Compliance Briefing — May 29, 2020

Executive briefing: The European Banking Authority (EBA) issued its Guidelines on loan origination and monitoring on 29 May 2020 to reinforce responsible lending, consumer protection, and resilience across EU credit institutions and investment firms. The requirements entered into force on 30 June 2021 for new lending, with transitional arrangements for legacy portfolios extending to 30 June 2024. Institutions are expected to evidence credible implementation plans, align board-approved risk appetites, and demonstrate supervisory readiness.

Governance and internal controls

Board accountability and policies

Boards must approve the credit risk strategy, articulate risk appetite statements for each product family, and ensure remuneration frameworks do not incentivise excessive risk-taking. Policies need to cover product design, pricing, collateral acceptance, connected party lending, and exceptions handling. Institutions should evidence a structured product approval and review process that considers target market, conduct risk, and conflicts of interest, especially where cross-selling or distribution partners are involved.

Three lines of defence and outsourcing

Risk management, compliance, and internal audit must be resourced to oversee origination standards, validate models, and test adherence to policies. Internal audit should perform periodic thematic reviews on collateral valuation, creditworthiness assessments, and data governance. Where origination or servicing is outsourced, arrangements must comply with the EBA Outsourcing Guidelines, including documented due diligence, performance monitoring, and exit strategies. Contracts should mandate data access, audit rights, and continuity provisions for critical services.

Conduct and consumer protection

The guidelines require transparent pre-contractual information, suitability checks, and controls to prevent mis-selling. Vulnerable customers should receive enhanced disclosures and options for payment relief where appropriate. Complaint management systems need to aggregate lending-related issues, identify root causes, and feed lessons learned into product and training updates. Sales incentives must be balanced with quality metrics and customer outcomes.

Creditworthiness and borrower due diligence

Retail and MSME lending

Lenders must base decisions on verified income, stable employment or revenue streams, existing indebtedness, living costs, and realistic repayment capacity. Affordability testing should incorporate interest rate shocks, income volatility, and maturity limits aligned with the borrower’s lifecycle. For micro and small enterprises, institutions should capture business plans, tax filings, bank statements, and evidence of management experience. Revolving credit should be reviewed more frequently, with clear triggers for limit reductions or conversion to amortising schedules.

Corporate, specialised, and leveraged finance

Corporate underwriting must evaluate audited financial statements, cash flow forecasts, sector outlooks, supply chain dependencies, and covenant structures. For specialised lending (project finance, real estate development, shipping, aviation), the guidelines emphasise robust feasibility analysis, independent appraisals, and sensitivity testing on key variables such as occupancy, commodity prices, and offtake agreements. Leveraged transactions require additional scrutiny of debt sustainability, refinancing risk, equity cushions, and sponsor support; underwriting standards should avoid covenant-lite structures that mask borrower stress.

Collateral, guarantees, and valuation discipline

Collateral can mitigate loss but should never replace repayment capacity. Institutions must ensure independent, conflict-free valuations by qualified experts, using International Valuation Standards and, for property, European Valuation Standards where applicable. Revaluations are expected at least annually for commercial real estate and more frequently when markets are volatile. Statistical models must be validated, benchmarked against transaction evidence, and supplemented with physical inspections when risk indicators trigger. Guarantees should be legally enforceable, with documented guarantor capacity and, for public guarantees, confirmation of eligibility criteria and claim processes.

ESG and climate integration

Strategy and risk appetite

The EBA expects ESG risks—particularly climate-related physical and transition risks—to be embedded in credit policies, sectoral limits, and pricing. Institutions should map portfolios to high-emission sectors, set concentration limits where risk is elevated, and incorporate transition plans into borrower due diligence. Green and sustainable products must be supported by transparent eligibility criteria aligned to the EU Taxonomy and the bank’s own risk appetite statements.

Data requirements and client engagement

Institutions need to collect decision-useful ESG data from borrowers, such as greenhouse gas emissions, energy performance certificates, and climate adaptation measures. Where data gaps exist, lenders should use proxies or sector benchmarks, document assumptions, and plan to replace estimates with reported figures as disclosure regimes mature. Engagement with clients on decarbonisation pathways, science-based targets, and energy efficiency investments can inform more accurate risk assessments and support value-adding advisory services.

Scenario analysis and disclosure

Credit decisions should reflect climate scenario analysis that captures transition shocks (carbon pricing, technology shifts, policy changes) and physical hazards (flood, heat, wildfire). Outputs should feed into probability-of-default and loss-given-default estimates, as well as collateral haircuts for vulnerable geographies or asset classes. Public disclosures—Pillar 3 ESG templates and sustainability reports—should explain methodologies, data sources, and limitations to give supervisors and investors confidence in risk management practices.

