In this issue, we look at important developments at European level in the regulatory and ESG context as well as a current security notice from the BSI on email communication. These topics are particularly relevant for specialist managers in the areas of compliance, risk management, sustainability reporting and IT security and require proactive measures.
Table of Contents
- EBA finalizes reporting framework 4.1 – including for the monitoring of crypto providers
- EBA launches consultation on adapted ESG disclosure requirements under CRR3
- BSI recommends upgrade of email security standards
- Now receive the most important compliance messages every week free of charge
EBA finalizes reporting framework 4.1 – including for the monitoring of crypto providers
Applicable for:
Banks, credit institutions, financial service providers, reporting officers for regulatory reporting, particularly in the areas of crypto assets, ESG and payment transactions
The European Banking Authority (EBA) has published the final technical package for the Reporting Framework 4.1. It includes standard specifications such as validation rules, the Data Point Model (DPM) and XBRL taxonomies. The new features serve to implement the following reporting requirements:
- Pillar 3 disclosure in accordance with the comprehensive ITS, including the establishment of a central Pillar 3 data hub
- MiCAR reporting on crypto assets, based on the guidelines on reporting for supervision and classification of the significance of crypto actors
- Integration of reports on instant payments into the DPM and taxonomy
- Validation rules for ESG data, as part of ad hoc data collection
The aim is to harmonize data requirements for different supervisory purposes and to provide technical support to competent authorities through standardized digital reporting formats.
Necessary measures (FAQ)
- Analysis of the new requirements in the context of crypto assets, ESG risks and instant payments
- Technical implementation of the updated DPM and XBRL taxonomies in existing reporting systems
- Review and implementation of the new validation rules to ensure data quality
- Coordination with IT departments and reporting service providers for timely implementation by June 2025
EBA launches consultation on adapted ESG disclosure requirements under CRR3
Applicable for:
Banks, in particular small and medium-sized institutions, large listed banks (indirectly), ESG officers, compliance and risk management officers, sustainability reporters.
The European Banking Authority (EBA) has launched a public consultation on the revision of the Pillar 3 disclosure requirements under CRR3. The aim is to clarify, simplify and make the ESG-related disclosure requirements more proportionate. The proposals include:
- Introduction of a proportional disclosure framework, particularly for small and medium-sized banks
- No new obligations for large listed banks, but clarifications and structural improvements to existing requirements
- Expansion to include information on equity exposures and overall risks to shadow banks
- Integration of the new NACE codes for a more consistent statistical classification of economic activities
- Introduction of flexible transitional arrangements and supervisory flexibility to facilitate implementation and reduce the compliance burden
The proposal is part of the EU’s ongoing efforts to simplify and harmonize sustainability reporting in the financial sector.
Actions required:
- Examination of the proposed disclosure requirements with regard to the respective category of institution (size, stock exchange listing)
- Assessment of internal ESG data sources with regard to their ability to reflect the new NACE classification and risk dimensions
- Preparation of internal systems for potential adjustments and transitional regulations
- Opportunity to submit comments as part of the consultation by August 28, 2025
BSI recommends upgrade of email security standards
Applicable for:
All companies with digital communication, especially IT departments, data protection and information security officers
The German Federal Office for Information Security (BSI) is calling for email communication to be upgraded to modern security standards. Recommendations include TLS 1.3, authentication mechanisms such as DMARC, SPF and DKIM as well as DANE for DNS-based protection. This should significantly reduce the attack surface for phishing and person-in-the-middle attacks.
Measures required:
- Technical review of the existing email infrastructure
- Implementation of recommended security standards (TLS 1.3, SPF, DKIM, DMARC, DANE)
- Raising employee awareness of secure email use
- Documentation and integration into the ISMS to fulfill audit requirements
Now receive the most important compliance messages every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Would you like to be up to date every day?
Our legal rights monitoring software gives you access to all notifications and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team