Banking Regulation in Slovakia

The banking sector in the Slovak Republic is primarily governed by European Union law, given Slovakia’s membership of both the EU and the eurozone, complemented by domestic legislation that transposes EU directives and establishes the institutional framework for banking supervision.

The cornerstone of Slovak banking regulation is Act No. 483/2001 Coll. on Banks (“Act on Banks”), which sets out the conditions for the establishment and operation of banks, licensing requirements, permissible activities, governance, prudential rules, and measures for recovery and resolution.

The Act on Banks defines a bank as a legal entity with its registered office in the Slovak Republic, established as a joint-stock company, which is a credit institution under a special regulation and which holds a banking licence (a “Slovak bank”). The Act also regulates branches of foreign banks located and operating in Slovakia.

Closely linked is Act No. 747/2004 Coll. on Supervision of the Financial Market (“Act on Financial Market Supervision”), which sets out the statutory powers of the supervisory authority. In addition, Act No. 118/1996 Coll. on Deposit Protection (“Deposit Protection Act”) establishes the Deposit Protection Fund and guarantees deposits up to the harmonised EU limit of EUR100,000 per depositor.

Key EU banking legislation includes the Capital Requirements Regulation No. 575/2013 (CRR), the Capital Requirements Directive No. 2013/36/EU (CRD IV), the Capital Requirements Directive No. 2019/878 (CRD V), and the Bank Recovery and Resolution Directive No. 2014/59/EU (BRRD).

Other relevant EU acts that significantly affect banks include:

• the Deposit Guarantee Schemes Directive No. 2014/49/EU;

• the Single Supervisory Mechanism Regulation No. 1024/2013, the SSM Framework Regulation No. 468/2014 of the European Central Bank and the Single Resolution Mechanism Regulation No. 806/2014 (“SRM Regulation”), which establish the framework for the supervision and resolution of banks in EU member states participating in the Banking Union, including Slovakia;

• the Markets in Financial Instruments Directive II No. 2014/65/EU (MiFID II) and the Payment Services Directive No. 2015/2366 (PSD2), which regulate investment and payment services provided by banks; and
• the Markets in Crypto-Assets Regulation No. 2023/1114 (“MiCA Regulation”), which governs crypto-related activities.

Anti-money laundering (AML) obligations are governed by Act No. 297/2008 Coll. on Protection against Money Laundering and Terrorist Financing (“AML Act”), transposing the EU AML legislation.

Supervisory Authorities

Banking supervision in Slovakia operates within the framework of the EU Banking Union. The National Bank of Slovakia (NBS) is the national supervisory authority. It is entrusted with licensing, ongoing supervision, prudential regulation, conduct oversight and consumer protection in the financial sector.

At the European level, the European Central Bank (ECB) has direct supervisory responsibility for significant credit institutions, ie, banks, in Slovakia (eg, Tatra banka, a.s. or Všeobecná úverová banka, a.s.) under the Single Supervisory Mechanism (SSM). Less significant credit institutions remain under the direct supervision of the NBS, subject to ECB oversight. The supervisory framework is complemented by the Single Resolution Mechanism (SRM), which provides a harmonised approach to the orderly resolution of failing banks covered by the SSM.

Bank authorisation in Slovakia is governed by the Act on Banks and EU law, with the NBS as the competent authority in co-ordination with the ECB within the framework of the SSM.

(i) Authorisation Requirement

Any legal entity intending to conduct banking activities in Slovakia must obtain a banking licence, also referred to as “banking authorisation”. Only authorised banks may use the term “bank” in their business name. Foreign banks from outside the EU are also subject to authorisation by the NBS, while banks licensed in other EU member states may operate in Slovakia under the EU passporting regime, without the need for a separate national licence (please see (v) below).

(ii) Application Process, Timelines, Costs and Regulatory Engagement

The authorisation process is strictly regulated and involves a thorough assessment of the applicant, including its ownership structure, business plan, capital adequacy, governance framework, and the fitness and propriety of senior management.

Applications for authorisation are submitted to the NBS. The NBS assesses whether the applicant meets all statutory conditions for obtaining a banking authorisation. However, the ECB has the ultimate authority to grant or revoke banking licences for all banks in participating EU member states, whether significant or less significant, under the SSM. Therefore, if the NBS finds all conditions met, it submits a draft decision to the ECB, which has ten working days to object; if no objection is raised, the authorisation is granted.

