Source: European Central Bank

Keynote speech by Frank Elderson, Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the ECB, at the 24th Annual International Conference on Policy Challenges for the Financial Sector

Washington DC, 12 June 2025

It’s a pleasure to be here with you today. The theme of this conference – harnessing regulatory standards to empower supervision – is not only timely, but also central to how we think about the future of prudential oversight. Across jurisdictions, supervisors are rethinking how best to align regulation and supervision: making them more targeted, more agile in addressing today’s risk landscape and more efficient, all while remaining effective and credible.

At the same time, a broader debate is emerging – about whether supervisory authorities have taken on too much, whether the expectations placed on banks have grown too great, and whether more restraint might now be warranted. This debate touches on core questions about the scope, the approach and the limits of supervision.

In this context, it is worth taking a step back and revisiting some of the foundational principles that shape how we think about our role. The principles that are well established in the work of the Basel Committee on Banking Supervision, the Financial Stability Board (FSB) and the International Monetary Fund (IMF) are widely adopted by supervisors around the world.

It is with these principles that I would like to begin.

Widely held views on the proper scope of supervision

Good supervision begins with clarity about our role.

There is broad consensus – and rightly so – that banking supervision must remain anchored in a clear and limited mandate. Supervisors are not political actors. It is not their task to advance broader social or environmental objectives or, for that matter, any political goals unrelated to financial stability.

They are not there to take control of banks or to substitute their judgement for that of banks’ senior management.

They are not there to steer credit towards or away from any particular sectors or customers based on political or social preferences.

They are not there to police business models based on popularity or public sentiment.

Supervisors’ responsibility is to ensure that the institutions they oversee remain safe and sound so they can support the real economy in both good and bad times.

This means that the supervisory function must remain focused. Its role is to assess whether banks have sufficient capital and liquidity, whether they are adequately identifying and managing material financial and non-financial risks, and whether they have the capacity to absorb losses and continue to remain resilient under a range of scenarios

And we must recognise the limits of supervision^[1]. A well-functioning financial system also crucially hinges on market discipline where Investors and creditors must bear the consequences of risk decisions, for instance through bail-in. If supervision were expected to prevent all failures, it could become overly intrusive, unduly conservative and ultimately ineffective.

These principles – a clear mandate, focus and institutional discipline – are widely accepted as the foundation of prudential oversight. They serve as guard rails against overreach and politicisation.

What banking failures have taught us about risk boundaries

The principles I just outlined are generally accepted. They form the bedrock of modern prudential supervision. But what we are seeing today is the tendency of some to interpret those principles narrowly – to argue that supervision must confine itself strictly to balance sheet metrics and refrain from probing deeper into the qualitative foundations of a bank’s risk profile.

Such an approach would run counter to the direction supervisors have taken, with good reason, in the years since the global financial crisis. Such a constrained view of supervision risks making the banking system less safe, not more. It could elevate form over substance, delay intervention until consequences have materialized, and dismiss the early warning signs that rarely appear in quantitative metrics alone.

In truth, the supervisory community has spent the past 15 years broadening its field of vision, from a narrow lens focused on capital and liquidity to a wide-angle view that encompasses a broader concept of resilience. This broadening of vision was not a coincidence – it was developed based on the painful lessons of past crises.^[2] We have learned – often the hard way – that safety and soundness cannot be assured by compliance with minimum capital requirements alone. We have seen that institutions can meet all formal thresholds while concealing deep-seated governance failures, weak risk cultures and flawed assumptions about their operating environment. Failures are often rooted in unresolved qualitative weaknesses, such as poor governance and flawed business models, that go unaddressed until too late, despite compliance with capital and liquidity requirements.^[3]

As a result, supervisory effectiveness has come to increasingly depend on the ability to identify and address these underlying drivers of risk. These insights have not led to a broadening of the supervisory mandate, but to a more focused understanding of how that mandate must be exercised in practice. Where risk arises – whether in capital and liquidity, governance or internal control functions – it falls squarely within the scope of prudential oversight.

What safety and soundness actually require

To take safety and soundness seriously is to recognise that resilience depends on more than capital ratios or liquidity buffers. Over the past decades, after carefully looking at the root causes of various banking crises, supervisors have adopted a broader view on banks’ resilience beyond financial metrics. Governance and risk culture, operational resilience and structural risk drivers such as climate-related risks now form an indispensable component of the Basel Core Principles for effective banking supervision – the gold standard of supervisory practice around the globe.^[4] The Core Principles are a playbook that supervisors across the world follow when adopting and assessing their own supervisory rules.

