New EBA 2026 Disclosure Obligations: What Medium and Large Banks Must Do

Key data

Medium and large financial institutions in the EU have a new operational obligation in force since 26 March 2026: publishing their prudential information through the Single Access Point of the European Banking Authority (EBA), following the technical standards updated by Implementing Regulation (EU) 2026/722.

This is not a newly created regulation, but rather a relevant technical amendment to Implementing Regulation (EU) 2024/3172, which already governed the use of this disclosure channel. The adjustments directly affect data communication and transparency systems towards supervisors and the market.

What does this regulation establish?

Regulation 2026/722 amends the implementing technical standards of Regulation 2024/3172 regarding the use of the EBA Single Access Point for the disclosure of information by institutions that are not small and non-complex.

The specific changes introduced are technical in nature and involve:

• Adjustments to data communication systems towards supervisors and the market.
• Adaptation of reporting and prudential information disclosure processes to the format and channel established by the EBA.
• Compliance with the new implementing technical standards for disclosure through the Single Access Point.

Economic and operational impact

The main impact of this regulation is not economic in terms of direct fees or amounts, but rather operational and compliance-related. Affected institutions must bear internal costs of technological and process adaptation to ensure their reporting systems are compatible with the new technical standards of the EBA Single Access Point.

The main vectors of operational impact are:

• Review of reporting systems: Technology and compliance teams must verify that the formats for submitting prudential information are compatible with the updated requirements.
• Update of internal processes: Disclosure workflows towards supervisors and the market may require documentary and technical adjustments.
• Supervisory risk: Non-compliance may result in supervisory sanctions from competent national and European authorities. The regulation does not specify specific sanction amounts, but the reputational and regulatory risk is significant for medium and large institutions.
• Interdepartmental coordination: Risk, compliance, technology and finance departments must align their processes for disclosure through the EBA channel.

Who is affected?

This regulation applies exclusively to institutions meeting the following criteria:

• Financial and credit institutions established in the European Union.
• Classified as medium or large according to applicable regulatory criteria.
• That are not classified as small and non-complex (a category expressly excluded from the scope of this regulation).

In practice, this includes:

• Medium and large banks and credit institutions operating in the EU.
• Banking groups subject to direct or indirect supervision by the Single Supervisory Mechanism (SSM).
• Financial institutions with prudential disclosure obligations under the CRR/CRD framework.
• CFOs, Chief Compliance Officers (CCOs) and regulatory reporting managers of these institutions.

Small and non-complex institutions are expressly excluded from the scope of this regulation.

Practical example

A medium-sized Spanish bank, subject to supervision by the Banco de España and not classified as small and non-complex, is required to publish its prudential disclosure information (for example, its capital ratios, risk exposures and liquidity data) through the EBA Single Access Point.

Until now, its reporting systems were configured in accordance with the technical standards of Regulation 2024/3172. With the entry into force of Regulation 2026/722 on 26 March 2026, the bank must:

1. Verify that its reporting technology platform is compatible with the technical adjustments introduced by the new regulation.
2. Update the data communication formats and channels towards the EBA portal if the standards have changed.
3. Document the adaptation process to demonstrate compliance to the national supervisor in the event of an inspection.

If the bank does not carry out this adaptation and continues reporting with the previous formats without verifying their compatibility, it is exposed to supervisory sanctions from the Banco de España or the competent European authorities.

What should companies do now?

1. Identify whether the institution falls within the scope of application: Confirm that the institution is not classified as small and non-complex. If it is medium or large, this regulation applies from 26 March 2026.
2. Review current reporting systems: The technology and compliance team must compare the technical standards of Regulation 2024/3172 with the adjustments introduced by Regulation 2026/722 to identify compliance gaps.
3. Adapt disclosure processes to the new EBA format: Update prudential information publication workflows to ensure they are compatible with the format and channel of the EBA Single Access Point.
4. Coordinate with the departments involved: Risk, compliance, technology and finance must align their processes for the updated disclosure.
5. Document the adaptation: Record the changes made to demonstrate compliance to the national or European supervisor in the event of a request or inspection.
6. Monitor supervisor communications: Stay alert to additional technical guidance that the EBA may publish on the implementation of the Single Access Point, as the regulation establishes technical adjustments that may be developed through supplementary instructions.

Official source

Disclaimer: This article is for informational purposes only and does not constitute legal advice. For specific decisions, please consult a qualified professional. Source: https://eur-lex.europa.eu/./legal-content/AUTO/?uri=CELEX:32026R0722