The banking authorisation shall not be granted unless the conditions set out in the Act on Banks are proved to have been met. These include, inter alia, minimum share capital of EUR16.6 million, lawful origin of funds, suitable and trustworthy shareholders and management, a sound business plan, and adequate organisational and control systems.

A bank may commence the performance of the banking activities specified in its banking authorisation upon written notification by the NBS that the required conditions have been fulfilled.

The banking authorisation is granted for an indefinite period and non-transferable, and it does not pass to a legal successor. The fee for granting a banking authorisation is set by the NBS and, at present, amounts to EUR5,000.

The NBS decides on applications within 6 to 12 months, or up to 18 months if co-operation with European authorities is required.

A bank is required to register the authorised banking activities in the Commercial Register within ten days of the banking authorisation becoming legally effective.

(iii) Activities and Restrictions

A banking authorisation specifies the exact scope of the authorised banking activities and may also include conditions that the bank or a branch of a foreign bank must fulfil. The banking authorisation may also limit the scope or manner of conducting certain banking activities.

Apart from its core activities of accepting deposits and granting loans, a bank may carry out other banking activities, provided they are included in its banking authorisation. These may include payment and settlement services, investment and trading activities, management of client claims, financial leasing, issuance and administration of securities, safe custody of assets, and the issuance of electronic money or asset-backed tokens.

However, banks and branches of foreign banks are prohibited from carrying out any business activities other than banking activities, except for activities that are directly related to their operations and carried out with the prior consent of the NBS. Banks and branches may also engage in financial intermediation in accordance with Act No. 186/2009 Coll. on Financial Intermediation and Financial Advisory Services.

(iv) Ancillary Activities and Additional Regimes (MiFID II, MiCA)

In addition to core banking services, banks commonly engage in investment services and ancillary investment activities under MiFID II, which is implemented in Slovakia through Act No. 566/2001 Coll. on Securities and Investment Services.

Investment services and activities include executing orders relating to financial instruments on behalf of clients, portfolio management, investment advice, etc. Ancillary services include safekeeping and administration of financial instruments for clients, providing credits or loans to facilitate transactions in financial instruments, performing investment research or financial analysis, etc.

Banks and branches of foreign banks are authorised to provide investment services, investment activities, and ancillary services only if such activities are included in their banking authorisation.

With regard to crypto-asset services, from 30 December 2024, such services may be provided only with an authorisation issued by the NBS. This applies to services including custody and administration of crypto-assets on behalf of clients, operation of trading platforms, or the issuance of stablecoins and electronic money tokens.

Please note that a branch of a foreign bank cannot be granted a banking authorisation to perform these activities.

To assist applicants, the NBS allows pre-licensing meetings to clarify the required services under the MiCA Regulation, consult on detailed regulatory requirements and explain the steps of the authorisation process.

(v) European Passport (Branches and Cross-Border Services)

Foreign banks authorised in another EU member state or another contracting state of the European Economic Area (EEA) may operate in Slovakia under the European passporting framework upon notification to the NBS, either:

• on the basis of freedom to provide services; or
• through the establishment of a branch.

The acquisition or increase of control over a bank in Slovakia is subject to a detailed regulatory framework under the Act on Banks, harmonised with EU requirements under the CRD IV/CRD V package.

Requirements and Triggering Thresholds

Any person (natural or legal) intending to acquire, directly or indirectly, a qualifying holding in a Slovak bank must notify and obtain prior approval from the NBS.

A qualifying holding is defined in line with EU law as a direct or indirect holding representing 10% or more of the capital or voting rights of a bank, or the ability to exercise significant influence over its management.

According to Section 28 of the Act on Banks, prior approval from the NBS is also required for any further increase in a qualifying holding whereby the share in the bank’s share capital or voting rights would reach or exceed 20%, 30% or 50%, or whereby the bank would become a subsidiary of the person acquiring such holding.

Likewise, any person intending to dispose of a qualifying holding in a bank, or to reduce their share in the bank’s capital or voting rights below 20%, 30% or 50%, or in such a way that the bank would cease to be their subsidiary, is required to notify the NBS in advance in writing.

The regime applies equally to domestic and foreign acquirers. There are no general restrictions on foreign ownership of Slovak banks, although the NBS and the ECB, as part of the SSM, assess the proposed acquirer’s suitability and reputation, the financial soundness of the proposed acquirer and the acquisition, and the transparency of the ownership structure.

Nature of Regulatory Filings and Obligations

The notification must be submitted to the NBS, which assesses the application and forwards its draft decision to the ECB. Similarly to the granting or withdrawal of a banking authorisation, the ECB may oppose the acquisition; if not, the NBS grants prior approval.

