raises an important strategic implication: AML compliance for professional services is likely to become more formalised, more documented, and more closely aligned with financial-sector expectations. Firm-wide risk assessments, already a weak point under the SRA, are likely to become a primary supervisory entry point. Broader Implications for the UK’s Financial Crime Framework Beyond the legal sector, the FCA’s new mandate signals a broader recalibration of the UK’s approach to economic crime. Centralisation offers the potential for improved intelligence sharing, better alignment with law enforcement, and a more coherent national risk picture. However, success will depend heavily on execution. The transition from multiple supervisors to a single authority carries material operational risks: loss of sector-specific expertise, supervisory bottlenecks, and short-term confusion over expectations. The FCA will need to demonstrate not only toughness, but adaptability by developing differentiated supervisory strategies that recognise the diversity of professional services business models. Crucially, representative bodies such as the Law Society will need to remain closely involved in shaping guidance and risk typologies. Without this collaboration, there is a real danger that AML supervision becomes an exercise in compliance optics rather than crime prevention. A High-Stakes Experiment in Regulatory Design The FCA’s assumption of AML supervision marks a decisive shift in the UK’s financial crime architecture. It offers the promise of greater consistency, credibility, and international confidence, but also carries significant risks around proportionality, cost, and sector fit. For firms, the direction of travel is clear: expectations will rise, documentation will matter more, and financial crime risk management will increasingly resemble that of regulated financial institutions. For policymakers and regulators, the challenge will be to ensure that centralisation enhances effectiveness without eroding the nuanced, risk-based supervision that professional services require. Ultimately, the success of the SPSS model will be judged not by the elegance of its structure, but by whether it meaningfully reduces money laundering while preserving a competitive, accessible, and well-functioning professional services sector. The next two to three years will be critical in determining whether this reform becomes a benchmark for smart regulation, or a cautionary tale in regulatory overreach.

The publication of the December Financial Stability Report and the 2024/25 annual cyclical stress test results saw the FPC’s first review of system-wide capital requirements since 2019. The appropriate benchmark for the system-wide level of Tier 1 capital requirements is now around 13% of RWAs (equivalent to ~11% CET1), a 100bp lower capital benchmark alongside unchanged CCyB. It is worth underlining that this is a system-wide benchmark used to guide expectations, rather than a single “switch” that instantly resets each bank’s requirements. A legal note captured in the press pack stresses the benchmark “is not immediately a binding rule”, but it strongly shapes PRA Pillar 2 decisions, buffer calibration, and market expectations. The reaction from commentators was lukewarm. Brokers RBC framed the December package as constructive but “not an instant game changer”, noting the BoE expects capital requirements to come down by ~1% in 2027 (with ~0.5% from P2A) and estimating that this 0.5% P2A reduction frees ~£8.5bn of capital for RBC’s covered banks. Autonomous similarly highlighted that the headline shift was as expected, but that it contained “fewer concrete policy updates” than hoped - notably no CCyB cut, and “an announcement of a review” on leverage rather than immediate changes. Broadly speaking, brokers felt that the move was directionally positive but there was uncertainly about how quickly it becomes actionable for banks’ management targets and distributions. A useful practical implication (and a good “investor narrative” point for an expanded piece): RBC explicitly suggested banks should shift investor messaging away from absolute CET1 ratios and toward capital levels relative to regulatory targets, especially if management targets start to come down over the next 12 months. Why now? The stress test results provided the immediate “permission structure” for the change in tone. Morgan Stanley highlighted an aggregate 350bp drawdown, with all banks ending above hurdle rates; it also attributed the lower drawdown (vs earlier tests) to balance sheet de-risking and a higher profitability starting point. Press coverage also emphasised that, even at the low point, the system remained meaningfully above minima/ systemic buffers (cited at around £60bn above aggregate minima and systemic buffers). A particularly helpful articulation of the FPC’s logic came from Sarah Breeden (Deputy Governor for Financial Stability) in the Financial Times. She positioned the benchmark as an attempt to find the level of capital that maximises growth through the cycle (balancing fewer crises vs potentially higher lending costs). She also explained a key technical nuance: the FPC judged “appropriate” capital at ~11%, but then added 2 percentage points to account for imperfections/gaps in RWA measurement, yielding the 13% benchmark. Buffer usability The FPC and PRA’s stated ambition is to make buffers usable in stress, and to reduce incentives to deleverage in downturns or run with large voluntary buffers. However, multiple commentators highlight that behavioural stigma around dipping into buffers (and the market/supervisory reaction) is the real barrier. Convincing banks and shareholders that buffers can