Introduction  

The amended banking package detailing the regulatory prudential requirements (the so-called “CRR3-CRD6” framework) was published in the Official Journal in July 2024. The Regulation (CRR3) entered into force on 1 January 2025 while the Directive (CRD6) will be effective from 11 January 2026 after its transposition into national law.

While the current focus for institutions is to get prepared for the updated regulatory reporting on capital requirements (COREP) with reference date 31 March 2025 with deadline to report on 30 June 2025, the CRR3-CRD6 package poses numerous other operational challenges for banks.

The objective of this article is not to give a complete perspective of the banking package but rather to focus on a selection of three areas that we think institutions should pay particular attention to, as we think they represent areas that may be overlooked or/and where the operational challenges may be underestimated. While this is the focus, we remind the reader that other domains of the regulation shall not be forgotten. In particular we want to point out operational risk management requirements, reporting processes,  data management and internal governance, which all contribute to the ultimate objectives of the CRR3 and CRD6 which are 1) to foster financial stability and market integrity by delivering more accurate and complete data points to best support Regulatory Authorities in their oversight role and 2) to hold solid and stringent governance mechanisms to best protect investors, shareholders and other relevant stakeholders in the EU.   

Prudent valuation of real estate collateral

In the CRR3, we witness the introduction of stricter requirements related to the valuation requirements of residential real estate (RRE) and commercial real estate (CRE) collateral. Financial institutions are required to frequently monitor the value of immovable property to detect any material declines in value.

The CRR3 sets a limit on increasing property values. Properties cannot be valued higher than their historical average value (or a comparable property) or the original value, whichever is higher. Upward revaluations are limited to cases where modifications to the property lead to a value increase, such as renovations that enhance the property’s resilience to climate and environmental related risks.

Stricter requirements are set to ensure that property valuations remain realistic, avoiding artificial inflation or procyclical changes. Institutions face challenges as they must change the way real estate values are monitored and data is stored in their systems. This implementation is underestimated because (1) banks might not have the necessary data and need to collect it, and (2) they may need to modify processes, monitoring, and valuation models. Banks should focus on this because it could directly impact net credit exposure, capital consumption, and ultimately, return on equity.

Article 208 (5) presents another operational challenge related to real estate and net credit exposure. It requires institutions to ensure properties used as collateral are properly insured both at the start and the throughout the loan. Institutions must assess whether the insurance coverage can restore the property's value after significant damage, including climate and environmental factors such as floods, fires, and storms. This process requires solid internal processes for data collection and monitoring.

The ECB has for some years performed on-site inspections to examine how banks carry out valuations and found several shortcomings¹.  The more prescriptive guidelines in the updated CRR text are therefore likely to result in some additional scrutiny of banks credit risk management frameworks, making this an area that requires attention.

The banking package as a trigger for business transformation

The new definition of commitments in CRR3 impacts contracts and capital charges

Institutions usually rely on internal definitions, not necessarily aligned across the bank and across functions. The CRR3 requires banks to align their definitions so they recognize commitments in their books and allocate a capital charge. Banks must now monitor contractual arrangements to ensure they meet the conditions where a contractual arrangement is not considered a commitment.

The new definition and the operational requirements pose challenges to institutions, particularly regarding the timing of the commitment. The key question is at which point the commitment should be recognized. This changes how frontline staff handle offers and credits, requiring collaboration across departments, such as Accounting, Legal, and Compliance, to implement an adequate monitoring process. The crucial change is to recognize commitments when the offer letter is issued, even if not yet signed, provided that the offer meets the new definition when signed by the client².

The important analysis to perform is to review the contractual terms in offers to align with the new definitions from commercial, reputational and litigation perspectives. Additionally, it is important to review the processes, data adjustments (such as the need for new data fields), and assess the potential impact on risk-weighted assets (RWA).
 

Cross border business: Challenges faced by institutions operating outside the EU

The introduction of Article 21c of CRD6 signals a significant shift in cross-border financial operations, particularly impacting non-EU banks and their clients. It will restrict non-EU entities from directly offering loans, credit, guarantees or commitments and taking of deposits or other borrowing in the EU by any non-EU entity.