The competent authority, ie, NBS or ECB, may oppose the acquisition if there are reasonable grounds for doing so or if the information provided by the proposed acquirer is incomplete.

The NBS has set out the detailed requirements for the application for prior approval, including the documents to be attached, in its Measure No. 6/2010, as amended.

The application must include identification of the applicant and target bank, details of shares, acquisition purpose, conflict-of-interest information, and supporting documents demonstrating financial soundness and governance of the acquirer.

The fee for prior approval is EUR1,200, and the NBS decides within 60 working days; if no decision is made, approval is deemed granted.

Ongoing Requirements and Reporting Obligations

Once approved, shareholders with qualifying holdings are subject to ongoing obligations, including the following:

• Any subsequent increases or decreases crossing the statutory thresholds (10%, 20%, 30%, 50%) must again be notified and approved.
• Shareholders must remain fit and proper, financially sound, and transparent in ownership. Compliance with conditions and obligations is monitored by ongoing supervision.

In addition, banks listed on a regulated market must provide the NBS at least annually, or immediately upon request, with written information on their shareholders and any other persons exercising voting rights at the bank’s general meeting.

Core Corporate Governance and Risk Management Requirements

Banks are subject to corporate governance, risk management and internal control requirements under EU law (CRD IV/CRR), national law and European Banking Authority (EBA) Guidelines.

Under the Act on Banks, banks must define a management structure with clear responsibilities and proportionate internal control and audit functions. Banks are required to establish remuneration policies that are consistent with their risk management framework, promote sound risk-taking and comply with principles of equal treatment.

Moreover, banks must implement a comprehensive risk management system covering all material risks, with policies for monitoring, mitigating and reporting, and ensure IT systems, business continuity and AML/counter-terrorist financing (CTF) measures are integrated into internal controls and audit functions.

In addition, in accordance with NBS Methodological Guideline No. 8/2022 and in line with EBA Guidelines, suitability checks (integrity, competence, time commitment, limits on multiple directorships) for board and senior managers are carried out on an ongoing basis and where necessary.

Voluntary Codes and Industry Initiatives

Beyond binding law, Slovak and regional voluntary instruments influence corporate governance and banking practice.

The Slovak Association of Corporate Governance issued the Code of Corporate Governance for Slovakia, to the preparation of which the Slovak Banking Association (SBA) also contributed. The development of the national Code closely follows global trends in corporate governance and is based on the OECD Principles of Corporate Governance. Regarding the banking sector specifically, the SBA has issued the Ethical Code of Banks – Consumer Protection, which sets binding rules and principles for SBA member banks.

In addition, in Slovakia it is customary for individual banks to maintain their own codes of conduct, which they follow within the scope of their business.

Diversity Requirements

EU governance guidance (ie, EBA Guidelines on internal governance and Guidelines on the benchmarking of diversity practices) requires banks to adopt diversity policies for their management bodies and to report on diversity indicators (gender, skills, age, etc).

In the context of Slovak law, the NBS has expressed its alignment with the EBA Guidelines on the benchmarking of diversity practices, and supervised entities are expected to act in accordance with these guidelines. Under the Act on Banks, banks are obliged to apply diversity rules when selecting members of the management body and the supervisory board, in line with the relevant EBA Guidelines. Banks are also required to promptly submit published information on diversity to the NBS.

Bankers’ Oath/Rules of Conduct

Slovakia does not presently operate a nationally mandated “bankers’ oath” comparable to legislative moves in some EU states. Instead, professional conduct is ensured through fit and proper rules, internal codes, contractual and disciplinary regimes, and supervisory sanctions.

Designation and Approval Process

In Slovakia, the appointment of directors and senior managers of banks is governed by the Act on Banks and EU governance rules (CRD/CRR, EBA/ECB guidance).

Members of the management body, members of the supervisory board, holders of key functions, and persons proposed for appointment as a holder of procuration or head of a control unit (internal audit or internal control), or responsible for AML and CTF tasks, require prior approval by the NBS or ECB, depending on bank significance; otherwise, such election, appointment or change is invalid.

In accordance with NBS Methodological Guideline No. 4/2024, the suitability of individuals for positions under the Act on Banks requires, in particular: sufficient time commitment for the performance of duties; honesty, integrity and independent thinking; adequate individual and collective knowledge, skills and experience; adequate human and financial resources allocated for training and professional development; and diversity considerations in the selection of persons.

