Article 97
Supervisory review and evaluation
1.
Taking into account the technical criteria set out in Article 98, the competent authorities shall review the arrangements, strategies, processes and mechanisms implemented by the institutions to comply with this Directive and Regulation (EU) No 575/2013 and evaluate:
(a)
risks to which the institutions are or might be exposed;
(c)
risks revealed by stress testing taking into account the nature, scale and complexity of an institution’s activities;
(d)
risks revealed by digital operational resilience testing in accordance with Chapter IV of Regulation (EU) 2022/2554.
2.
The scope of the review and evaluation referred to in paragraph 1 shall cover all requirements of this Directive and of Regulation (EU) No 575/2013.
3.
On the basis of the review and evaluation referred to in paragraph 1, the competent authorities shall determine whether the arrangements, strategies, processes and mechanisms implemented by institutions and the own funds and liquidity held by them ensure a sound management and coverage of their risks.
4.
Competent authorities shall establish the frequency and intensity of the review and evaluation referred to in paragraph 1 having regard to the size, systemic importance, nature, scale and complexity of the activities of the institution concerned and taking into account the principle of proportionality. The review and evaluation shall be updated at least on an annual basis for institutions covered by the supervisory examination programme referred to in Article 99(2).
When conducting the review and evaluation referred to in paragraph 1 of this Article, competent authorities shall apply the principle of proportionality in accordance with the criteria disclosed pursuant to Article 143(1), point (c). In particular, for the purpose of conducting the review and evaluation of an institution, the competent authority may consider whether all of the following conditions are met:
(a)
the institution is not a G-SII, a non-EU G-SII, or a G-SII entity in accordance with Regulation (EU) No 575/2013;
(b)
the institution has not been identified as an other systemically important institution (O-SII) in accordance with Article 131(1) and (3) of this Directive;
(c)
the institution is part of a group where the parent institution and the vast majority of the subsidiary institutions are related to each other as described in Article 22 of Directive 2013/34/EU;
(d)
the subsidiary institutions referred to in point (c) of this subparagraph meet all of the following conditions:
(i)
they qualify, or the vast majority of them qualify, as mutuals, cooperative societies or savings institutions in accordance with Article 27(1), point (a), of Regulation (EU) No 575/2013 and the applicable national law includes a cap or restriction on the maximum level of distributions;
(ii)
on an individual or sub-consolidated basis, their total assets do not exceed EUR 30 billion.
4a.
Competent authorities may tailor the methodologies for the application of the review and evaluation referred to in paragraph 1 of this Article to take into account institutions with a similar risk profile, such as similar business models or geographical location of exposures. Such tailored methodologies may include risk-oriented benchmarks and quantitative indicators, shall allow for due consideration of the specific risks that each institution may be exposed to, and shall not affect the institution-specific nature of measures imposed in accordance with Article 104.
Where competent authorities use tailored methodologies pursuant to this paragraph, they shall notify EBA. EBA shall monitor supervisory practices and issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, specifying how similar risk profiles shall be assessed for the purposes of this paragraph and to ensure the consistent and proportionate application of methodologies across the Union that are tailored to similar institutions.
5.
Member States shall ensure that where a review shows that an institution may pose systemic risk in accordance with Article 23 of Regulation (EU) No 1093/2010 the competent authorities inform EBA without delay about the results of the review.
6.
Where a review, in particular the evaluation of the governance arrangements, the business model, or the activities of an institution, gives competent authorities reasonable grounds to suspect that, in connection with that institution, money laundering or terrorist financing is being or has been committed or attempted, or there is increased risk thereof, the competent authority shall immediately notify EBA and the authority or body that supervises the institution in accordance with Directive (EU) 2015/849 and is competent for ensuring compliance with that Directive. In the event of potential increased risk of money laundering or terrorist financing, the competent authority and the authority or body that supervises the institution in accordance with Directive (EU) 2015/849 and is competent for ensuring compliance with that Directive shall liaise and notify their common assessment immediately to EBA. The competent authority shall take, as appropriate, measures in accordance with this Directive.