Why do we see that this development is often overlooked despite its importance?

Institutions outside the EU face challenges in directly doing business with EU clients without an EU-based intermediary. Non-EU banks might need strategies like establishing EU branches or subsidiaries, and communicating with EU clients to manage the transition effectively before new rules take effect. We see that this is a change of ruleset requiring strategic alignment not just between departments, but also among entities within the same group, adding complexity and requiring time to develop solutions.

We have identified five exemptions from the new restrictions:

• Reverse solicitation: This approach is valid when EU clients approach non-EU entities at their 'own exclusive initiative.’ Non-EU entities cannot market products or services other than those originally solicited through an EU branch.
• Interbank business: The restrictions will not apply to business with EU banks, including large investment firms covered by the extended definition of credit institution.
• Intragroup business: The new restrictions will not apply to activities conducted by a non-EU entity with a member of its own group.
• MiFID ancillary business: The new restrictions will not apply to services or activities listed in Annex I, Section A, of Directive 2014/65/EU such as, dealing on own account, etc..
• Legacy contracts: The new restrictions do not affect existing contracts to preserve clients’ acquired rights, but only if they are entered into at least six months before the date of application of the new restrictions.

Although the new rules are not expected to apply until the end of 2026, the complex nature of required adjustments to business operations and client relationships means it is crucial that non-EU entities conducting cross-border business with EU clients or counterparties should start preparing now.
 

The need to prepare a robust prudential transition plan

While the EU has initiated simplification of some sustainability regulations through the Omnibus directive notably, we believe many overlook that climate and environmental related requirements remain in the CRR3 and CRD6 texts and continue to represent operational challenges.

An example of this is that the CRD6 directive mandates banks to create a prudential transition plan, an internal process to achieve climate goals and manage climate transition risks. It encompasses planning across various timeframes, including at least 10 years into the future. This requirement takes effect on 11 January 2026, for most banks, and January 2027 for smaller, simpler institutions.

The plan needs to explain how the bank will adapt its risk management, business model, and operations to remain resilient against rising ESG risks, especially environmental ones. Supervisory authorities emphasize the importance of planning, noting that “failing to plan is planning to fail.”³

The prudential transition plan must include components recommended by the European Banking Authority’s (EBA) ESG risk management guide published in January 2025⁴. This guide strengthens the quantitative aspects of ESG risk management by listing indicators and ESG data to include in the transition plan. The plan should be fully integrated into the bank's decision-making processes and can help support the strategic green transition encouraged by the CSSF⁵.

This is not merely a regulatory compliance exercise. The challenge, we believe, lies in effectively coordinating the actions of various professions and functions within the bank to successfully adapt the business model in response to current and future climatic and societal changes.

A specific challenge we foresee in the implementation of a robust prudential transition plan is the scarcity of ESG data, common to climate and environment-related issues.  Due to concerns about data verification, quality and completeness, the market is apprehensive about exposure to legal liability and reputational risk.

Collecting ESG data takes time and resource due its qualitative nature, making it complex to handle.  Reliability issues and evolving ESG considerations add to the challenge. For instance, data like energy performance certificates can have different “scores”, requiring guidelines standardize them into a uniform format.

Due to this complexity, it is crucial to begin early and establish dedicated ownership and governance for data collection, storage, and management. Though January 2026/2027 seems far off, this task will require significant effort, and it is important to acknowledge that.

Conclusion

The CRR3 and CRD6 banking package presents significant challenges for Banks, including strategic and operational and is not simply limited to reporting adjustments or changes in calculation techniques.   Objectives are extensive embedding market robustness (stability and integrity) and protection of investors as primary ambitions. 

The numerous requirements outlined in these texts, including the more than 140 EBA mandates, may necessitate substantial business transformation and close collaboration across departments and even intragroup that should not be underestimated.

Given the extent of change required and the potential time involved, it is essential for banks to have a clear roadmap and monitor the EBA finalisation of the many mandates that will complement the CRR3/CRD6 texts.