The Methodological Guideline further specifies the scope of information and accompanying documentation to be submitted by the bank, without providing an exhaustive list of the factors considered in assessing the suitability of individuals and the management and supervisory bodies as a whole.

Screening Requirements

The assessment of suitability of individuals and of the bank’s bodies as a whole is conducted on an ongoing basis and as necessary.

The assessment encompasses checks on professional competence (relevant education, track record in financial services, managerial capacity), reputation and integrity (absence of criminal convictions, disciplinary sanctions, insolvency records), and financial soundness (no personal bankruptcy). The NBS/ECB also review conflicts of interest, the collective suitability of the management body, and diversity of expertise.

Remuneration Requirements

In Slovakia, remuneration requirements for banks are primarily governed by the Act on Banks, CRD IV/CRD V, and related EBA Guidelines on sound remuneration policies.

Remuneration principles apply to all persons whose professional activities have a material impact on the bank’s risk profile. This includes members of the management and supervisory boards, senior managers, employees in control functions (risk management, compliance, internal audit), and other staff whose remuneration or responsibilities materially influence the institution’s risk exposure.

Under the Act on Banks, remuneration principles must take into account the bank’s size, its internal organisation and the nature, scope and complexity of its activities.

Remuneration Principles

The regulatory framework requires banks to adopt sound, transparent and risk-aligned remuneration policies that promote prudent risk-taking, reflect the bank’s strategy and values, prevent conflicts of interest, ensure independent compensation for control functions, and distinguish between fixed and variable components.

Supervisory Approach

According to the Act on Banks, significant banks are required to establish a remuneration committee composed of at leastthree members. Other banks may appoint a designated person responsible for the remuneration system instead.

In addition, banks must annually inform the NBS by 30 June of gender pay differences, and of all individuals whose total remuneration equals or exceeds EUR1 million for the relevant accounting period.

Legal and Regulatory Framework

Slovak banks as well as branches of foreign banks operating in Slovakia are subject to a comprehensive AML and CTF framework under Slovak law. The primary legislation is the AML Act, which has been repeatedly amended to implement the requirements of the 4th and 5th EU AML Directives.

In addition, on 30 May 2024, the Council of the European Union adopted a new legislative package that further strengthens the EU AML/CTF framework. The package consists of:

• the 6th AML Directive, which repeals the 4th AML Directive and represents a significant step forward in harmonising AML/CTF supervision and co-operation across EU member states;
• a Regulation establishing a new EU AML authority;
• a Regulation on AML/CFT obligations in the private sector (“AML Regulation”), which introduces a fully harmonised set of AML/CTF rules across the EU. It is also expected to significantly improve the consistency, enforcement and effectiveness of AML/CTF measures throughout the EU; and
• a revision of the Transfer of Funds Regulation on information accompanying transfers of funds and certain crypto-assets (“TFR Regulation”).

While the Regulations are directly applicable in all EU member states, the 6th AML Directive entered into force on 10 July 2024 and must be transposed by member states into national law by 10 July 2027.

In Slovakia, the recent amendment of the AML Act, effective as of 15 January 2025, has already addressed the implementation of the TFR Regulation. However, the 6th AML Directive has not yet been transposed into Slovak law. Its implementation is expected to be carried out through a forthcoming amendment to the AML Act.

The AML Act in conjunction with other key legal provisions, notably the Act on Banks and the Act on Financial Market Supervision, entrusts the NBS with supervisory powers over banks and other financial institutions. In addition, the Act No. 300/2005 Coll., the Criminal Code, criminalises both money laundering and the financing of terrorism. Corporate criminal liability in this area was introduced by Act No. 91/2016 Coll. on the Criminal Liability of Legal Persons.

The implementation of this framework is supported by secondary regulations, methodological guidelines and recommendations.

The AML Act applies, inter alia, to all banks licensed under the Act on Banks, including domestic and foreign branches operating in Slovakia. Banks are classified as “obliged entities”, meaning they must implement measures to detect, prevent and report money laundering and terrorist financing. Failure to comply can result in administrative sanctions, fines or criminal liability.

In practice, the key obligations imposed on banks under the AML Act include:

• conducting customer due diligence (CDD) and continuous monitoring of business relationships;
• detecting, suspending and reporting unusual transactions to the Financial Intelligence Unit of the Presidium of the Police Force (FIU);
• refusing to establish or terminating a business relationship, or declining to execute a transaction;
• developing, implementing and regularly updating an internal AML/CTF programme;
• identifying, assessing and regularly reviewing AML/CFT risks associated with their services, clients and delivery channels; and
• providing full co-operation and information to the FIU and the NBS during inspections or investigations.

