2026 strategic challenges for the banking sector

April 2026

A more adverse geopolitical and macro-financial environment

The combination of conflicts in Ukraine and the Middle East points to a new energy shock: Brent above $100/bbl and rising liquefied natural gas and fertilizer costs are pushing inflation higher, slowing growth, and transmitting greater uncertainty and volatility to financial markets.

At the same time, May 2026 brings a cycle of institutional renewal that will shape global monetary policies: in the United States, the leadership transition at the Federal Reserve adds uncertainty over the outlook for interest rates and the balance between employment and price stability; in the euro area, the change in the ECB¹ vice- presidency initiates a process that will leave four of the six Executive Board seats vacant in 2027, with direct implications for the ECB’s future stance.

In this disruptive context, accelerating trends are already under way, the banking sector enters 2026 facing growing challenges to business models, risk management, and financial planning, amid more difficult forecasting and heightened sensitivity to exogenous shocks.

Geopolitical risks with direct impact on banking

The growing weight of geopolitical risk has become a key factor for financial stability.

In the United States, banks are reducing cross-border lending to higher exposure countries while maintaining activity via foreign subsidiaries, limiting potential losses in extreme shocks, yet preserving contagion channels by shifting part of the risk onto domestic balance sheets.

In Europe, supervision has adopted a differentiated approach through the Thematic Reverse Stress Test, requiring each institution to design extreme but plausible scenarios (energy supply interruptions, cyberattacks, supply chain fragmentation, severe volatility) capable of causing a minimum 300 basis points fall in CET1². Results, expected in summer 2026, will not automatically increase capital requirements but will be incorporated into the qualitative SREP³ assessment via Pillar 2 Guidance (P2G⁴). The key challenge lies in scenario construction and rigorous probability assignment.

Prudential reforms and supervision: two different approaches

Financial supervision and the implementation of Basel III show structural differences between the United States and the European Union, with direct implications for capital management and bank solvency.

The Federal Reserve is driving a comprehensive recalibration of the prudential framework focused on material risks: reforms to stress testing, the supplementary leverage ratio, Basel III risk-based requirements, and the G-SIB⁵ surcharge, alongside a consultation to remove reputational risk from the regulatory perimeter.

The goal is to simplify the framework with a single set of calculations, improve alignment between requirements and actual exposure, and adjust the systemic surcharge to better reflect the complexity of the largest banks. In parallel, burden is eased for smaller institutions via enhancements to the community bank leverage ratio and a new standardized approach for non-G-SIBs.

Overall, these measures seek to align capital with risk, strengthen loss-absorbing capacity, and reduce incentives for low-risk activities, mortgage origination and servicing or corporate lending, to migrate outside the regulated perimeter.

In the European Union, the European Central Bank is pursuing a far-reaching supervisory reform to improve efficiency, coherence, and focus on idiosyncratic and multi-year risks. New Pillar 2 Requirements (P2R⁶) will take effect on 1 January, 2027, providing a clear adaptation horizon.

The process brings forward decision communication and clarifies the distinction between supervisory concerns, applicable requirements, and qualitative expectations, giving institutions a clearer map of expectations.

A graduated follow-up of deficiencies is introduced: lower-materiality issues will be resolved with formal confirmation and five-year evidence retention for ex-post checks; serious deficiencies will remain under exhaustive Joint Supervisory Team (JST⁷) oversight until fully remedied with supporting documentation.

Implementation of the CRR III⁸/CRD VI⁹ package constitutes the most significant prudential reform in Europe. For banks with large internal-model portfolios, the effects will be structural: mechanical and sustained growth in risk-weighted assets (RWA¹⁰), pressuring CET1 ratios even without risk-profile changes; reduced competitive differentiation from advanced modelling; and more homogeneous capital structures that aid comparability, albeit with less granularity. The output floor¹¹ will progressively limit RWA reductions from models, ensuring they do not fall below 72.5% of the standardized approach¹² by 2030.

Strategically, the era of solvency optimization is driven largely by model refinement. Institutions must pivot to more active RWA management, tactical and structural portfolio optimization, more efficient collateral strategies, review of ratings and data, dynamic use of securitizations and risk-transfer tools, and pricing and origination models aligned to the new economics of capital.