genuinely be drawn down could be challenging after ~15 years of tightening; prudence has “paid off” and perceptions may take time to shift. Potential impact (if this workstream succeeds): even without changing headline minimum much further, improving usability could be the difference between (i) a 13% benchmark that remains largely theoretical, and (ii) banks actually reducing management targets and deploying capital into lending, organic growth, or distributions. Simplification: the “Bufferati” vision and a single releasable buffer Autonomous flagged that the BoE referenced Sam Woods’ 2022 “Bufferati” speech and the idea of a single releasable buffer, but also cautioned that banks are still likely to want to run headroom to MDA in practice. Separately, GlobalCapital quoted ABN AMRO’s Kapil Damani describing this as the UK’s first genuine rethink of the framework in over a decade i.e., a shift from “more capital” to “smarter, better-calibrated capital”, and explicitly linked the benchmark change to a move toward simpler, more usable buffers. Potential impact: simplification is not just aesthetics; it could reduce real or perceived “stack complexity” that drives internal management buffers, and (depending on design) could also make stress-time capital deployment less procyclical. Leverage ratio buffers: likely the most “material” lever for domestic banks Several sources point to leverage as the area where changes could be more significant than the 13% benchmark itself. If leverage constraints are not addressed it will be difficult for banks like Lloyds and Natwest to lower target capital levels, since for domestics as well as UK-based global investment banks CCyB and domestic surcharge buffers are added onto the leverage requirement and must be met with pure CET1 (whereas the base 3.25% can be partly met with AT1). Autonomous added that if objective is to make leverage less binding under stress, it may require revisiting the systemic buffer calibration in the leverage stack (they reference it as currently 35% of the RWA-based metric), though that could imply further divergence from international standards. Potential impact: if leverage buffers are recalibrated, the beneficiaries could disproportionately be domestic retail banks whose leverage stack is currently “heavier”, potentially enabling lower CET1 targets even if RWAs fall and IRB improvements reduce risk densities. Domestic-exposure capital requirements: de-duplicating overlapping intents The BoE will do further work on how domestic-exposure-related requirements interact (CCyB, O‑SII, elements of P2A). Presumably the intent is to avoid double-counting of risk. Potential impact: this is a technically complex area, but it is potentially where the BoE/PRA can reduce conservatism without weakening overall resilience — by ensuring different tools are not inadvertently charging for the same exposure twice. Broad implications A Financial Times commentary cited Alvarez & Marsal estimates that, on £3tn of domestic RWAs, a 1pp change could free up ~£30bn of capital; it also highlighted that how much is realised depends on banks’ own capital headroom preferences. Compare with RBC’s “covered universe” specific estimate (mentioned above) of ~£8.5bn from the 0.5% P2A move. A Reuters piece captured the post‑announcement debate sharply: former officials John Vickers and David Aikman argued requirements should be higher, warning the practical effect could be higher payouts to shareholders; Governor Bailey defended the cut, saying roughly half the change reflects Basel 3.1 and half reflects lower-than-expected systemic importance, and emphasised that financial stability is a precondition for growth (also pointing to the credibility of the UK resolution regime). Ultimately, even if the framework is easing, political and reputational constraints will shape how quickly banks convert capital capacity into distributions. A GlobalCapital piece discusses the impact on the UK SRT market (relevant for the Treasury Platform): while the “natural expectation” is that lower requirements reduce the imperative for SRT, market participants still expect activity to continue because (i) the reduction is small and (ii) banks typically maintain safety margins anyway. The same source notes an uptick in private capital relief transactions and highlights that incoming Basel 3.1 (tightening capital calculation) remains a key driver of banks’ incentive to optimise capital. The Financial Times commentary explicitly argued Bailey’s pronouncements will be watched across Europe, noting competitive dynamics with the US and potential pressure on European regulators if the UK moves further. A separate GlobalCapital piece discusses EU buffer usability/simplification debates and notes expectations around an ECB-led simplification task force report, situating the UK move in a broader global “lighten the load” conversation (with uncertainty about how far it goes). So a key consideration to note in any more in-depth piece whether the UK is ‘front‑running’ a broader recalibration - or diverging? Pulling this together, the FPC’s 13% benchmark is best read as a directional reset and a platform for follow‑through work - rather than a one-off “capital giveaway.” The stress test results support the claim that resilience is strong, and Breeden’s articulation of “optimal capital” plus an explicit RWA‑uncertainty overlay provides a defensible prudential rationale. But the real-world impact for banks will depend on: (i) whether buffer usability reforms genuinely change behaviour, (ii) whether the leverage review reduces bindingness for domestic banks, and (iii) whether “domestic exposure” requirements can be streamlined without creating new blind spots.