Customer Due Diligence Requirements

Under the AML Act, banks are required to perform CDD to identify and prevent money laundering and terrorist financing. The AML Act distinguishes between three levels of due diligence depending on the type of client, transaction and assessed risk:

• Basic due diligence generally applies when establishing a business relationship or, for instance, where a transaction exceeds the statutory threshold.
• Simplified due diligence may be applied where the risk of money laundering or terrorist financing is low, for example when dealing with public authorities or entities subject to equivalent AML regulation.
• Enhanced due diligence is required in higher-risk situations, including business relationships with politically exposed persons, institutions from high-risk third jurisdictions, or complex or unusual transactions.

Reporting Obligations

Under the AML Act, banks are required to detect, withhold and report unusual transactions to the FIU without undue delay. Article 4 of the AML Act defines an unusual transaction as a legal act or other act that indicates that its execution may lead to the legalisation of proceeds from criminal activity or the financing of terrorism, and lists types of transactions that could fall under this definition (eg, one which, due to its complexity, unusually large amount of funds or other nature, has no apparent economic or legal purpose).

If a bank identifies an unusual transaction, it must withhold execution until the transaction is reported to the FIU, unless withholding could frustrate the investigation. Reports must be submitted confidentially, and banks are strictly prohibited from informing the client or any third party that a report has been filed or that an investigation is under way (“tipping-off” prohibition).

Internal Policies, Procedures and Controls

Banks must implement comprehensive AML/CTF internal policies and procedures, including:

• appointment of a compliance officer responsible for AML/CFT oversight, reporting to the management body and ensuring communication with the FIU;
• regular risk assessments;
• development and regular updating of a written internal AML/CTF programme; and
• periodic employee training to ensure awareness of AML/CTF obligations and identification of suspicious activities.

Banks are also required to retain records of all transactions and CDD documentation for a minimum of five years after the end of the business relationship or the transaction.

The statutory body of the bank is ultimately responsible for the bank’s AML/CFT framework and approves the AML/CTF programme in writing. The compliance officer is responsible for day-to-day AML/CFT operations, including reporting unusual transactions and communicating with the FIU.

Supervisory Approach and Sanctions

Pursuant to the AML Act, a dual supervisory and control system applies in the Slovak Republic in the area of AML/CFT for entities operating within the financial market. The FIU is responsible for the control of all obliged entities under the provisions of the AML Act, while the NBS exercises supervisory powers over financial market participants with respect to AML/CFT compliance. Relevant findings are referred to law enforcement, tax authorities or partner FIUs abroad. Breaches of AML obligations, such as failing basic CDD, may result in fines of up to EUR1 million.

The Slovak depositor protection framework, based on EU law and governed mainly by the Deposit Protection Act and Act on Banks, aims to protect retail confidence and provide a safety net in case of bank failure.

Deposit Guarantee Scheme Requirements

All banks incorporated in Slovakia are required to participate in the Slovak Deposit Guarantee Scheme (DGS). Banks from EEA member states, whether operating in Slovakia under the EU single passport or through a branch, are covered by their home-state deposit guarantee scheme and do not become members of the Slovak DGS.

Branches of banks from non-EEA countries must participate in the Slovak DGS in full if deposits in the branch are not protected in the bank’s home jurisdiction, or if they are protected to a lesser extent than required by Slovak law (in which case, the Slovak DGS provides additional protection up to the Slovak level).

Deposits covered by the Slovak DGS are automatically protected, with no need for the depositor to take any action.

Deposits are repayable within seven working days of a bank’s failure being formally determined by the NBS or by a competent court. The short payout deadline is consistent with EU harmonisation efforts and aims to ensure depositors can access their funds quickly.

Administration of the Scheme

The Slovak DGS is administered by the Deposit Protection Fund (DPF,in Slovak: Fond ochrany vkladov), a legal entity established under Slovak law. The DPF is supervised by the NBS with regard to its compliance with the Deposit Protection Act. The DPF collects contributions from banks and branches, manages resources and provides compensation for deposits in accordance with the Deposit Protection Act. In cross-border EU cases, the DPF co-operates with the DGSs of other member states when paying out via a host scheme or intermediating payouts in Slovakia.

