eba-credit-risk-consultation-2026-simplification-complexity

On 9 February 2026, the EBA fired the starting gun with its consultation on the credit risk framework for a long-awaited “regulatory spring clean”. What at first glance looks like a purely technical revision turns out to be a strategic major project with massive relevance for compliance, anti-money laundering prevention and the C-suite. The aim is to curb the “wild growth” in credit risk, harmonise key terms and noticeably increase the efficiency of the Single Rulebook.

For executive management, this means lower OpEx in the long term through reduced administrative effort.

The compliance function benefits from clearer definitions that narrow scope for interpretation and make monitoring more legally robust.

For money laundering reporting officers, too, harmonisation offers the chance to finally break down data silos at the interfaces to KYC processes. As the internal feedback deadline already ends on 5 May 2026, now is the moment to move from mere implementation to active co-creation. Those who use this consultation prevent unnecessary drivers of complexity from being cemented in future CRR reviews. The motto is: shape it instead of just administering it.

Based on the text of the EBA consultation, the following dates apply for 2026:

An important note for the timeline: As the process requires coordination between Risk, Compliance and IT, internal statements should ideally be finalised by the end of April.

The EBA consultation on simplifying the credit risk framework (February 2026) is not a purely technical project for the risk department. It cuts deep into the organisational duties of bank management and the control functions.

1. C-suite (Management Board / Executive Management)

Overall strategic responsibility and organisational duty

• Duty to ensure an appropriate organisation: The C-suite must ensure that the institution has a functioning risk management system. The consultation offers the chance to reduce “complexity risks” which, according to the EBA Report 2025, can jeopardise operational stability.

• Duty of efficiency and cost control: Within the scope of due diligence duties (§ 93 AktG or § 43 GmbHG), the Management Board must identify and reduce unnecessary administrative burdens (OpEx).

• Normative references:

  • § 25a KWG: Special organisational duties (proper business organisation).

  • MaRisk AT 3: Overall responsibility of the Management Board for the risk strategy and its implementation.

  • CRR (Arts. 74-101): Requirements for own funds and internal governance.

2. Compliance function

Monitoring and advisory function to ensure adherence to rules

• Regulatory monitoring: Compliance must assess how the planned deletion of Level 2 and Level 3 products (RTS/ITS/guidelines) will affect the internal rule framework. There is a duty to avoid “regulatory gaps” during the transition phase.

• Ensuring coherence: As the EBA intends to align key terms, Compliance must check whether internal policies (e.g. on lending or reporting) still match the harmonised “Single Rulebook”.

• Normative references:

  • MaRisk AT 4.4.2: Tasks of the compliance function (working towards the implementation of effective procedures).

  • CRD (Arts. 76, 88): Requirements for governance and the independence of control functions. 3. Money Laundering Reporting Officer (MLRO)

3. Money Laundering Reporting Officer (MLRO)

Data consistency and risk interfaces

• Harmonisation of customer assessment: If the EBA changes definitions in credit risk (e.g. on groups of connected clients or beneficial ownership), the MLRO must ensure that these do not conflict with KYC (Know Your Customer) data. Inconsistencies lead to errors in the risk analysis.

• Review of the risk-based approach: Simplifications in the credit process must not weaken identification and monitoring duties under the Anti-Money Laundering Act. The MLRO must ensure that “more efficient” credit processes do not create blind spots for money laundering.

• Normative references:

  • § 7 GwG: Duties of the money laundering officer (implementation of prevention measures).

  • § 5 GwG: Risk analysis (alignment of risk profiles across departments).

  • MaRisk AT 4.3.2: Integration of risk management with anti-money laundering prevention

The EBA’s simplification of the rule framework initially sounds like relief, but it entails specific operational and liability-related pitfalls for the persons involved. If “simpler” is confused with “vaguer”, dangerous scope for interpretation arises.

The EBA’s simplification of the rule framework initially sounds like relief, but it entails specific operational and liability-related pitfalls for the persons involved. If “simpler” is confused with “vaguer”, dangerous scope for interpretation arises.

1. The C-suite (Management Board / Executive Management)

The strategic dilemma: efficiency vs stability

• Problem areas:

  • Resource misallocation: Underestimating the conversion effort. “Simplification” often means a massive IT and process project in the background.