Welcome back to Risky Business's roundup of the headlines in risk. Recent developments highlight a clear shift toward tighter supervisory focus on resilience and execution, particularly in the UK and Europe. Regulators are embedding climate, interest rate, and resolvability risks more firmly into core prudential frameworks while recalibrating capital regimes under Basel 3.1, increasing cross-border complexity for large banks. In the UK, the PRA and Bank of England are streamlining supervision but sharpening scrutiny on business model sustainability and risks beyond the banking perimeter, including shadow banking. For boards, the takeaway is straightforward: regulatory tone may sound more proportionate, but expectations on delivery, data quality, and credible risk management are rising EBA consults on climate-focused changes to the Systemic Risk Buffer (SyRB) guidelines EBA The European Banking Authority launched a consultation to amend guidelines on sectoral exposures for the Systemic Risk Buffer to make climate risk more visible in macroprudential capital tools. Proposed changes aim to add granularity in identifying climate-related exposures and how they are treated across jurisdictions. The consultation runs through April with a public hearing scheduled for April 2026. Why this matters Embedding climate risk into macroprudential tools raises expectations for data, reporting, and capital planning across large banks. It may also lead to divergent national calibrations, complicating cross-border capital planning. For risk planners, this signals climate risk accruing real prudential weight, not just disclosure emphasis. Bank of England/PRA publishes its 2026 supervisory priorities PRA The PRA set out its supervisory priorities for 2026, highlighting a streamlined supervisory process and more efficient focus on key risks. The document confirms a shift of some supervisory reviews (like Periodic Summary Meetings) onto a biennial cadence. It also emphasises proportionate risk identification and remediating material weaknesses across banks and building societies. Why it matters This shapes how UK regulators allocate their scrutiny and resources, affecting risk reporting and supervisory engagement across firms. Streamlining may reduce administrative burden but heighten focus on core risks like governance and capital adequacy. Banks should adjust planning and evidence tracks to align with the updated supervisory cadence. ECB Vice-Chair Elderson emphasises operational and geopolitical shock resilience in supervision ECB The ECB’s Frank Elderson told the European Parliament that supervisory priorities through 2028 will emphasise resilience to geopolitical and macro-financial shocks as well as operational risk (e.g., cybersecurity). He also reinforced stronger oversight of innovation risks, including AI and digital assets. Elderson stressed that supervisory simplification must not dilute risk-based scrutiny. Why it matters This highlights where supervisors will intensify scrutiny - particularly on cyber, third-party risk, and innovation controls. A clearer risk focus aids strategic compliance planning but raises expectations on operational risk governance. It signals that resilience goes beyond capital ratios to include non-financial operational domains. Bank of England Governor warns shadow banking could threaten financial system The Times Bank of England Governor Andrew Bailey said regulators must address risks in the shadow banking sector, warning it could pose systemic threats due to growing scale and opacity. He announced plans for a new stress test of the private markets ecosystem to better understand systemic vulnerabilities. Bailey noted that while traditional banks are resilient, non-bank interconnections require closer monitoring. Why it matters A shift of supervisory attention toward shadow banking broadens the perimeter of risk monitoring beyond traditional deposit-taking banks. Systemic risk could be masked if these sectors expand without commensurate oversight. Banks with exposures to market-based finance should prepare for increased scrutiny on indirect risks and interconnected exposures. EBA completes IRRBB Heatmap work, highlighting EVE/NII and CSRBB issues EBA The EBA published its final report on medium-to-long-term objectives under the IRRBB Heatmap initiative, noting progress but ongoing asymmetries in EVE and NII impacts. The report highlighted inconsistent