Classes of Depositors and Deposits Covered

The Slovak DGS provides protection for deposits of natural and legal persons. The Deposit Protection Act defines a deposit as a claim of a natural or legal person for the repayment of funds entrusted to a bank. This includes joint deposits and duly notified notarial escrows.

Deposits excluded from coverage include:

• a bank’s own deposits/own funds placed in its own name and account;
• deposits derived from money laundering;
• deposits of financial institutions, investment firms, insurers/reinsurers, collective investment schemes (UCITS/AIFs), pension management companies, supplementary pension companies and public authorities; and
• deposits that are financial instruments.

Coverage Limits

The general coverage level is EUR100,000 per depositor per bank, harmonised across the EU. Coverage is calculated per depositor, not per account, so multiple accounts with the same bank are aggregated for compensation.

The DPF pays the full amount above EUR100,000 if the deposit demonstrably:

• comes from the transfer of a private residential property;
• relates to specified social purposes (eg, inheritance/probate proceeds or transfer of inheritance; dowry; gift on marriage; settlement of community property; severance, retirement or other statutory benefits; death); or
• arises from insurance benefits or compensation for damage, including damage caused by a criminal offence or wrongful accusation.

These higher limits apply for 12 months from the date the deposit was first credited (or when it became legally transferable).

Funding of the Scheme

The DPF is financed by entry, annual and extraordinary contributions by banks.

The entry fee is EUR35,000; the annual fee is set by the DPF (at least 0.01% of covered deposits in the respective bank); extraordinary fees may be called, generally up to 0.5% of covered deposits in the respective bank (more than this requires the prior consent of the NBS).

According to the Deposit Protection Act, annual and extraordinary fees are currently set so that the DPF’s available financial means reach and maintain the target level of 0.8% of the value of all covered deposits by 3 July 2024. The DPF updates the target level annually based on year-end data of covered deposits and adjusts fees if financial means fall below the target or below two-thirds of it, ensuring restoration within six years. Moreover, in setting annual fees, the DPF considers its obligations, banking sector stability and the economic cycle, using data provided by the NBS.

Adherence to Basel III and Local Implementation

The Basel framework is implemented in the EU primarily through the CRR/CRD regulatory framework, with its final components transposed via the CRR III/CRD VI banking package. CRR III is directly applicable in all EU member states and has been in effect since 1 January 2025, while member states have until 10 January 2026 to transpose CRD VI into national legislation.

In Slovakia, Basel III standards are implemented mainly through the Act on Banks, while additional technical requirements and detailed rules are set out in regulations and guidelines issued by the NBS.

With regard to EU-specific deviations, the EU generally follows the Basel III principles, but it has made several adjustments to better suit the European banking sector, which include phased capital requirements, minimum thresholds for risk calculations, and transitional measures for certain loans, ensuring both prudence and operational flexibility for banks.

Risk Management Rules

Banks are required to have a full risk management system in place, covering all major risks such as credit risk, market risk, liquidity risk, operational risk (including IT and cyber risks) and concentration risk. This system must be fully integrated with the bank’s governance, internal controls, audit and compliance functions.

In accordance with EU law, and under the Act on Banks, banks are required to operate formal internal capital adequacy (ICAAP) and liquidity adequacy (ILAAP) processes. The NBS further specifies and supervises these obligations in Measure No. 4/2015, as amended, providing guidance on risk management systems, liquidity metrics and the application of these rules to branches of foreign banks operating in Slovakia.

In addition, under the new CRD VI framework, banks will be required to integrate ESG risks into their risk management frameworks and to disclose how ESG risks are incorporated into their governance, strategies, and risk management procedures.

Quantity and Quality of Capital Requirements; Capital Buffers

According to the Act on Banks, Slovak banks are required to calculate and continuously monitor the value of their own funds. Banks must maintain their own funds at least at the level of their registered capital and ensure that they are adequate to cover all risks arising from their activities.

In accordance with the Basel III framework and EU law, Slovak banks are required to maintain minimum levels of CET1, Tier 1 and total capital as specified by the CRR framework. In practice, Slovak banks often maintain higher capital levels to comply with additional supervisory expectations, including capital buffers imposed by the NBS, which further strengthen their resilience.

