On 15 January 2026, the Prudential Regulation Authority (PRA) published ‘Dear CEO’ letters setting out its 2026 priorities in relation to the supervision of Uk deposit takers and international banks.

In these letters, which were sent to Chief Executive Officers of PRA regulated UK deposit takers and international banks active in the UK, the PRA explains that it is setting out priorities in relation to which it expects firms to maintain attention, and that it is also setting out the work it is doing to advance its secondary objectives, by supporting innovation and adapting its supervisory approach.

The priorities covered in these letters are:

  • Strategic risk management: The PRA explains that it has observed that firms vary in their ability to proactively identify, monitor and manage changing risks and their complex interaction and that senior managers and boards need to ensure that their organisations maintain robust risk management frameworks that are proportionate, keep pace with changes to their business model and adapt to the changing external environment and that firms have these frameworks in place across business lines, risk management, and audit.
  • Operational resilience: The PRA highlights that following its review of firms’ work to meet the 31 March 2025 deadline in SS1/21 it expects relevant firms to improve their operational resilience testing, and for operational resilience to be an integral part of their decision making and that firms’ senior managers and boards should routinely consider how strategic changes such as new products, IT upgrades, and outsourcing affect resilience, but that actions should be proportionate to the size and business model of the firm and targeted at important business services.
  • Financial resilience: The PRA also makes clear that it continues to expect firms to consider and manage risks across a comprehensive set of forward-looking liquidity and capital metrics, taking into account any changes to their business models or booking practices, using rigorous stress testing to evaluate their financial resilience.
  • Data risk: The PRA sets out its view that data is a cornerstone of effective risk management, yet weaknesses in data quality continue to drive operational and prudential issues and, as a result, that it expects firms to embed strong data governance and controls, recognising that poor data undermines regulatory calculations, effective decision-making and resilience.
  • Facilitating competition, international competitiveness and growth: The PRA also sets out that as part of furthering this objective it intends to continue working to streamline and reduce the regulatory reporting burden, that in relation to adapting its supervisory approach it has transitioned some firms from an annual cycle for periodic summary meetings to a two-year cycle, and that it will continue to pursue initiatives such as the new authorisations and scale up unit.