Article 97
Supervisory review and evaluation
1.
Taking into account the technical criteria set out in Article 98, the competent authorities shall review the arrangements, strategies, processes and mechanisms implemented by the institutions to comply with this Directive and Regulation (EU) No 575/2013 and evaluate:
(a)
risks to which the institutions are or might be exposed;
(c)
risks revealed by stress testing taking into account the nature, scale and complexity of an institution's activities.
2.
The scope of the review and evaluation referred to in paragraph 1 shall cover all requirements of this Directive and of Regulation (EU) No 575/2013.
3.
On the basis of the review and evaluation referred to in paragraph 1, the competent authorities shall determine whether the arrangements, strategies, processes and mechanisms implemented by institutions and the own funds and liquidity held by them ensure a sound management and coverage of their risks.
4.
Competent authorities shall establish the frequency and intensity of the review and evaluation referred to in paragraph 1 having regard to the size, systemic importance, nature, scale and complexity of the activities of the institution concerned and taking into account the principle of proportionality. The review and evaluation shall be updated at least on an annual basis for institutions covered by the supervisory examination programme referred to in Article 99(2).
When conducting the review and evaluation referred to in paragraph 1 of this Article, competent authorities shall apply the principle of proportionality in accordance with the criteria disclosed pursuant to point (c) of Article 143(1).
4a.
Competent authorities may tailor the methodologies for the application of the review and evaluation referred to in paragraph 1 of this Article to take into account institutions with a similar risk profile, such as similar business models or geographical location of exposures. Such tailored methodologies may include risk-oriented benchmarks and quantitative indicators, shall allow for due consideration of the specific risks that each institution may be exposed to, and shall not affect the institution-specific nature of measures imposed in accordance with Article 104.
Where competent authorities use tailored methodologies pursuant to this paragraph, they shall notify EBA. EBA shall monitor supervisory practices and issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, specifying how similar risk profiles shall be assessed for the purposes of this paragraph and to ensure the consistent and proportionate application of methodologies across the Union that are tailored to similar institutions.
5.
Member States shall ensure that where a review shows that an institution may pose systemic risk in accordance with Article 23 of Regulation (EU) No 1093/2010 the competent authorities inform EBA without delay about the results of the review.
6.
Where a review, in particular the evaluation of the governance arrangements, the business model, or the activities of an institution, gives competent authorities reasonable grounds to suspect that, in connection with that institution, money laundering or terrorist financing is being or has been committed or attempted, or there is increased risk thereof, the competent authority shall immediately notify EBA and the authority or body that supervises the institution in accordance with Directive (EU) 2015/849 and is competent for ensuring compliance with that Directive. In the event of potential increased risk of money laundering or terrorist financing, the competent authority and the authority or body that supervises the institution in accordance with Directive (EU) 2015/849 and is competent for ensuring compliance with that Directive shall liaise and notify their common assessment immediately to EBA. The competent authority shall take, as appropriate, measures in accordance with this Directive.