PRA 2026: Priorities for UK Deposit Takers

Time to read: 4 minutes

TL:DR - The PRA’s 2026 priorities stress the need for stronger risk management, enhanced governance, improved operational and financial resilience, and better data quality across UK deposit‑takers. Firms must refine controls, strengthen stress‑testing, and upgrade data integrity while adapting to geopolitical and macroeconomic uncertainty. The PRA also expects firms to balance prudential strength with sustainable growth, ensuring strategies stay within risk appetite and are supported by robust oversight.

• Introduction
• Strengthen Risk Management, Governance and Controls
• Operational and Financial Resilience
• Focus on Data Quality and Reporting Integrity
• Adapting To An Evolving Macro and Geo Political Landscape
• Balancing Resilience and Growth Objectives
• From Priorities to Practices
• Ruleguard Addresses PRA's Priorities
• PRA Checklist

2026 Supervisory  Priorities

"The UK banking sector’s resilience requires maintained focus on risk management, governance and controls, operational and financial resilience, and data risk. ”

(PRA Jan 2026, Letter to CEOs of PRA regulated UK deposit takers) 

As the UK financial system faces a complex and uncertain global backdrop, the Prudential Regulation Authority (PRA) 2026 supervisory priorities reaffirm its core mandate to promote safety and soundness while supporting sustainable growth.  

These priorities, set out in the PRA’s annual letter to chief executives of UK deposit-taking firms, reflect heightened geopolitical risks, fragmented capital markets and pressures on sovereign debt. This underscores the need for robust risk management and resilient business models.

These priorities signal continued supervisory focus on prudential strength, governance, operational resilience and data integrity. Below, we delve into the PRA’s priorities and outline key actions firms should consider now.

Strengthen Risk Management, Governance & Controls

At the heart of the PRA’s supervisory agenda is the expectation that firms maintain robust frameworks for identifying, assessing and mitigating risks. Boards and senior management must ensure that risk governance structures are not only documented but embedded in day-to-day decision-making processes.  These are similar messages outlined by David Bailey in June 2025.

Firms need to reassess risk appetite statements and escalation pathways to capture emerging strategic, credit and market risks. Testing and refining internal controls are crucial to ensure controls remain effective under stress scenarios. Additionally, enhanced board reporting should include forward-looking risk analytics that align with strategic objectives.

Operational & Financial Resilience

The PRA highlights that resilience is not static. It must evolve with operational complexity and technological changes within a firm. Cyber risk, AI use cases, third party dependencies and business continuity remain high on the regulatory agenda.

Firms should conduct targeted operational resilience testing against severe but plausible scenarios including cyber-incidents. Set impact tolerances and track evolving risks.  Reviewing third party risk management frameworks, including outsourcing risks, is vital in ensuring service providers meet resilience standards. Furthermore, firms need to validate financial stress-testing outcomes within strategic planning cycles.

Focus on Data Quality & Reporting Integrity

Strong data governance underpins effective risk management and regulatory compliance. The PRA expects firms to invest in improving data accuracy, timeliness and control frameworks that support regulatory reporting and risk decision-making.

Firms should map their data flows to regulatory reporting outputs to help identify control gaps. This should be followed by strengthening data lineage documentation to support auditability and risk analysis. Consideration must be given to investment in scalable data architecture that supports both regulatory and business intelligence needs.

Adapting to an Evolving Macro & Geopolitical Landscape

The PRA stresses the ongoing challenges posed by geopolitical tension, fragmented global markets and sovereign debt pressures. These factors can materially affect liquidity and credit exposures.

Firms should focus upon updating their stress testing to reflect macro-geopolitical risk factors. This requires alignment of strategic planning with long-range forecasts for trade, capital flows and economic volatility. Attention should also upon reassessing portfolio concentrations and counterparty risk in light of global uncertainty.

Balancing Resilience & Growth Objectives

The PRA’s priorities maintain its focus upon safeguarding financial stability and facilitating the sector’s ability to support the UK economy. Firms must demonstrate that growth strategies are underpinned by strong risk frameworks.

To address these areas, firm should focus upon articulating how growth initiatives fit within overall risk tolerance limits. This means that expansion into new products, markets or business lines is accompanied by proportional risk controls and oversight. Firms must engage proactively with supervisors to demonstrate alignment with policy objectives.

From Priorities to Practices

The PRA’s 2026 supervisory priorities underscore a consistent message.

Prudential excellence demands proactive, forward-looking risk management supported by strong governance, resilient operations, and high-quality data. While the letter is specifically directed at UK deposit takers, the themes resonate across financial services including asset management and wealth management. As regulators increasingly converge on resilience, risk culture and strategic readiness.

Firms that move beyond compliance to embed these principles into strategy and performance measurement will be better positioned to both withstand volatility and capitalise on opportunities for growth.

Ruleguard addresses PRA's priorities

Ruleguard helps firms meet the PRA’s 2026 priorities by strengthening risk management, governance, and operational resilience. It does this through centralised control libraries, automated control attestations, governance workflows, and live-data board reporting, all of which embed effective oversight into day‑to‑day processes.

The platform also supports structured third party risk oversight, giving firms a clear and auditable view of their resilience posture.

In addition, Ruleguard enhances data quality and regulatory reporting by providing data lineage tracking, robust evidence capture, and structured ownership, improving accuracy and traceability. It further helps firms respond to evolving macro‑geopolitical risks through centralised horizon scanning, taxonomy‑driven risk updates, and workflow‑based reassessment reviews.

Ruleguard's Operational Risk Management Solution provides a centralised, automated platform to manage the full lifecycle of operational risks. From identifying, assessing, and monitoring risks to managing incidents and  control failures, every element is tracked with full auditability. Firms can seamlessly capture risks, map them to business processes, assign ownership, and automate escalations.

Ruleguard is a comprehensive solution that lets you protect and propel your business forward through the complex regulatory landscape.

Ready to Assess Your PRA 2026 Readiness?

Understanding the PRA’s 2026 priorities is one thing, demonstrating that your firm is prepared is another.

Our PRA Readiness Checklist helps UK deposit-takers and regulated firms translate supervisory focus areas into clear, practical actions. Use it to benchmark your current framework, identify gaps, and prioritise improvements ahead of regulatory scrutiny.

The checklist helps you assess:

• Governance & Accountability – Board oversight, SMF responsibilities, risk ownership, and evidencing effective challenge.
• Risk, Controls & Operational Resilience – Control effectiveness, stress testing, scenario planning, and resilience mapping aligned to PRA expectations.
• Data, Reporting & Regulatory Evidence – Data quality, MI, documentation, and the ability to produce clear supervisory evidence on demand.

Don’t wait for supervisory engagement to uncover weaknesses.

Download the PRA Readiness Checklist and start your assessment today.