The entry into force of the final Basel III package marks a structural inflection point for banks’ solvency profiles. The output floor, set at 72.5% of RWA under the revised standardized approach by 2030, fundamentally alters the capital framework and implies a lasting increase in RWA, particularly for institutions with extensive use of internal models.

This impact is amplified by the convergence of a binding output floor, a more conservative standardized approach, most notably for real estate, unrated corporates and financial institutions, and tighter constraints on IRB¹³ models. The result is higher and more homogeneous RWA across banks, reduced risk sensitivity and new regulatory thresholds that may weaken the alignment between economic risk and regulatory capital.

The year ahead is less about responding to new rules and more about making these rules work as part of a coherent strategic architecture.

Artificial intelligence: from experimental use to mandatory governance

In February 2026, the United States Treasury published two key references for AI¹⁴ governance in financial services: the Financial Services AI Risk Management Framework (FS-AI RMF) and the AI Lexicon. Both translate into operational obligations principles already demanded by supervisors: explainability, governance, traceability, accountability, and lifecycle control.

Institutions must evidence how all AI-driven decisions are generated, supervised, validated, and documented. “Pure outputs” from models such as GPT¹⁵ or Claude¹⁶, without human review, full traceability, and technical reproducibility, are no longer acceptable from an internal control and compliance standpoint. This requires embedding human-in-the-loop (HITL¹⁷) oversight, strengthening end-to-end auditability, ensuring data provenance and integrity, and assigning formal owners for each use case. In parallel, the ECB has launched a new wave of on-site inspections¹⁸ focused on AI, extending its scope to generative AI applied to IT operations¹⁹, legal/document analysis, and customer-facing tools. The European Supervisor warns that current risk and governance frameworks are not fully adapted to AI’s specific challenges, creating direct prudential implications (model, operational, conduct, and compliance risks) as well as strategic vulnerabilities. Institutions are therefore required to reinforce accountability, senior-management oversight, and controls across the three lines of defense²º, integrating AI as a core business and risk component in an environment where digitalization accelerates both opportunities and exposures.

2026 marks a clear inflection point. Three structural forces are converging that significantly raise expectations around the prioritization of technology investment. In a “higher for longer” interest rate environment, discretionary technology spend is subject to the same capital discipline as any other allocation. The discussion is shifting decisively from which initiative to launch to how each initiative demonstrably delivers value and supports the bank’s strategic objectives. Every euro invested in technology must now compete directly with deleveraging, essential CAPEX and shareholder returns.

At the same time, growing requirements around governance, audit and control are intensifying scrutiny over the traceability and ownership of technology initiatives. Beyond regulatory compliance, institutions increasingly need a clear, consolidated view of what is underway, the value expected and how that value is being realized. Technology investment has entered an economic proof phase: rising technology costs and vendor dependency are, in many cases, outpacing productivity gains, placing sustained pressure on margins. Portfolios lacking active cost management risk hitting a “cost wall”, triggering reactive cuts rather than strategic choices. Addressing this challenge structurally is not about reducing technology investment, but about ensuring that every euro invested delivers measurable and sustainable impact.

Tokenization²¹: technological convergence, regulatory divergence

Asset tokenization is advancing rapidly, understood as issuing or representing instruments as digital tokens on distributed networks that record and synchronize transactions without central authority.

In the United States, the regulatory stance is technologically neutral: tokenized securities receive the same capital treatment as their traditional equivalents, provided institutions maintain sound risk-management practices and comply with prevailing regulations. This neutrality removes key barriers by allowing banks to hold tokenized assets without additional capital add-ons, enabling smoother balance-sheet integration.

In Europe, the Eurosystem has adopted a more structured, strategic approach. In March 2026 it presented the Appia²² roadmap to build a European tokenized financial ecosystem in which central bank money retains a central role. The strategy comprises two complementary initiatives: Pontes²³, enabling settlement in central-bank money for DLT²⁴-based transactions from late 2026; and Appia, guiding the evolution of tokenized market infrastructures and services towards a detailed blueprint for 2028. The aim is to reinforce monetary stability, Europe’s strategic autonomy, and the euro’s relevance in a rapidly transforming financial landscape.

