The Prudential Regulation Authority has written to chief executives of PRA-regulated UK deposit takers setting out its 2025 supervisory priorities, which it says will complement core assurance work and firm-specific feedback. The programme centres on strengthening governance, risk management and controls, improving data quality, ensuring funding and liquidity preparedness as sterling reserves dynamics change, and delivering the operational resilience outcomes required by March 2025. Supervisory work will test how firms identify and manage emerging and interacting risks, with boards expected to ensure adaptive control frameworks supported by stress and scenario analysis and to address risk culture drivers of control weaknesses. Credit risk reviews will focus on how practices have evolved for strategic growth areas and higher-risk or vulnerable portfolios, and will continue to scrutinise counterparty credit risk, particularly exposures to non-bank financial institutions. Firms are expected to embed model risk management changes aligned with the PRA’s Supervisory Statement 1/23, prioritise remediation where shortcomings have been identified, and improve the quality of regulatory model submissions. Data risk remains a recurring root cause of remediation needs, with expectations on firms to improve data aggregation capabilities and submit complete, timely and accurate regulatory returns, alongside continued supervisory testing of data accuracy. On funding and liquidity, firms are expected to be operationally ready to access sterling reserves through the Bank of England’s Sterling Monetary Framework facilities regularly and at scale, particularly the Short-Term Repo and re-calibrated Indexed Long-Term Repo, and to plan early for significant Term Funding Scheme with additional incentives for SMEs maturities in 2025, including collateral strategy and refinancing options. Operational resilience expectations include demonstrating by March 2025 the ability to remain within impact tolerances for all important business services through severe but plausible disruptions, with particular emphasis on cyber recovery, legacy technology remediation and third-party oversight. The letter reiterates the 12-month delay to UK Basel 3.1 implementation to 1 January 2027, notes that near-term deadlines such as data submissions have been paused, and confirms that transitional periods will be shortened while the full implementation date remains 1 January 2030; it also flags that the implementation timing of the proposed Strong and Simple regime for small domestic deposit takers is being reviewed in light of the Basel delay. Next steps include engagement on the Bank’s repo-led operating framework discussion paper by January 2025, publication of feedback from the 2024 Cyber Stress Test later in 2025, a planned PRA and Financial Conduct Authority consultation in the second half of 2025 on ICT and cyber risk management, and cross-firm work including the Bank Capital Stress Test 2025 and thematic reviews of forbearance and unsecured lending.

Original source View in tracker