National Bank of Moldova publishes 2026–2027 banking supervision priorities focused on governance, credit risk and digital resilience

The National Bank of Moldova has published its banking supervision priorities for 2026–2027, setting out a risk-based supervisory agenda for licensed banks built around findings from the Supervisory Review and Evaluation Process (SREP) and on-site inspections. The programme targets vulnerabilities linked to geopolitical and macroeconomic uncertainty and seeks to strengthen banks’ operational and information and communications technology (ICT) resilience alongside core financial risks. The eight priority areas are corporate governance, business model and strategy, credit risk, operational risk, liquidity and funding, ICT risk, payment and settlement systems and payment services, and anti-money laundering and countering the financing of terrorism (AML/CFT). Planned supervisory work includes deeper reviews of fit and proper assessments for board and key function holders, data governance and reporting discipline, business model viability and concentration risk, and credit underwriting and provisioning. Credit risk supervision is framed by strong loan growth in 2025, including a 29.0% rise in the loan portfolio to MDL 104,251.2 million and credit risk representing 82.1% of total risk exposures as at 31.12.2025, with a focus on retail portfolios, correct reporting of the debt service-to-income (RSDV) and loan-to-collateral (RCG) ratios, and risks from online lending. Operational risk priorities cover operational resilience, fraud risk monitoring, outsourcing dependencies and improved data reporting controls; liquidity work will include checks of Net Stable Funding Ratio (NSFR) calculation and reporting under new prudential requirements. ICT supervision in 2026 will emphasise consistent application of the revised 2025 regulation on ICT risk management, information security and business continuity, complemented by expanded off-site monitoring tools. In payments, oversight will cover open banking implementation, strong customer authentication, third-party contractual arrangements and compliance with the payment services framework, against a backdrop that includes Moldova’s work on instant payments and connection to SEPA. For AML/CFT, the agenda includes deploying a modern remote analysis solution, continuing sector-wide risk assessments under the strategic framework and methodology approved on 25.09.2025, and a 2026 thematic exercise across all banks on governance and internal controls for implementing international sanctions, alongside supervisory focus on e-KYC integration and planned alignment of domestic AML/CFT rules with specified European Union delegated regulations. The priorities are designed to be reviewed annually and adjusted as banks’ risk profiles evolve. For 2026 specifically, the National Bank of Moldova plans to calibrate AML/CFT supervisory intensity based on sector risk assessment results, conduct the common thematic sanctions-focused exercise via questionnaire, and assess banks’ compliance with the updated ICT risk management requirements.