Pomegra Wiki

Supervisory Review Process

The supervisory review process (SREP) is the mechanism through which bank regulators assess whether an individual institution holds adequate capital and liquidity for its specific risks. It is not a one-size-fits-all checklist; supervisors use a holistic lens to examine a bank’s business model, governance, asset quality, interest-rate risk, and operational risks, then impose tailored capital surcharges if the baseline minimum is not enough.

The three pillars of Basel

The Basel III framework rests on three pillars. Pillar 1 sets a one-size-fits-all capital minimum—a bank must hold at least 4.5% common equity ratio, 6% Tier 1 capital, and 8% total capital. These are binding floors.

But Pillar 1 rules were designed by committee and cannot account for every bank’s idiosyncratic risk. One bank might lend mostly to stable large corporations; another might fund volatile commercial real estate developers. One might have a strong risk culture and tight controls; another might be loosely run. Pillar 1 treats them identically.

Pillar 2 is where supervisors close that gap. It says: the regulator will assess each bank’s specific risks and require it to hold extra capital on top of Pillar 1 if the regulator believes the bank needs it. Pillar 2 is the supervisory judgment layer.

The SREP in practice

Supervisors conduct the SREP by examining four dimensions.

Business Model Risk: Does the bank’s business model(its chosen way of making profit) expose it to undue concentration? A bank that finances only oil rigs or commercial real estate is more fragile than one with diversified revenue. Supervisors assess revenue-stability, return on assets, and market share concentration.

Governance and Risk Culture: Are the board, management, and staff aligned on risk appetite and limits? Can the chief risk officer actually stop a business line from exceeding risk policy? Supervisors interview directors, inspect risk-management infrastructure, and review operational risk incidents. A bank with sloppy governance, even with strong capital ratios, will be required to hold more.

Capital and Liquidity Adequacy: The regulator stress-tests the bank—modelling losses under adverse scenarios (recession, credit spread widening, property crash)—to estimate how much capital it would burn. The bank’s own stress tests are submitted; supervisors run their own, usually more pessimistic. If either test suggests losses larger than the bank’s Pillar 1 capital, supervisors impose a Pillar 2 add-on.

Operational Risk: Does the bank manage cyber, fraud, compliance risk well? Are IT systems modern or ancient? Large operational losses (lost due-diligence files, regulatory breaches, hacks) sometimes trigger higher capital.

Pillar 2 Requirement and Pillar 2 Guidance

The SREP output is typically twofold.

The Pillar 2 Requirement (P2R) is binding. If a supervisor determines that a bank needs an extra 2% capital on top of Pillar 1, that 2% becomes law. The bank must hold it; shortfall is a violation.

The Pillar 2 Guidance (P2G) is softer—a recommendation that the bank can breach without legal sanction, but which opens it to supervisory jawboning and operational restrictions if violated. For instance, a supervisor might advise a bank to hold 3% extra above P2R for economic downturn, but not formally mandate it.

G-SIBs (globally systemically important banks) often receive P2R and P2G in the 1–3% range on top of Pillar 1. Smaller, less risky banks might receive none.

SREP and total-loss-absorbing-capacity

Supervisors also check that banks will meet total-loss-absorbing-capacity (TLAC) and other resolution-related capital floors. A bank might satisfy Pillar 1 and Pillar 2, but still not hold enough bail-in-eligible debt to resolve. SREP evaluates this separately, though the capital stress tests often inform TLAC[requirement calculations.

Supervisory judgment and consistency

A risk in SREP is inconsistency. Two supervisors looking at similar banks in different jurisdictions might impose different Pillar 2 requirements, leading banks to lobby for “level playing fields.” The European Banking Authority publishes guidelines to try to standardise SREP, but national regulators retain discretion. A bank in Germany might face tougher scrutiny than one in Luxembourg, not because of different risks but because of different supervisory appetite.

Also, SREP relies on supervisors having deep knowledge of banks’ risk profiles. If a supervisor’s risk team is small or overworked, SREP becomes a box-ticking exercise rather than a genuine judgment call. Quality of supervision varies.

Changes in SREP over time

Post-2008, SREP became much more intensive. Before the crisis, supervisors often rubber-stamped banks’ own risk estimates. After 2008, supervisors began running their own stress tests, challenging business models, and conducting deeper governance reviews. The 2019 EBA Guidelines on SREP formalised this into a detailed framework applied across the EU.

More recently, supervisors have begun incorporating climate risk, cyber risk, and operational risk concentration into SREP. A bank with a large concentration in fossil-fuel lending or weak cyber defences will face higher Pillar 2 requirements. This evolution reflects regulators’ view that risks change and SREP must adapt.

SREP transparency and challenge

Banks have the right to be heard during SREP. A regulator proposes a Pillar 2 requirement; the bank submits evidence and arguments; the regulator decides. Banks can challenge decisions (in limited ways) through appeals processes, though supervisory determinations are hard to overturn in court. This balance—between giving supervisors discretion to act and giving banks a fair hearing—remains contentious.

See also

Wider context