Beyond the minimum capital ratios, banks must also maintain capital buffers, which serve as an extra cushion against losses. These include:

• a capital conservation buffer, which all banks must maintain to ensure resilience during financial stress. Under the Act on Banks, its level is set at 2.5% of risk-weighted assets;
• a countercyclical capital buffer, which the NBS adjusts depending on credit growth and cyclical economic risks. For exposures in Slovakia, the rate has been set at 1.5% since 1 August 2023;
• a systemic risk buffer, addressing long-term structural risks in the financial sector. Since 2022, the NBS has not set a systemic risk buffer; and
• an O-SII buffer, applied to banks considered systemically important within Slovakia, reviewed and updated by the NBS each year. For 2025, the NBS designated five banks as Other Systemically Important Institutions (O-SIIs), with buffer rates ranging from 0.25% to 2%.

The NBS regularly sets and publishes the rates for these buffers and oversees compliance through its supervisory activities.

Liquidity Requirements

Slovak banks, including branches of foreign banks, are required to maintain sufficient liquidity to meet their obligations at all times, ensure continuous solvency, manage assets and liabilities in accordance with liquidity ratios, and promptly notify the NBS and submit recovery plans if necessary.

In Slovakia, these liquidity requirements are implemented in accordance with the CRR framework and aligned with EU standards. Banks are required to maintain the Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) and conduct regular internal liquidity planning, which is reviewed by the NBS during supervision.

Historically, the Slovak banking sector has maintained strong liquidity levels, with sector-wide LCR around and NSFR well above the regulatory minimum. As at June 2024, the Slovak banking sector had an LCR of 203% and an NSFR of 134%, while the respective EU medians were 205% and 137%.

In addition, the NBS has issued Measure No. 18/2008, as amended, which sets out detailed requirements for banks and branches of foreign banks regarding the management of liquidity, the methods for its assessment, and the internal system for managing liquidity risk.

Additional Requirements for Systemically Important Banks

The NBS identifies banks that are considered systemically important, meaning their failure could affect the stability of the financial system. This designation is made based on specific criteria set out in the Act on Banks, such as the bank’s size, its interconnectedness and its role in the domestic economy. Banks classified as O-SIIs must hold an additional capital cushion called the O-SII buffer, which ranges from 0.25% to 2% of risk-weighted assets. For 2025, five Slovak banks have been designated as O-SIIs. Global Systemically Important Institutions (G-SIIs) are also identified by the NBS using similar criteria and are subject to higher loss-absorbing requirements and additional capital surcharges under EU and international rules.

The legal and regulatory framework governing the insolvency, recovery and resolution of banks in Slovakia is primarily determined by EU law, transposed into Slovak legislation and applied by domestic authorities in co-operation with EU institutions. As an EU member state, Slovakia applies a harmonised framework consistent with international standards, in particular the Financial Stability Board (FSB) Key Attributes of Effective Resolution Regimes, as implemented in the EU through the BRRD and the SRM Regulation.

Principal Means of Resolving a Failing Bank

If a Slovak bank is deemed “failing or likely to fail”, resolution authorities apply the framework established under the BRRD/SRM Regulation. Before any resolution action is taken, the capital instruments of the bank must be written down or converted. The available resolution tools include:

• Bail-in tool (also known as creditor participation) – a key resolution instrument provided for in the BRRD. It allows the write-down of debt owned by a bank to creditors or its conversion into equity to absorb losses and stabilise the bank, while ensuring that losses are borne by investors rather than taxpayers.
• Sale of business tool – the transfer of shares, assets, rights or liabilities of a bank under resolution to one or more purchasers that are not bridge institutions. The resolution authority has the power to execute such a transfer with or without the consent of shareholders. The sale of business tool may be applied individually or in combination with other tools.
• Bridge institution tool – the transfer of assets and liabilities to a temporary public entity (a bridge bank or bridge institution) that maintains the bank’s operations until conditions allow for a sale or orderly wind-down.
• Asset separation tool – the transfer of assets, rights or liabilities from a failing bank or a bridge bank to an asset management vehicle (AMV). These assets are managed by the AMV with the aim of maximising their value for an eventual sale or orderly wind-down. The asset separation tool must always be applied together with another resolution tool (sale of business, bridge institution and/or bail-in).

Resolution tools can be applied individually or in combination, guided by the resolution objectives: maintaining financial stability, protecting public funds, safeguarding insured deposits and preserving critical banking functions. The national resolution authority – the Resolution Council of the NBS (in Slovak: Rada pre riešenie krízových situácií) takes the necessary steps to implement the resolution scheme.

If resolution is not in the public interest, the failing bank undergoes normal insolvency proceedings under Slovak insolvency law. In such cases, the general bankruptcy regime applies, subject to banking-specific provisions.