treatment of Credit Spread Risk in the Banking Book across banks. It encourages firms to align approaches and enhance governance. Why it matters Interest rate risk in the banking book remains a core balance-sheet vulnerability in a rate-volatile environment. Divergent practices around credit spread risk and hedging governance can prompt regulatory findings and capital add-ons. This underscores the need for robust risk measurement, governance, and consistent methodology. Bank of England/PRA finalises Basel 3.1 UK rules and confirms implementation timing BoE/ PRA The PRA published its final Basel 3.1 package in PS1/26, setting out the calibrated UK approach to the post-crisis Basel reforms. It reconfirms the UK implementation date of 1 January 2027 after a one-year delay agreed with HM Treasury. The policy statement anchors the supervisory baseline for firms in scope. Why it matters Basel 3.1 shapes capital calibration, risk-weighted assets, and disclosure norms critical to capital planning and competitiveness. The delayed timeline adds execution risk and cross-border complexity for UK-EU/US operations. It also underlines the need for robust programme management and model BIS speech warns AI and digital finance can create new financial-stability fault lines Bank of International Settlements In a BIS speech in Hong Kong, Tao Zhang warned that rapid adoption of artificial intelligence and digital finance could create new fault lines in financial stability. He highlighted risks from operational fragility, concentration, and common-mode failures where institutions rely on similar models, vendors, or data. The speech also noted that automation and faster market dynamics could amplify stress, arguing that policy and risk frameworks must evolve alongside technological adoption Why it matters For GSIBs and DSIBs, AI risk is increasingly viewed not just as a model or operational issue but as a potential systemic risk. Heavy reliance on shared technology stacks and third-party providers heightens correlated failures that are difficult to mitigate through diversification. This raises supervisory expectations for robust AI governance, resilience planning, and clear incident management under a financial-stability lens. EBA and AMLA complete handover of AML/CFT mandate effective 1 January 2026 EBA he EBA announced that the new EU Anti-Money Laundering Authority (AMLA) took over AML/CFT supervisory mandates effective 1 January 2026. This structural change centralises oversight of anti-money-laundering supervision in the EU. The transition is intended to strengthen coordinated action and supervisory consistency. Why it matters Centralised AML supervision raises expectations for consistent, high-quality controls, reporting, and risk management across large banking groups. AML failures remain a key operational and reputational risk with rapid escalation potential. For international groups, alignment between UK and EU frameworks will be critical to managing compliance risk. ECB advances climate and nature plan embedding risks into supervision ECB The ECB announced deeper integration of climate and nature-related risk considerations across its supervision and policy frameworks. This includes enhanced risk assessment capabilities and scenario analysis tools. The ECB intends to use binding decisions where necessary. Why it matters Climate and nature-related risks are now mainstream in euro-area supervisory expectations, with potential direct implications for capital adequacy and risk management. Banks need robust strategies and evidence to satisfy growing supervisory demands. It increases the importance of scenario planning and data quality in climate risk frameworks. FINMA issues guidance to limit crypto-asset custody risks FINMA Switzerland’s regulator FINMA released guidance outlining expectations to limit operational, legal, and control risks linked to crypto-asset custody services. It emphasises firm structure, governance, and risk controls in crypto custody offerings. The guidance aims to protect clients and support supervisory clarity. Why this matters As crypto exposures grow, custody operations concentrate operational and compliance risks that could cascade into larger reputational and financial shocks. Regulatory guidance signals enhanced scrutiny and expectations for control environments. This affects UK and global banks offering digital asset services as part of broader risk frameworks.