Governance and risk culture

Let me start with governance. Supervisory experience consistently shows that weaknesses in governance and risk management are not secondary concerns – they are among the most common root causes of prudential failures.

Although Northern Rock, Lehman Brothers, Silicon Valley Bank and Credit Suisse failed for different reasons, they shared a common underlying weakness: fundamental failures in internal governance, risk culture and risk management.^[5] Time and again, it is governance failures that allow underlying risks to build up unchecked until they manifest in capital and liquidity. In that sense, weak governance is often the earliest and most reliable warning sign that an institution is heading for trouble.

The conclusion is clear: governance, risk culture and sound risk management are not peripheral issues. They are at the core of prudential oversight. They affect the quality of strategic decisions, the timeliness of remediation and, ultimately, the soundness of banks.^[6] Weakening supervisory attention to governance would mean overlooking a key driver of both success and failure. As governance is often the root cause, it is neither effective nor efficient to focus only on the symptoms of risk while ignoring what lies beneath.

Operational resilience

The same goes for operational resilience: in an environment marked by rising cyber threats and technology disruptions, financial strength alone is no longer sufficient to ensure that banks can continue serving their customers without interruption.

Recent episodes have made this clear. For example, Amsterdam Trade Bank (ATB) – a Dutch bank owned by a Russian parent – was not under stress due to capital or liquidity issues. But when international sanctions were imposed in response to Russia’s invasion of Ukraine, ATB abruptly lost access to its IT systems, which were run by third-party providers. Lacking sufficient contingency arrangements, it could no longer operate. Despite being financially sound, the bank was forced to shut down – a stark illustration of how operational fragility can lead to failure.

Encouragingly, supervisory frameworks have responded accordingly. Operational resilience and cyber risks are now at the heart of the work of the Basel Committee, the FSB and many supervisors around the globe.^[7]Operational resilience is also a priority area for European banking supervision. For instance, the ECB is conducting targeted reviews of banks’ cyber risk preparedness, outsourcing governance and operational continuity planning. The Digital Operational Resilience Act (DORA), which became applicable in the EU earlier this year, will help further boost operational resilience as it provides a robust framework that requires banks to foster a culture of continuous IT and cyber risk management.^[8]

Structural risk drivers

Certain external risk drivers have a direct impact on the traditional risk categories in the prudential framework. Two such drivers – climate and nature-related risks and geopolitical risks – have therefore become increasingly relevant to banking supervision around the world. But they are not new categories of risk. Rather, they are risk drivers, operating through established channels – credit, market, operational, liquidity, legal and reputational – and influencing the scale, distribution and dynamics of risks on banks’ balance sheets.^[9]

Thanks largely to the pioneering work of the Central Banks and Supervisors Network for Greening the Financial System (NGFS), climate-related risks now feature prominently in the work programmes of major international standard-setting bodies such as the Basel Committee, the Committee on Payments and Market Infrastructures and the FSB. The NGFS has now grown to 145 central banks and supervisors from around the world who all acknowledge that climate-related risks are a relevant driver of financial risk and therefore fall squarely within the mandate of supervisors.^[10]

Physical risks such as extreme weather events like floods, droughts and forest and city fires can damage companies’ production facilities and people’s homes. This can affect loan repayment capacity which, in turn, can lead to higher credit risk for the bank that provided the loan. Transition risks – driven by changes in regulation, technology or market preferences – can result in stranded assets and expose banks to litigation or reputational harm.^[11]

We can already see the effects of the twin climate and nature crises: think about the devastating fires in Los Angeles leading to damages estimated at hundreds of billions of dollars. Remember the floods in the Spanish region of Valencia resulting in around €17 billion worth of damage or the heavy rains in Slovenia that washed away 16% of the country’s GDP.

So when I see devastating floods like those in Slovenia or Spain, or wildfires like those in Los Angeles as a supervisor I see risk increasing. As a supervisor I see collateral being washed away or going up in flames.

So, crucially, climate and nature-related risks are not a policy objective for supervision. They are a risk driver that influences the scale and shape of exposures across all major risk categories in the Basel framework. Ignoring them would mean failing to account for a material determinant of financial soundness. Ignoring them, therefore, would be a very political thing to do.

Another example of a structural driver of traditional risk categories are geopolitical events. Their probability distribution is not straightforward due to a lack of historical data, and they often interact with existing vulnerabilities in ways that defy linear stress assumptions. Consequently, European Banking Supervision has taken steps to make sure are resilient to these risks^[12].

