Your guide to this week in regulation

This week, we lead with key publications and supervision priorities from the Prudential Regulation Authority (PRA) which set the path for the year ahead. Up first, we see proportionality in action as applicable firms will move to a less frequent two-year Period Summary Meeting (PSM) cycle; reducing the regulatory burden. Other headline priorities should not present any surprises across risk management, governance and controls, operational and financial resilience, and data risk. 

With similar intent, the PRA has confirmed its final rules for a significantly simplified capital regime and liquidity requirements for small deposit-takers. 

Then, across a quartet of policy statements, we highlight the PRA’s steps towards Basel 3.1, and we conclude this week with the necessary foundations for coordination between international regulators across third-party risk. 

PRA sets 2026 supervision priorities 

The PRA has outlined its supervisory priorities for 2026, signalling a major shift to streamline oversight. From 1 March, larger firms will move to a two-year cycle for Periodic Summary Meetings, reducing the frequency of formal reviews while maintaining ad hoc engagement. This change aims to make supervision more proportionate and efficient, freeing resources to tackle key risks. 

Other measures include faster reviews of senior manager applications, new firm authorisations and model change approvals. The PRA will also consult on a UK captive regime for insurers in summer 2026, targeting a 2027 launch, and modernise reporting through the Future Banking Data project. 

These steps build on recent reforms such as Basel 3.1 for larger firms, Strong and Simple for smaller firms, and Solvency UK for insurers. Firms should review the sector-specific letters and prepare for changes to supervisory engagement. 

Read more on how the PRA will streamline supervision as part of 2026 priorities 

Read more on UK deposit takers supervision

Read more on insurance supervision

Read more on international banks supervision

 

PRA confirms final capital rules under ‘Strong and Simple’ framework 

The PRA has published its final Policy Statement (PS4/26) for the Strong and Simple Framework, introducing a simplified capital regime and liquidity requirements for Small Domestic Deposit Takers (SDDTs). This follows consultation (CP7/24) and near-final rules set out in PS20/25. The regime aims to reduce complexity without compromising resilience. 

The PS includes tailored reporting templates, amendments to supervisory statements, and new methodologies for setting Pillar 2 capital for SDDTs. Changes from the prior consultation are minor clarifications, intended to enhance readability and some small technical corrections. The final rules take effect on 1 January 2027, with early implementation of ICAAP and ILAAP update frequency, including reverse stress-testing, from 20 January 2026. 

The PRA will shortly release a final reporting taxonomy. Firms meeting SDDT criteria or considering entry should review the updated PRA Rulebook and supervisory expectations. Stakeholders should prepare for the new reporting requirements and confirm readiness for early ICAAP changes. 

Firms should ensure they have reviewed the final policy and implementation timelines to ensure compliance ahead of the 2027 start date. 

Read more on the Strong and Simple Framework

PRA publications for Basel 3.1  

Within PS1/26 the PRA has provided its final PRA Rulebook rule instruments, supervisory statements (SSs), statements of policy (SoPs), and disclosure and reporting templates and instructions relating to the Basel 3.1 standards.  

Alongside this, the PRA has issued other policy statements including PS3/26 completing the transfer of the remaining Capital Requirements Regulation provisions into the PRA Rulebook and related materials. Building on the near-final proposals in PS19/25, the statement confirms updates across credit risk, securitisation, and internal model permissions, alongside refreshed supervisory statements and new statements of policy aligned with the final rules relating to Basel 3.1 standards.  

The PRA highlights that the changes from the near-final to the final rules are minimal. Adjustments include replacing revoked CRR definitions of probability of default, loss given default, and conversion factor with the corresponding PRA Rulebook glossary terms. These refinements are intended to support clarity and consistency as the UK completes its move to a post-EU prudential framework. 

The revised rules will apply from 1 January 2027. Firms should review the updated materials and prepare their implementation plans. Full documentation, including appendices and mapping tables, is available on the Bank of England website. 

Read more on Basel 31 and SDDT regimes

Read more on the implementation of Basel 3.1

Read more on restatement of CRR requirements  

PRA finalises retirement of Pillar 2A methodology  

The PRA has confirmed its final policy to retire the refined methodology for Pillar 2A capital requirements, following earlier proposals in CP9/24 and the near‑final direction set out in PS18/25. The change forms part of the regulator’s wider programme to streamline the capital framework and align firms’ methodologies with the forthcoming Basel 3.1 standards and the simplified capital regime for Small Domestic Deposit Takers (SDDTs). 

The policy removes the refined approach to Pillar 2A, meaning all firms, including SDDTs, will adopt the Basel 3.1 standardised credit risk framework. The PRA has made no changes from the near-final policy published last year, and amendments to Supervisory Statement SS31/15 reflect this update. 

Senior managers should assess the implications for ICAAP and SREP processes and ensure readiness ahead of the 1 January 2027 transition. The PRA has also published related policies on Basel 3.1 implementation and CRR restatement. Firms should consult these materials promptly to confirm compliance plans. 

Read more on retiring the refined methodology to Pillar 2A  

 

Oversight of third party risk: UK–EU coordination 

UK regulators and the EU supervisory authorities have signed a new Memorandum of Understanding to coordinate oversight of Critical Third Parties. The MoU sets out how authorities will share information and work together during incidents affecting critical ICT providers, including cloud, data and other services that support many firms. It builds on the EU Digital Operational Resilience Act and the UK’s CTP regime. It includes principles for cooperation, confidential information exchange and coordinated oversight actions across borders, with an emphasis on timely incident sharing and consistent approaches.  

The agreement does not change existing outsourcing or operational resilience rules. Firms keep full responsibility for managing their own third party risk. The practical impact is likely to be in supervision, where regulators may ask more targeted questions and look for stronger evidence on how firms oversee key providers, rather than introduce new rules. 

Read more on the EU-UK update