Another difference worth noting is who leads tokenization. In Europe, debates increasingly focus on the “digital euro” as a public-sector initiative, whereas in the United States USD-denominated stablecoins are driven by private-sector actors. A shift in leadership has material consequences: when the public sector leads, the emphasis is on monetary stability, interoperable standards and clear settlement finality, typically yielding tighter regulatory alignment and stronger consumer safeguards but slower innovation cycles. When the private sector leads, innovation and adoption tend to scale faster, yet fragmentation risks rise, risk-management practices are more uneven, and money-like instruments can gain systemic relevance without equivalent prudential backstops. In practice, the choice of leader shapes the pace of development, the stability and interoperability of market infrastructures, and the long-term compatibility of tokenized assets with the formal financial system.

ESG²⁵ and climate risk: supervisory agendas diverging

In 2026 the gap between the United States and Europe on climate risk widens.

US federal agencies withdrew specific principles for large institutions, arguing that existing safety-and- soundness standards already require management of any material risk without additional guidance. Under this approach, institutions must identify and address relevant risks (including emerging ones) and maintain resilience proportionate to size and activity.

By contrast, the ECB significantly strengthens its 2026–2028 oversight through targeted follow-up of remedial actions, thematic transition reviews aligned with CRD VI, horizontal assessments of Pillar 3²⁶ ESG disclosures, and new on-site inspections focused on physical and environmental risks. This more demanding stance signals an increasingly asymmetric regulatory landscape that will require differentiated strategies and fully operational ESG integration to avoid supervisory pressure and loss of competitiveness.

From 2027 onwards, climate and nature related risks will be fully embedded in the prudential framework. But 2026 is the year in which supervisors expect operational reality to replace conceptual preparation. This applies to governance, ICAAP²⁷ integration, scenario analysis, stress testing and risk appetite frameworks.

Climate and sustainability risks are no longer emerging concerns—they are macro financial factors with demonstrated economic impact. Rising costs associated with climate change, more frequent extreme events, supply chain disruptions and volatile energy and food markets create inflationary pressures and potential GDP shocks. Chronic physical risks and disorderly transition dynamics also cast uncertainty over asset valuations, collateral quality and carbon intensive sectors.

With full prudential ESG integration approaching, banks must industrialize processes that were previously fragmented: systematic exposure mapping, scenario coherence, integrated stress testing and ICAAP alignment.

Solvency, control, and agility in an asymmetric landscape

In 2026, the banking sector operates in a more uncertain, asymmetric, and demanding environment than in previous years. Persistent geopolitical tensions, supply-side shocks, and institutional renewal at leading monetary authorities are accelerating existing dynamics and increasing the likelihood of extreme events.

At the same time, prudential frameworks are diverging across the Atlantic, and scrutiny of AI governance, ESG risk management, and tokenization are intensifying. In this context, the priority for credit institutions is twofold:

resilience understood as robust capital and liquidity planning, active RWA management, high-quality data, cybersecurity, and effective three-lines-of-defense controls.
strategic execution on AI governance with effective human oversight, traceability and auditability; operational ESG integration in ICAAP, risk appetite²⁸ and pricing; and an orderly adoption of DLT where it delivers efficiency without compromising stability.

The expected rise in interest rates provides banks with a unique and temporary window of opportunity: profitability is higher, and capital and liquidity positions remain strong. This makes the current moment a “now or never” juncture to invest decisively in digitalization and AI, particularly considering growing competition from FinTech²⁹ that are starting to become profitable.

Institutions that combine solvency, control discipline, and operational agility will be better positioned to meet supervisory expectations, mitigate tail-risk events³⁰, and capture sustainable growth opportunities in a financial system that is being rapidly redefined.

Carla Azorí – Senior Regulatory Affairs Manager, Accuracy
Philippe Wüst – Partner, Accuracy
Nicolas Darbo – Partner, Accuracy
2026 strategic challenges for the banking sector

¹ ECB: European Central Bank primary mandate is to maintain price stability—aiming for 2% inflation—to safeguard the value of the euro and support EU economic growth.