Global guidance on effective supervision: the role of the IMF and the Basel Committee

Much of what we now consider to be established supervisory practice has been shaped by the consistent contributions of institutions like the IMF and the Basel Committee. Their work has helped clarify the foundations of effective supervision and provided the analytical tools to respond to evolving risk environments. The IMF and the World Bank have played a critical role in advancing supervisory thinking and practice in both developed and developing economies. Through their Financial Sector Assessment Program (FSAP), they have provided policymakers in these countries with structured, comparative evaluations of supervisory frameworks and, perhaps more importantly, concrete recommendations to improve the effectiveness of their regulatory and supervisory frameworks. These assessments offer a rare combination of technical depth, candour and cross-jurisdictional perspective. FSAPs challenge complacency, encourage alignment with international standards and good practices, and highlight structural gaps that may not be visible from within.

More specifically, in the context of the EU, the IMF played a pivotal role during the euro area crisis by identifying the most pressing institutional and governance shortcomings that needed to be fixed. Ultimately, the creation of the banking union, with a common resolution framework and a single supervisor, addressed many of the deficiencies that IMF reports had clearly identified. Crucially, the IMF’s credibility, grounded in the rigour of its analysis, helped galvanise the political will needed to act – strengthening both Europe’s financial architecture and the European project as a whole.

The second euro area FSAP is currently being concluded. We look forward to engaging with the IMF’s assessment of banking supervision in the euro area and its recommendations for further improving our practices. The first euro area FSAP, which was completed in 2018, resulted in a number of important recommendations in areas such as the governance of European banking supervision, the harmonisation of national legislation and the supervision of liquidity risk. These recommendations helped raise the bar in terms of how we supervise European banks.

In recent years, the IMF’s work on supervisory culture and effectiveness – including the paper “Good Supervision: Lessons from the Field”^[13] – has further improved our understanding of what makes supervision work in practice. It underscores the importance of a clear mandate, operational independence, timely intervention, and sound internal governance within supervisory authorities themselves. What makes this work particularly valuable is that it draws on the IMF’s experience across a wide range of jurisdictions, bringing together practical lessons from different supervisory contexts.

Together, the IMF and the Basel Committee have provided both external discipline and internal structure. They have helped ensure that supervisory frameworks evolve in a way that is coherent, risk-sensitive and globally aligned. In doing so, they have contributed significantly to the stability and credibility of the post-crisis supervisory landscape.

Five pillars of good supervision

It is now widely accepted that supervision must consider a wider range of risk factors – including governance, operational resilience and structural risk drivers. This has been the consensus for some time, and recent events have only reinforced it. But with this broader scope comes a responsibility to maintain operational discipline. Supervision must remain risk-focused, calibrated and effective.

In this context, a growing international consensus around five core supervisory pillars has emerged. These pillars provide a practical foundation for supervision that is both risk-sensitive and institutionally grounded.

1. Risk-based and forward-looking

Supervision must focus on the risks that matter most. That means identifying vulnerabilities before they materialise and assessing whether banks can remain resilient under adverse but plausible scenarios.

This includes risk areas that may be sensitive in some jurisdictions. Climate and nature-related financial risks, for instance, should be assessed not because of their policy implications, but because they are material drivers of credit, market, operational, legal and other types of risk. Concealing them will not make them disappear. And ignoring them will not make them less of a threat. Risk-based supervision therefore does not differentiate between risks on the basis of political tides. It addresses material risks to make sure that banks remain safe and sound.

2. Judgement-based and engaged

Effective supervision relies not just on facts, figures and fundamentals, but also on professional judgement applied with independence. Supervisors must be close enough to understand the bank’s risk environment yet far enough to challenge management assumptions where needed.

This involves connecting data points across silos, probing for root causes rather than symptoms, and escalating issues promptly when risk management responses fall short. Supervision is not passive monitoring – it is active, structured and engaged oversight, compelling banks to improve where necessary.

3. Independent and accountable

Supervisors must be operationally independent in order to challenge the banks they oversee – including on sensitive or strategic issues. Independence must be matched by accountability. This means being transparent about the reasons for decisions, open to scrutiny and prepared to explain both action and inaction.

It also means learning from times when intervention was insufficient or too slow. The credibility of the supervisory function depends on public trust, and that trust rests on a clear sense of institutional responsibility: the willingness to own decisions, acknowledge missteps and continuously improve the way the supervisory mandate is fulfilled.

4. Calibrated and consistent

Supervision must be tailored to the size, complexity and risk profile of the bank – but with consistent expectations across the system. Smaller banks are subject to less frequent scrutiny, but not to lower prudential standards.

