EBA Guidelines: New Requirements for Banks’ IT Systems

Teaser EBA Guidelines BB

With the EBA guidelines and their transition into the 7th amendment of MaRisk, the digitalization pressure from the regulatory environment on banks is growing continuously. The final regulations demand digital solutions and the corresponding further development of IT systems. The supervised institutions have little time to adapt the business reality to new requirements.

The European Banking Authority published the EBA Guidelines on May 29, 2020. Covering the topics of loan origination and monitoring, the aim of these guidelines is to standardize credit management across the EU and provide long-term stability in the asset quality of European banks. These guidelines not only affect banks regulated by the European Central Bank (ECB), they also have a direct impact on other regulatory contexts and relate to fields such as ESG (Environment, Social, Governance).

So, what impact will the EBA Guidelines have on the lending process? What measures can individual banks put in place to prepare for the new regulatory requirements? And where do banks need to take immediate action? In this blog post, we answer these questions from the perspective of a software developer.

Implementation deadlines: Banks urgently need to act

Although the new regulations have applied to all new business in the credit sector since June 2021, there are exceptions for existing commitments. As of June 2022, the guidelines also apply to any existing credit agreements that required amendments or adjustments. As it stands, ECB-regulated banks must implement the guidelines in full by June 30, 2024. Banks regulated by Germany’s Federal Supervisory Authority, BaFin, can expect a renewed sense of urgency from January 2023, as the 7th amendment to the Minimum Requirements for Risk Management (MaRisk) is more closely oriented towards the EBA Guidelines.


EBA: Scope covers the entire loan lifecycle

The EBA Guidelines bring with them a host of new requirements, spanning the entire credit lifecycle – from new business and monitoring to disclosure, prolongation, waiver management and so on. They include:

  • Assessment of ESG-related factors in lending and risk management
  • Sensitivity analyses for secured and unsecured lending
  • Differentiated pricing frameworks for various products, groups and credit qualities
  • Ongoing impairment tests for collaterals (including collaterals without capital reduction)

In reality, the new EBA requirements do not propose any entirely new duties for the industry. However, conducting business, maintaining documentation and furnishing evidence in compliance with the requirements will be challenging – and, without the support of digital technologies, virtually impossible.

As the scope of the EBA Guidelines spans the entire loan life cycle, the resulting professional duties will crop up at different times and will need to be processed by different experts working in different system contexts. This presents a number of challenges in terms of the processes involved:

  • Business data exists in different systems and is sometimes in unstructured formats in documents
  • Experts cannot act or collaborate without contextual basis
  • Process data is either not available or disjointed when needed as evidence compliant with audit standards

As a result, it is either not possible to furnish evidence at the touch of a button or it involves a lot of work to aggregate and integrate this data to find a corresponding solution.

A banking platform for the regulatory challenges of today and tomorrow

Knowledge-driven applications

In the context of the EBA Guidelines, a central requirement for IT systems is the ability to control and govern business data. A modern platform not only manages all data but also generates knowledge based on the relationships between data and the context in which business data is generated.

  •  Business domains illustrate the relationships between business objects
  • Business data is managed in the context of the borrower and the specific proposal, independent of the data source and the time of recording
  • All interactions and changes to business data are logged in technical and business terms on individual data points
  • Process data is separated from business data and made available for analysis/business intelligence

The practical relevance of intelligent data management is evident in many areas. It makes it possible, for example, to demonstrate at any time when a task or assessment was completed, by which users, and based on what data. The system can allocate information to a customer or process, regardless of the data source, and then inform the user or initiate a process. As a result, audit procedures can be carried out on the platform directly or made available to an auditor in defined reports at the touch of a button.

Adaptable, expandable modules

A modern platform manages business data and business logic in modular, context-based processes. There are many reasons for this. One particular objective is to structure business knowledge in such a way that it can be amended and expanded at any time, within its context and in a standalone process.

Regulatory requirements will continue to evolve, and it must therefore be possible to input them quickly and easily into the corresponding modules and services. With a modular system architecture and suitable tools, adjustments can be made simply and with certainty. It is important that these tools are tailored to the needs of the people who use them.

In the context of the EBA Guidelines, this means that, with appropriate training, specialist departments and IT-adjacent departments should be able to introduce new requirements into modules and services themselves – without having to rely on software developers.

Curated technologies

There are myriad technologies on the market and it can often be challenging for banks to assess the relevance and quality of individual solutions. A banking platform provides a carefully selected technology mix and allows users to add new technologies. For instance, the topic of machine learning and artificial intelligence (AI) will become increasingly significant in relation to automating analytical and assessment processes.
However, this does not mean that every element needs to be sourced from a single vendor. Instead, a platform facilitates the interoperation of various modules without increasing the operational complexity.

Subscribe knowis newsletter


Although the regulatory framework is identical for all banks, the EBA Guidelines and the 7th version of MaRisk will affect individual banks very differently, depending on their status quo. Little time remains for regulated institutions to adapt their processes to the new requirements and deploy IT systems to help ensure compliance.

Regulation should be regarded not as a project but as an ongoing program, constantly demanding faster, more secure and more targeted adjustments. The regulatory pressure to digitalize systems and processes is not a passing phase; instead, it will continue to weigh heavily on banks. As a result, financial institutions must strive to continuously develop and improve their IT systems.

We are ready to assist you at any time with our skills, our project experience and our banking platform. Simply use our contact form to get in touch. We look forward to hearing from you.

Teaser: georgeclerk – iStock – 1387644793; infographics: knowis AG.

Written by -Torsten Spörl-

Torsten is Chief Revenue Officer and responsible for the 'Customer Tribe' of knowis AG. At the beginning of his professional career, Torsten worked in transaction consulting in the financial services sector at two of the 'big four' management consultancies. He then led various units in the banking sector, focusing on corporate customer business and project financing.

Share now

Subscribe our newsletter

White paper download: Credit. Digital.