  • Capital impact (RWA): The risk that simplifying definitions inadvertently leads to higher risk weights and thus a higher own funds requirement.

• Individual risks:

  • Organisational fault (§ 130 OWiG / § 25a KWG): If the transition is flawed due to insufficient resources, the C-suite is liable for inadequate business organisation.

  • Strategic disadvantage: If you miss the consultation deadline (10 May 2026), you are at the mercy of future rules that may not fit your business model.

2. Compliance function

The operational dilemma: “rulebook drift” during the transition

• Problem areas:

  • Monitoring vacuum: While old EBA guidelines are repealed and new (consolidated) products are introduced, a phase of uncertainty arises. Which internal policy applies from when?

  • Interpretation risk: “Simplified” rules are often more principle-based. Compliance must now interpret these without already having established supervisory audit practices.

• Individual risks:

  • Findings in the audit of annual financial statements: If the adaptation of the internal rule framework (MaRisk AT 4.4.2) lags behind the EBA’s pace.

  • Liability for incorrect advice: If Compliance gives the green light for a “simplified” process that is later classified by BaFin as insufficient, the function comes under pressure to justify itself. 3. Money Laundering Reporting Officer (MLRO)

3. Money Laundering Reporting Officer (MLRO)

The interface dilemma: KYC blindness through credit efficiency

• Problem areas:

  • Data loss due to streamlining: If the credit department requests fewer data in the course of “simplification”, the MLRO may lack important information for KYC screening (Know Your Customer).

  • Inconsistent risk profiles: A client is classified as “simplified/standardised” in credit risk, while being classified as “high risk” in AML monitoring. Such discrepancies are a red flag for auditors.

• Individual risks:

  • Fine risks (§ 56 GwG): The MLRO is personally liable for the appropriateness of the risk analysis. “I thought the credit department checks that” is not a valid defence.

  • Sanctions breaches: Due to unclear definitions of “connected clients” (credit), sanctioned links could be overlooked in the AML process.

Phase 1: Analysis & governance (Immediate measures)

Set up an “EBA Simplification” task force:

Content: Connect risk controlling, compliance, IT and MLROs under the lead of risk management.

Goal: Avoid silo solutions and ensure consistent internal communication.

Gap analysis of “Single Rulebook” mandates:

Content: Compare the EBA products currently used (RTS/ITS/guidelines) with the consolidation proposals mentioned in the discussion paper.

Goal: Identify processes that could become obsolete under simplification.

Strategic RWA assessment (C-suite):

Content: Rough estimate of whether the proposed alignment of terms could affect risk-weighted assets (RWA) and thus the capital ratio.

Phase 2: Operational safeguarding (By May 2026)

Impact check for KYC & AML data:

Content: Check whether planned simplifications in the credit process (e.g. reduced documentation requirements) endanger the data base for AML checks.

Goal: Ensure that the MLRO continues to receive all necessary information for the risk analysis (§ 5 GwG).

Synchronisation of the internal rule framework:

Content: Compliance creates a “roadmap” for adapting work and organisational instructions (outside MaRisk) as soon as the final EBA guidelines are foreseeable.

Goal: Avoid a monitoring vacuum during the transition phase.

Phase 3: Strategic influence (Use the consultation)

Structured feedback loop (deadline 5 May):

Content: Collect “pain points” from case handlers (e.g. contradictory definitions in day-to-day lending practice).

Goal: Submit a well-founded statement to the EBA to actively fend off unnecessary complexity.

Stakeholder dialogue with supervisors:

Content: Use association contacts to mirror your interpretation of “simplification” early on with the national supervisor (BaFin/Bundesbank).

EBA

https://www.eba.europa.eu/publications-and-media/press-releases/eba-launches-consultation-simplifying-credit-risk-framework

Strategic excellence at C-suite level requires continuous orientation. So that you are not left on your own after your programme, we developed S+P C.O.R.E.

S+P value-added guarantee: your knowledge advantage for 2026

Every booking of an S+P seminar automatically includes free access to the quarterly S+P C.O.R.E. Executive Update. Why? Because we know the regulatory world does not stand still. We keep your knowledge up to date – guaranteed.