The Autorité de contrôle prudentiel et de résolution (Prudential Supervision and Resolution Authority) presents its work programme for 2026

2025 was characterised by an unprecedented geopolitical situation, with numerous uncertainties. Financial market valuations have reached very high levels, non bank financial intermediaries (NBFIs) are gaining ground, especially in private credit, and their growing interconnections with the banking sector pose systemic risks. The digital transition has reached a tipping point: innovative players with new business models are an integral part of the financial landscape, while "traditional” players are continuing to develop digital services. Stablecoins (i.e. crypto-assets backed by an official currency) and tokenised finance are disruptive technologies that must be developed securely and used to improve the financial system.

The financial sector also needs to anticipate longer term risks, such as the threat that quantum computing could pose to traditional encryption systems or, in another area, the protection gap associated with climate change.
While the final stage of the prudential framework overhaul that began in the wake of the 2008 crisis is on the verge of completion, supervisors have initiated a streamlining process to take better account of the competitiveness challenges encountered by French and European institutions. 

Against this backdrop, in 2026 the General Secretariat of the ACPR will continue executing its work programme based on the five main focus areas approved by its Supervisory College: 

-    Identify vulnerabilities and monitor risks using a proportionate approach
-    Strengthen governance and key functions at a time when business models are evolving
-    Implement DORA (cyber and operational risks) 
-    Prepare for AI supervision and take into account the tokenisation of financial services
-    Implement the streamlining initiatives identified in 2025 to improve supervisory efficiency

Identify vulnerabilities and monitor risks using a proportionate approach 

The ACPR will continue to pay close attention to institutions’ exposure to market risk and sovereign risk against a background of strained public finances.

On site inspections will notably include topics such as the calculation of regulatory ratios by credit institutions under CRR3 and the protection of customer funds by payment institutions and electronic money institutions. For insurance undertakings, inspections will focus on asset-liability management, interest rate risk and asset valuations (especially for less liquid assets).  

The ACPR will monitor the management of risks linked to interconnectedness within the financial system, particularly with non banks (NBFIs). The system-wide stress test conducted jointly with the Banque de France and the Autorité des Marchés Financiers (AMF – Financial Markets Authority) and involving the main players in the French banking, insurance and asset management sectors will be finalised in 2026. A joint summary report on the lessons learned from this stress test will be published on completion of this work. The ACPR will also conduct an analysis of the risks associated with the growth of private credit through non banks. 

In terms of supervision of AML/CTF frameworks, the Authority will remain vigilant, in line with its risk based approach, to ensure that financial institutions most exposed to ML-TF risks adapt their internal arrangements accordingly. The ACPR will take part in the finalisation and effective deployment of FATF Recommendation 16 on the transparency of international payments, which now applies to crypto-assets. At European level, the ACPR will contribute actively to the operational implementation of the European Anti-Money Laundering Authority (AMLA), which will pave the way for a more harmonised supervision of ML-TF risks in European Union countries. 

The Authority will continue to keep a close eye on the risks arising from certain products and business practices for customers in the banking and insurance sectors. It will continue its efforts towards enhancing value for money, requiring professionals to offer products that are relevant and useful to their customers. Discussions with the financial community on the integration of management fees for life insurance contracts into the national value for money scheme, which began in February 2025, will continue in 2026. 

Strengthen governance and key functions at a time when business models are evolving

Another of the ACPR’s tasks concerns the sustainability of financial players’ business models in a rapidly changing sector. Against this background, the quality of governance arrangements and the involvement of key functions play a crucial role within supervised entities, and, for their strategy to remain relevant, it must be supported by an informed view of both risks and opportunities. The ACPR will analyse and closely monitor the management of outsourced functions and the use of intermediaries and delegated managers. It will step up its monitoring of business model risks (including in terms of impact on profitability, solvency and liquidity, in both the short and longer term). It will also ensure that sustainability issues are further integrated into risk governance. 

Implement DORA (cyber and operational risk) 

As part of the ongoing implementation of the Digital Operational Resilience Act (DORA), the Authority will step up its monitoring of operational risks (especially IT and cyber risk) as well as of the risks associated with outsourcing in this area. Three supervisory priorities have been identified for information and communication technology (ICT) risks in 2026: incident management, implementation of frameworks for the management of ICT risk, and compliance of financial entities' contracts with their IT service providers.

The ACPR will notably ensure that entities maintain their governance and internal control framework in line with DORA requirements to ensure an efficient and prudent management of ICT risk. 

The Authority will strengthen supervision, carry out on site inspections specifically targeting entities that are most exposed to risk and ensure that stakeholders regularly conduct penetration tests. 

In organisational terms, this work will be coordinated by a new directorate: the Directorate for Innovation, Data and Technological Risks, which will effectively combine innovation and AI and cyber supervision. 

Prepare for AI supervision and take into account the tokenisation of financial services

The ACPR will maintain its commitment in support of new players’ development and monitor the challenges associated with disintermediated finance. In this context, the Authority will participate in work aimed at developing DeFi-specific regulations combining traditional finance with distinctive mechanisms from other economic sectors. 

In addition, faced with surging risks associated with the rapid transformation of the crypto-asset sector and increased use of stablecoins issued by non-European players, the ACPR will fully engage in the strategic review undertaken as part of the revision of the MiCA regulation. This update aims to strengthen the protection of crypto-asset holders while anticipating the challenges posed by these new types of assets. 

The rise of artificial intelligence (AI) in the financial sector is a major innovation that fosters opportunities, including for improvements to institutions’ internal control frameworks, but it also brings new risks. Accordingly, the ACPR should be appointed as the competent market authority overseeing the effective implementation of the AI regulation in the banking and insurance sectors. The Authority will cooperate with financial sector institutions to develop assessment methodologies for AI systems, whether they are used for risk management within institutions or by the supervisor in the framework of AI system audits.

At the same time, the Authority is gearing up for the integration of artificial intelligence, especially generative AI (LLMs), into its tools and practices. These tools can improve supervisory efficiency, and several existing initiatives will be taken forward in 2026, in addition to ongoing work, notably concerning AML/CTF.

Implement the streamlining measures identified in 2025 to improve supervisory efficiency

The ACPR will play its full part in implementing the streamlining measures decided by the European Banking Authority (EBA) and the European Central Bank (ECB) within the framework of the Single Supervisory Mechanism (SSM), while contributing to the work scheduled by the European Commission and the other three European supervisory authorities in 2026.
With this, ACPR teams aim to step up their risk-based approach by focusing on identifying and managing the major risks specific to each institution. Synergies between on site inspections and documentary audits will be enhanced to target specific vulnerabilities more effectively. Certain regulatory reports will be re-examined with this in mind, including those required under Article 29 of the Climate and Energy Act (LEC29). 
In 2026, the ACPR will ensure that institutions step up their efforts to enhance the quality of their data. Within the ACPR, this is also a key issue in improving controls and tools. 

Lastly, the Authority’s Resolution College has adopted three main priorities for the ACPR :

-    Strengthen the Authority’s involvement in work towards operationalising resolution, especially concerning the resolvability assessment and testing of French banks, in keeping with the 2024 2028 strategic plan launched by the SRB. 

-    Prepare for the entry into force of the European Union’s Insurance Recovery and Resolution Directive (IRRD), while supporting the French Treasury in transposing the directive.

-    Pursue the strategy aimed at exerting influence through analytical and policy work, particularly in terms of insurance resolution within the framework of IRRD, and share the methodological approaches developed at national level with the financial community.