Skip to main content

The freshly voted CRR3/CRD6 package will significantly impact banks

21 June 2024

Regulatory News Alert

On 18 June 2024, the long-awaited CRR3 / CRD6 package was published in the EU Official Journal. The most impactful changes brought by these new capital requirement rules include the following:

Output floor

  • Introduction of a lower capital requirement limit to reduce the excessive variation of banks’ capital requirements calculated with internal models.
  • Obligation to calculate both floored and un-floored total risk exposure amounts (TREA) to apply the floor mechanism.
  • Application of the output floor both at the group level (“consolidated level”) and at the level of each subsidiary (“solo/individual level”), with a national discretion to derogate from the individual level for banking group entities established within their territories (Member State “sub-consolidated level”).

Credit risk

  • Revision of the standardized approach (SA-CR). This includes new rules for:
    • Interbank exposures (both rated and unrated);
    • Real estate (including residential mortgage, “buy-to-let” exposures or exposures to acquisition, development and construction);
    • Equity; and
    • Off-balance sheet items, including the removal of the 0% credit conversion factor (CCF) category.
  • Reduction of the scope of the internal ratings-based approaches (IRB), with the possibility of only applying IRB models to specific asset categories.
  • Review of credit risk mitigation techniques (credit insurance and appropriate risk parameters under SA-CR and the foundation IRB approach).

Market risk 

  • Entry into force of the alternative standardized approach (A-SA), alternative internal model approach (A-IMA), and simplified standardized approach (SSA). These methods are subject to eligibility criteria.
  • Revised criteria for assigning positions to the trading book or the banking book.

Credit value adjustment (CVA) risk

  • CVA definition captures both the counterparty’s credit spread risk and the market risk of the portfolio traded with that counterparty.
  • Clarification on which securities financing transactions are subject to the own funds requirement for CVA risk.
  • Introduction of the basic approach, standardized approach and simplified approach.
  • Application of new requirements for eligible hedges for own fund purposes.

Operational risk

  • Introduction of a new single, non-model-based standardized approach.
  • All existing approaches for estimating the operational risk capital requirements are replaced by a single non-model-based method.
  • Banks with a business indicator greater than € 750 million must maintain a loss event database and shall disclose the total annual operational loss in their Pillar 3 report.

Leverage ratio

  • Amended treatment of client-cleared derivatives.
  • Application of provisions regarding regular-way purchases and sales awaiting settlement to financial assets, rather than only to securities.

Crypto and tokenized assets

  • Introduction of a prudential treatment of crypto and tokenized assets.


Specific EU topics included in the package

Along with implementing the final Basel III elements, the EU has also added improvements to other significant areas of banks’ prudential regulations in the Banking Package.

Reporting and disclosures

  • New disclosure requirements for market risk (using SA approaches and the A-IMA) and for CVA risk.
  • Revised disclosure requirements for operational risk.
  • Creates an infrastructure that aggregates supervisory reporting and reduces the administrative burden related to disclosures, especially for small and non-complex institutions.

ESG risks

  • Institutions are expected to systematically identify, disclose and manage ESG risks at the individual level.
  • Formal inclusion of how banks handle ESG risks in the context of the annual supervisory review and evaluation process (SREP).
  • Application of ESG reporting and disclosure requirements to all EU banks, with proportionality for smaller banks.

Fit-and-proper framework

  • Application of the fit-and-proper requirements to all the members of management bodies and key function holders of institutions.

Third-country branches

  • The minimum common requirements on authorization, prudential standards, internal governance, supervision and reporting will apply to branches of third-country banks.
  • Introduction of explicit power for competent authorities to require, on a case-by-case basis, that third-country branches are transformed into subsidiaries.

Strengthened supervision

  • Harmonization of certain supervisory powers (e.g., approval of certain transactions like large acquisitions), tools and sanctions.

Beyond the capital requirements calculation rules

To address the challenges introduced by the new rules, banks should consider taking a number of steps beyond revising the calculation of regulatory capital requirements:

  • Strategic and business transformation: Assessing the strategic and commercial impacts holistically is key to understanding the complexity of the bank’s potential impact. This includes reshaping parts of the loan origination process, adjusting the current product offering to make it more capital efficient, or reviewing the risk-adjusted profitability of clients.
  • Governance: CRR3’s changes will significantly impact governance, requiring efficient change management for banks to adapt. This involves adopting new practices, modifying existing processes, shifting roles, and ensuring skilled resources’ availability.
  • Data and reporting: CRR3 imposes several changes to further enhance banks’ reporting processes and data management, such as new calculations, external reporting, and disclosure requirements. For many banks, data quality and availability will pose a significant delivery challenge.


With both CRR3 and CRD6 now published in the OJEU, they will enter into force on 9 July 2024 and Member States will then have until 9 January 2026 to transpose CRD6 into their local legal frameworks.

CRR3 will apply from 1 January 2025, except for the disclosures of exposures to ESG risks and to crypto-assets, which will apply as from 30 June 2024. However, several transitional arrangements have been agreed upon to ensure banks have sufficient time to adapt to the new rules.

How Deloitte can help

Need support with analyzing the potential impacts of the new CRR3/CRD6 framework, assessing these new rules’ strategic implications on your business, or identifying your institution’s data and tool gaps?

Don’t hesitate to reach out to us.

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey