← Back to all briefings
Policy 7 min read Published Updated Credibility 45/100

Policy Briefing — July 5, 2025

The PRA’s Basel 3.1 package applies from 1 July 2025, so firms need board-owned governance over output floors, model change evidence, and COREP/Pillar 3 submissions to satisfy supervisory reviews.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Board briefing and regulatory clock

The Prudential Regulation Authority’s Basel 3.1 package takes legal effect for the largest UK banks on 1 July 2025, bringing the first wave of output floor, standardised credit risk, counterparty credit risk, and market risk changes introduced through Policy Statement 17/23. Boards need to demonstrate that governance structures, Senior Managers and Certification Regime responsibilities, and subsidiary oversight forums can evidence readiness for the phase-in while aligning with the Financial Policy Committee’s expectations on capital resilience and data traceability. Supervisory teams will expect concrete proof that boards have interrogated readiness packs, challenged first-line scenario coverage, and confirmed that policy libraries, model governance documentation, and reporting controls are aligned with the incoming rules.

Immediate oversight must prioritise three deliverables before quarter end: a signed-off Basel 3.1 programme charter with Senior Manager Function (SMF) accountabilities mapped to the new prudential obligations, an evidence-backed readiness assessment covering policy, model, data, and reporting artefacts, and a rehearsed reporting workflow for PRA and public disclosures. Boards should minute the specific exceptions that remain open, approve compensating controls, and commission independent validation reviews where documentation or control assurance remains immature.

Governance architecture and accountability

Basel 3.1 touches the full suite of prudential committees. The board risk committee should receive granular evidence packs showing how the Basel steering committee is managing policy updates, data remediation, and scenario coverage. Minutes must reference SMF4 (Chief Risk Officer) and SMF2 (Chief Finance Function) sign-off of delivery plans, with SMF24 (Chief Operations) providing assurance on data lineage, systems cutovers, and internal reporting. Firms should maintain a Basel 3.1 responsibility map that traces obligations from PRA Supervisory Statements, such as SS2/23 on model risk, into policy owners, control operators, and assurance providers. Audit committees will expect to see integrated assurance maps capturing first-line controls, second-line oversight testing, and internal audit review schedules focused on output-floor capital calculations, credit risk weight assignments, and counterparty credit risk model updates.

Subsidiary boards and group oversight functions must have documented escalation paths for exceptions. Where firms use intermediate holding companies or service companies to deliver risk reporting, board packs should include service-level agreements, change freezes, and fall-back procedures. The PRA has emphasised board accountability for understanding how revised risk weights interact with macroprudential buffers and stress-testing capacity; consequently, risk committees should log challenge on how output floor phase-ins affect capital planning, investor communications, and resolution pack assumptions.

Policy, standards, and model documentation

Compliance teams must complete a full Basel policy library refresh. Every impacted policy—credit risk, counterparty credit risk, market risk, securitisation, operational risk measurement, and reporting—needs updated purpose statements, scope definitions, control standards, and monitoring routines. Evidence packs should show version control, board approvals, and SMF attestations. For internal ratings-based (IRB) portfolios, boards should demand proof that policy annexes map to the re-calibrated hybrid output floor/IRB calculations and that model documentation repositories contain refreshed model development documents (MDDs), performance monitoring reports, validation findings, and remediation plans aligned with PRA model risk expectations.

Where firms deploy standardised approaches, policies must document reference data sources, credit conversion factors, and collateral haircuts consistent with the PRA rulebook. Each policy needs corresponding operating procedures with embedded controls for data sourcing, rating assignment, overrides, and exception handling. Evidence packs should include screen captures from workflow tools, sample checklists, and sign-off records for policy roll-outs. Model governance committees must minute challenge on development timelines, vendor dependencies, and data quality assumptions, and ensure that findings are logged in the model risk inventory with accountable owners and due dates.

Data lineage, systems, and control testing

Basel 3.1 readiness hinges on data lineage from front-office systems through data warehouses into capital engines and regulatory reporting platforms. Boards should require a single Basel 3.1 data dictionary that maps every data element—exposure classes, risk weights, collateral values, probability of default and loss-given-default parameters, counterparty netting sets—to authoritative sources, data quality rules, and control owners. Evidence packs need lineage diagrams, control descriptions, and results from recent data quality testing. Technology committees should log progress on system changes, regression testing evidence, and business continuity plans covering the go-live weekend.

Control testing evidence must include walkthroughs of exposure classification logic, reconciliations between general ledger and capital engine outputs, and attestation workflows for data submissions. Banks should maintain readiness dashboards summarising test cycles completed, defects outstanding, and compensating controls. Internal audit and independent validation units should file reports summarising their review scope, findings severity, and remediation status. For critical deficiencies, boards must see signed action plans with resource allocations, interim controls, and revised delivery dates, ensuring that material risks are escalated to the PRA as required under Fundamental Rule 7.

Regulatory reporting workflow rehearsal

With COREP, FINREP, and Pillar 3 disclosures changing, reporting teams must run full dress rehearsals using Basel 3.1-compliant templates. Governance artefacts should include: a reporting calendar, data submission responsibility matrix, control checklists for key templates (e.g., C 02.00 own funds, C 08.07 counterparty risk, C 90 output floor monitoring), and evidence of dry-run submissions validated by finance, risk, and regulatory reporting leads. Boards should insist on documented sign-off trails with timestamps, highlighting segregation of duties between data preparers, reviewers, and approvers. Where banks rely on shared service centres or third-party vendors for reporting production, outsourcing oversight packs must include service-level metrics, change control logs, and contingency arrangements.

Pillar 3 narrative reporting requires board-approved disclosures explaining methodologies, governance, and risk appetite impacts. Draft disclosures should be stored with tracked changes, board comments, and legal review sign-offs. Investor relations teams must prepare Q&A briefings aligning capital guidance with the new rules, ensuring consistent messaging across regulatory and market disclosures. Evidence packs should capture communications rehearsals, stakeholder mapping, and escalation contacts for issues arising during publication week.

Scenario analysis, capital planning, and MI

Risk committees should review refreshed scenario analyses showing Basel 3.1 impacts under macroeconomic downturns, sectoral stress, and idiosyncratic events. Management information dashboards must present baseline capital ratios, output floor trajectories, exposure migrations, and sensitivity to regulatory judgement. Boards should verify that stress-testing teams have updated models and documentation to incorporate revised risk weights, leverage ratio changes, and market risk sensitivities. Evidence should include scenario design documents, governance minutes, and validation sign-offs. Where limitations persist, boards must record management actions such as capital buffers, portfolio rebalancing, or hedging strategies.

Capital planning packs should link Basel 3.1 impacts into the Internal Capital Adequacy Assessment Process (ICAAP), recovery plans, and resolution playbooks. Finance teams must provide reconciliations between regulatory capital, accounting equity, and management capital metrics, with commentary on deviations. The board should mandate monthly MI updates during the initial phase-in, capturing policy milestones, control test outcomes, regulatory interactions, and stakeholder communications. These dashboards should integrate with enterprise risk management systems to ensure traceable, auditable evidence.

Supervisory engagement and documentation readiness

Supervisory colleges will scrutinise documentation quality. Banks need a Basel 3.1 evidence room containing: programme governance charters, steering committee minutes, risk committee packs, policy documents, model inventory reports, validation outputs, data lineage artefacts, testing results, reporting rehearsal evidence, training logs, and communications plans. Each document should be catalogued with owner, last updated date, approval status, and cross-reference to PRA rules. Firms should prepare briefing notes for onsite visits covering key judgements, dependency risks, and remediation plans.

Communication protocols must outline who responds to PRA information requests, turnaround times, and escalation triggers. Regulatory affairs teams should maintain a log of supervisory interactions, meeting notes, and commitments. Boards must oversee fulfilment status monthly. If material deficiencies emerge, the bank should pre-notify the supervisor with mitigation steps, demonstrating proactive governance.

Training, culture, and sustainability considerations

Basel 3.1 implementation requires targeted training for front-office, risk management, finance, and technology teams. Governance packs should include training curricula, attendance records, and assessments. Boards should examine culture metrics—speak-up data, control incident trends, and conduct risk dashboards—to ensure the programme reinforces prudent risk-taking. Sustainability reporting teams must coordinate to reflect any capital impacts on climate risk financing plans, ensuring consistency with Task Force on Climate-related Financial Disclosures and PRA climate expectations.

Ultimately, successful go-live depends on maintaining an auditable thread from board-level decisions through first-line execution. Boards should commission post-implementation reviews within 90 days to confirm control effectiveness, embed lessons learned, and calibrate future Basel 3.1 tranches. Documenting these activities and maintaining rigorous evidence packs will be critical to demonstrating compliance, avoiding supervisory remediation, and sustaining market confidence as the regime phases in through 2028.

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • UK prudential regulation
  • Basel 3.1 implementation
  • Supervisory reporting
Back to curated briefings