Consistency also means applying expectations in a comparable way over time and across supervisory teams and jurisdictions.

5. Action-oriented and enforceable

Supervision must lead to change where change is needed. Supervisors need not only the analytical capacity to detect risk, but also the powers, ability and willingness to act to make sure that findings are addressed in a timely manner. The turmoil of March 2023 underscored the cost of delay when known weaknesses remain unresolved.

A structured escalation framework is essential. Supervisors must define proportionate and time-bound remediation paths – and be prepared to move from moral suasion to enforcement with formal, legally binding requirements when necessary. For example, in our experience within European banking supervision, supervisors often identify issues that banks themselves recognise and address promptly. In such cases, moral suasion works well, and the matter is resolved quickly and constructively. But there are times when moral suasion alone is not enough – or only proves effective because banks are aware that supervisors also have more intrusive tools available.

Legal risk must be assessed, but must not be used as an excuse for inaction. Supervisory decisions must be defensible – and where challenged, they must be upheld or clarified through institutional processes and where annulled due to a different judicial interpretation of the law, lessons are drawn from that experience. A functioning enforcement culture is essential for timely remediation and systemic resilience. Supervisors should not shy away from using all the tools at their disposal – even the more severe tools – if necessary.^[14]

Taken together, these five pillars provide a coherent model for effective supervision in a complex and fast-changing financial environment. They enable supervisors to address the full range of material risks while maintaining predictability and institutional discipline.

This is not about expanding the supervisory mandate. It is about delivering on the mandate in a way that reflects the realities of modern banking and the expectations of those we serve.

Supervision and simplification

The theme of this conference – harnessing regulatory standards to empower supervision – captures a central challenge for all supervisory authorities: how to ensure that regulation and supervision work in concert, not at cross purposes. Across the supervisory community, there is growing momentum to simplify regulatory and supervisory processes. This reflects both external expectations – including calls to reduce the administrative burden – and internal recognition that supervisory efficiency is essential to credibility.

At the ECB, we are actively working to make our own supervisory processes more targeted, streamlined and risk-focused.^[15] Simplifying supervisory processes is not only compatible with effective supervision – it is a precondition for sustained effectiveness in a more complex and resource-constrained environment.

At the same time, simplification needs to be understood in its proper context. A more efficient supervisory process does not imply a higher tolerance for unresolved risk. It does not mean overlooking persistent deficiencies, delaying action or avoiding the use of intrusive tools when they are warranted. Risk-based supervision requires prioritisation – but prioritisation must not become passivity.

To that end, the ECB is taking practical steps to make supervision more efficient and focused. We have streamlined our core processes so that supervisors can concentrate on the most important issues and give banks clearer, earlier guidance.^[16]

But simplification must not mean reduced vigilance. It requires a supervisory mindset that empowers individuals to exercise judgement, to make decisions and to feel confident in doing so. When risks are identified and remediation is slow or insufficient, supervisors must be prepared to act in a timely manner, using the full range of tools available.

Simplification and strong supervision are not contradictory. In a changing political and financial environment, maintaining the right balance between them will be critical. When properly aligned, they enable a supervisory model that is both efficient and effective – capable of adapting to new risks, while upholding public confidence in the stability of the system.

Conclusion

Let me conclude.

Over the past two decades, supervision has adopted a more comprehensive view of banks’ resilience. This progress has not been accidental. It has been driven by the experience – at times costly and painful – that financial resilience alone does not reduce the likelihood of banks failing. Prudential oversight must therefore also cover the structural and behavioural factors that affect banks’ resilience.

Today, that progress is being questioned. Some argue that supervision has adopted a too broad view. That the best course of action would be to narrow the scope, defer more to market incentives and lighten supervisory intervention. These arguments often invoke restraint – but in practice, they risk taking us back to a model that proved insufficient.

The task now is not to do more for the sake of doing more. Nor is it to step back in the name of simplicity. The task is to act decisively and proportionately on the risks that matter. To maintain a supervisory approach that is clear, consistent and enforceable. And to ensure that simplification leads to sharper focus – not diminished resolve.

Let us therefore ensure we do not allow the lessons of past crises to disappear in the rear-view mirror.

Let us resist the temptation to lower the guardrails, thinking that “this time will be different”, the phrase so poignantly coined in Reinhart and Rogoff’s “Eight Centuries of Financial Folly”.^[17]

Let us, for once, avoid such folly and sidestep that all-too-attractive trap.

Thank you for your attention.