² ET1: Common Equity Tier 1 is a bank’s core, highest-quality regulatory capital, consisting mainly of common shares and retained earnings. It acts as a primary buffer to absorb losses immediately, ensuring financial stability during stress. CET1 is permanent, requires no repayment, and is a key measure of solvency.

³ SREP: Supervisory Review and Evaluation Process is an annual, comprehensive assessment conducted by the ECB to examine a bank’s risks, business model, governance, and capital/liquidity adequacy. It results in a customized, legally binding assessment that dictates capital requirements and guides risk management, ensuring the institution remains safe and sound.

⁴ P2G: Pillar 2 Guidance refers to bank-specific, non-binding capital recommendations issued by supervisors, such as the ECB Banking Supervision, requiring banks to hold additional capital to cover potential losses from adverse scenarios. Set via the Supervisory Review and Evaluation Process, it helps ensure financial stability beyond mandatory Pillar 2 requirements.

⁵ G-SIBs: Global Systemically Important Banks are financial institutions whose distress or disorderly failure, due to their size, complexity, and interconnectedness, would cause significant disruption to the wider global financial system and economic activity. Identified annually by the Financial Stability Board (FSB) and the Basel Committee on Banking Supervision (BCBS).

⁶ P2R: Pillar 2 Requirements are binding, bank-specific capital requirements imposed by ECB Banking Supervision following a Supervisory Review and Evaluation Process (SREP). They ensure banks hold sufficient funds for risks underestimated by Pillar 1, such as credit risk or internal governance deficiencies. Non-compliance can lead to supervisory sanctions.

⁷ JST: Joint Supervisory Team is a specialized group comprising staff from the European Central Bank (ECB) and National Competent Authorities (NCAs) that conduct ongoing supervision of “significant” banks within the Eurozone. JSTs are a cornerstone of the Single Supervisory Mechanism (SSM), ensuring harmonized oversight, evaluating risks, and implementing supervisory programs for large banking groups.

⁸ CRR III: Capital Requirements Regulation III is a legislative framework adopted by the European Union to implement the final elements of the Basel III reform. It was published in the Official Journal of the EU in June 2024, with many of the rules officially entering into force on 1 January, 2025.

⁹ CRD VI: Capital Requirements Directive IV is a 2014 European Union legislative package implementing Basel III standards, strengthening bank resilience. It consists of the CRD IV Directive (2013/36/EU) and the Capital Requirements Regulation (CRR) (575/2013), regulating capital, liquidity, and risk management for banks and investment firms.

¹⁰ RWA: Risk Weighted Assets are bank assets or off-balance-sheet exposures, weighted (multiplied by a percentage factor) according to their risk level, based on ECB banking supervision.

¹¹ Output floor is a key component of the final Basel III capital standards that sets a lower limit on the risk-weighted assets (RWAs) a bank calculates using its internal models.

¹² Standardized approach is a set of regulated, uniform methods for calculating a bank’s Risk-Weighted Assets (RWAs) for credit, operational, and counterparty risks, designed to ensure that banks hold sufficient capital to absorb potential losses.

¹³ IRB approach is a method within the Basel Accords framework that allows banking institutions to use their own internal models, rather than standardized regulatory percentages, to calculate the minimum capital requirements for credit risk.

¹⁴ AI: Artificial intelligence is a collective term for machine-enabled cognitive processing. The ECB adopts the OECD definition, viewing AI as a machine-based system that, for explicit or implicit objectives, infers from the input it receives how to generate outputs (such as predictions, content, recommendations, or decisions) that can influence physical or virtual environments.

¹⁵ GPT: Generative Pre-trained Transformer is a type of large language model (LLM) developed by OpenAI that uses deep learning to understand, interpret, and generate human-like text, images, or audio in response to user inputs, which are known as “prompts”.

¹⁶ Claude is a family of proprietary large language models (LLMs), as well as an AI assistant and other AI tools powered by those models, developed by Anthropic. Claude models, particularly from their third generation onward, have consistently ranked among the top performing generative AI models available on the market.