Data governance and technology enablement

Data quality, lineage, and retention

Institutions must maintain end-to-end data quality frameworks covering accuracy, completeness, timeliness, and consistency across origination, servicing, and collections. Data lineage should trace inputs from source systems through credit engines to regulatory reports, with reconciliations and access controls documented. Retention schedules need to respect GDPR and national rules, while still enabling long-horizon model validation and back-testing.

Model risk management and AI use

Credit scoring, IFRS 9 expected credit loss models, and early warning systems require formal model risk management: clear ownership, documented assumptions, periodic validation, and performance monitoring. Where machine learning models are deployed, institutions must ensure explainability, fairness testing, and human oversight to meet supervisory expectations. Challenge processes should test models under stressed macroeconomic scenarios and ESG-related shocks.

Reporting architecture and interoperability

Supervisors can request granular breakdowns of exposures by sector, geography, collateral type, and ESG attributes. Institutions should design data architectures that can populate EBA templates, national competent authority requests, and internal dashboards without extensive manual intervention. Leveraging APIs, data fabrics, and harmonised reference data reduces reconciliation errors and speeds up supervisory responses.

Loan monitoring, early warning, and remediation

Performance monitoring and triggers

Borrower performance must be tracked through payment behaviour, covenant compliance, financial KPIs, and qualitative signals such as management changes. Early warning indicators should include cash flow deterioration, overdraft usage spikes, collateral value drops, or ESG risk events (e.g., policy bans, flood damage). Automated alerts and dashboards help relationship managers intervene before arrears crystallise.

Forbearance, restructuring, and NPE management

When stress emerges, institutions should offer sustainable forbearance solutions—term extensions, temporary payment moratoria, or interest-only periods—grounded in renewed affordability assessments. Restructurings must align with the EBA NPE and forbearance guidelines, with clear classification, provisioning, and cure criteria. Escalation protocols should define decision rights, documentation standards, and timelines for migrating exposures to dedicated workout units.

Collateral management and legal enforceability

Collateral and guarantee positions should be re-evaluated after restructurings or material market movements. Legal enforceability reviews must confirm registration, priority, and insurance coverage. Where valuations decline materially, lenders should reassess loan-to-value limits, seek additional security, or adjust pricing to reflect heightened risk.

Implementation timelines and supervisory engagement

Planning and resourcing

Institutions should maintain board-approved implementation roadmaps covering policy updates, system changes, training, and third-party dependencies. Program management offices can track milestones, allocate budgets, and escalate slippages. Change impact assessments are necessary for front-office workflows, underwriting tools, and data warehouses, ensuring business continuity while controls are upgraded.

Supervisory expectations and evidence

National competent authorities assess readiness through thematic reviews, onsite inspections, and SREP interactions. Institutions should prepare evidence packs: gap analyses, policy documents, training records, model validation reports, and sample loan files demonstrating revised creditworthiness assessments. Supervisors may impose remedial actions, capital add-ons, or administrative penalties where deficiencies persist.

Continuous improvement

Even after the 2024 transition deadline, institutions are expected to iterate controls as data availability, climate science, and digital capabilities evolve. Regular policy refreshes, post-implementation reviews, and benchmarking against peer practices help sustain compliance and competitiveness.

Action plan

1. Immediate (0–30 days): Execute a cross-functional gap assessment covering governance, credit processes, ESG integration, data quality, and technology architecture. Map legacy exposures subject to transitional treatment and identify quick wins that reduce supervisory findings.
2. 30–90 days: Update policies, underwriting templates, pricing models, collateral standards, and early warning indicators. Launch training tailored to frontline lending teams, credit committees, and model owners.
3. 90–180 days: Deploy data model enhancements, integrate ESG data fields into origination systems, and automate reporting to meet EBA template requirements. Validate collateral valuation panels and model governance against internal audit criteria.
4. Ongoing: Monitor regulatory updates (EBA Q&As, ITS changes), refine climate scenarios, and review product performance. Provide periodic board reporting on implementation status, key risks, and supervisory interactions.

Executing this plan enhances credit discipline, supports sustainable finance objectives, and demonstrates prudent risk culture to supervisors and stakeholders.

Follow-up: Supervisory monitoring has highlighted expectations for richer climate-risk data, integration of ESG scores into underwriting, and transparent evidence of model validation and collateral governance.

Sources

• EBA/GL/2020/06 Guidelines on loan origination and monitoring — Official guideline text detailing governance, credit decisioning, pricing, valuation, monitoring, and transitional timelines (30 June 2021 for new lending; 30 June 2024 for existing exposures).
• EBA Monitoring Report on the integration of ESG risks (2023) — Highlights supervisory observations on climate-risk data expectations, ESG scoring practices, and links to loan origination and monitoring requirements.