¹⁷ HITL: A human-in-the-loop is a model of interaction where a human is actively involved in an AI or automated system’s workflow, providing oversight, training, feedback, or decision-making at critical stages. It ensures accuracy, safety, and accountability, allowing humans to correct, refine, or approve AI-generated outputs, particularly in high-stakes decisions.

¹⁸ On-site inspections or OSI are intensive, in-depth investigations conducted by the European Central Bank or National Authorities at the premises of significant financial institutions within the Single Supervisory Mechanism (SSM). They involve examining specific risks, internal models, governance, and business models to identify shortcomings.

¹⁹ IT Operations refers to the management, security, and maintenance of the technology infrastructure, applications, and data that support the ECB’s monetary policy, banking supervision, and financial market infrastructure tasks.

²º Three lines of defense or LoD is a risk governance framework mandated by European Central Bank banking supervision to split responsibilities for operational risk management and internal controls across three distinct functions. It is a foundational component of effective risk management in financial institutions, designed to ensure accountability, prevent gaps in coverage, and align business operations with risk tolerance.

²¹ Tokenization is defined as the process of issuing, representing, and managing assets (such as money, securities, or other financial instruments) as digital “tokens” using Distributed Ledger Technology (DLT).

²² Appia is a forward-looking Eurosystem initiative launched in March 2026 to shape a long-term, integrated financial ecosystem by leveraging DLT and tokenization for wholesale central-bank-money settlement. It aims to enhance efficiency by eliminating complex reconciliations, enable innovation through smart contracts and tokenized central bank money, and foster competition, while preserving monetary sovereignty and reducing structural dependence on external financial infrastructures. The initiative is expected to deliver a full blueprint, including key findings, principles and recommendations, by 2028.

²³ Pontes is a Eurosystem DLT-based bridge solution designed to connect market tokenization platforms with traditional TARGET Services, enabling tokenized asset transactions to settle central bank money. It supports delivery-versus-payment and automation, drawing on earlier ECB exploratory work on wholesale settlement. A pilot launch is planned for the third quarter of 2026, with the overarching aim of ensuring safe, resilient, and efficient euro settlement regardless of the DLT frameworks developed by the market.

²⁴ DLT: Distributed Ledger Technology is defined as a technological approach that enables the operation and use of distributed ledgers, decentralized digital databases that are shared, replicated, and synchronized across a network of participants.

²⁵ ESG: Environmental, Social and Governance framework used by the ECB to assess how climate change, environmental degradation and social factors affect financial institutions and the wider economy. It encompasses climate-related and environmental risks such as emissions reduction, pollution management and biodiversity protection; social dimensions including inequality, labor relations and human rights; and governance aspects relating to internal structures, decision-making processes and the integration of environmental and social risks into management. The ECB incorporates these criteria into its supervisory approach to ensure that banks identify, manage and disclose ESG-related risks that could jeopardize their own stability or that of the financial system.

²⁶ Pilar 3 of the Basel Framework refers to the market discipline component of bank regulation. It consists of mandatory public disclosure requirements that require financial institutions to publish key information regarding their risk management, capital structure, and capital adequacy, allowing market participants to assess the safety and soundness of the bank.

²⁷ ICAAP: Internal Capital Adequacy Assessment Process is a set of internal processes, strategies, and systems used by banks to identify, measure, manage, and monitor their risks, ensuring they have sufficient capital to cover their material risks. ICAAP is a foundational risk management instrument under Pillar 2 of the Basel III framework, that enables banks to hold adequate capital, even during challenging economic conditions

²⁸ Risk Appetite is a foundational risk management instrument under Pillar 2 of the Basel III framework that enables banks to hold adequate capital, even during challenging economic conditions. In banking supervision, this involves a formal framework (RAF) that sets limits for financial and non-financial risks, ensuring institutions align risk-taking with their business models, capital, and liquidity.

²⁹ FinTech is defined as technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services.

³⁰ Tail-risk events are defined as extreme, low-probability events that, if they occur, have far-reaching negative consequences for financial institutions, markets, and the broader economy. In the context of EU banking supervision, these risks are increasingly associated with structural vulnerabilities such as geopolitical tensions, climate-related crises, and rapid technological disruptions.