Implementation of the FSB Key Attributes

The FSB Key Attributes of Effective Resolution Regimes were incorporated into EU law in 2014 through the BRRD and the SRM Regulation. As an EU member state and part of the Banking Union, Slovakia applies these rules directly or through national transposition. Thus, Slovakia’s framework is broadly consistent with the FSB standards, benefiting from EU-level harmonisation and the oversight of the Single Resolution Board.

Insolvency Preference Rules Applicable to Deposits

The Slovak legal framework provides deposit protection and establishes depositor preference in insolvency proceedings. These rules form the core of the country’s depositor protection framework and ensure that natural persons and SME depositors are prioritised over other creditors.

Deposit guarantee scheme

Deposits up to EUR100,000 per depositor per bank are protected by the DPF, funded by contributions from banks. In certain situations, such as the sale of a home or insurance payouts, temporary higher coverage may apply.

Deposits covered by the DPF are referred to as covered deposits, which benefit from statutory preference in insolvency or resolution. When the DPF reimburses a depositor for a covered deposit, it acquires the depositor’s claim against the bank, known as a subrogated claim, which is treated at the same priority level as the original covered deposit.

Creditor hierarchy in insolvency

Under Slovak law, the order of priority for satisfying creditors in the insolvency of a bank is as follows: first, claims against the general estate (in Slovak: pohľadávky proti všeobecnej podstate), which include, for example, the costs of insolvency proceedings, claims arising from the operation of the business during insolvency, as well as labour-related claims, followed by secured creditors, who are satisfied from the proceeds of their collateral.

Next in priority are covered deposits of natural persons and SMEs, as well as subrogated claims of the DPF, which are satisfied after secured creditors but before all other deposits and creditors. Thereafter, other eligible deposits of natural persons and SMEs exceeding EUR100,000 are satisfied. In subsequent rounds, ordinary unsecured claims, subordinated claims (including contractual penalties and claims of affiliates) and capital instruments (Tier 2, AT1) are satisfied, with shareholders being entitled only to the residual liquidation balance.

This hierarchy ensures that depositors, particularly individuals and SMEs, are protected ahead of ordinary unsecured and subordinated creditors, maintaining confidence in the banking system.

Slovak banks adhere to the EU Single Rulebook, which includes environmental, social and governance (ESG) obligations. These obligations primarily stem from EU legislation, notably the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards, which have been transposed into Slovak law through amendments to Act No. 431/2002 Coll. (“Act on Accounting”), effective from 1 June 2024. In addition, the EU Taxonomy Regulation applies directly in Slovakia, providing a framework for classifying environmentally sustainable economic activities. Together, these instruments require banks to integrate ESG considerations into governance, risk management and disclosure practices, and to report on the alignment of their financing and investment activities with sustainability criteria.

Sustainability Reporting

Slovak banking ESG disclosure is set in the Act on Accounting. Banks (other than the NBS) and certain financial institutions must include a separate sustainability section in their annual report if, in each of the two preceding financial years, they meet at least two of the following conditions:

• total assets exceeding EUR25 million;
• net turnover exceeding EUR50 million; or
• an average of more than 250 employees.

The obligation also extends to banks and companies whose securities are admitted to trading on an EU regulated market and which meet comparable or slightly lower thresholds (total assets over EUR5 million, turnover over EUR10 million or over 50 employees).

In accordance with the Act on Accounting, the sustainability report must provide a concise overview of the company’s business model and strategy, including ESG risks, opportunities and transition plans towards a sustainable economy and climate neutrality. It should also cover sustainability objectives, progress, governance roles, policies, incentives, risk management and relevant reporting indicators.

Additionally, banks are required to inform and consult employee representatives regarding the collection, verification and presentation of sustainability data, and to communicate employees’ views to the management or supervisory bodies. Banks also must ensure that the sustainability information in their annual report is subject to assurance on sustainability reporting by an auditor.

Prudential Requirements and Risk Management

The Act on Banks already addresses ESG risks through general governance and risk management rules. Banks must operate safely, maintain independent risk, control and audit functions, and align remuneration with sound risk-taking. They are required to identify, measure, monitor, mitigate and report all material risks, including climate and social risks when relevant.

The revised CRR/CRD framework introduces new, explicit ESG-related requirements for banks. Under Article 449a of CRR III, banks must publicly disclose ESG risks, distinguishing between environmental, social and governance risks. For environmental risks, they must differentiate between physical and transition risks, report total exposures to the fossil fuel sector, and explain how ESG risks are integrated into business strategy, governance and risk management processes.

The forthcoming CRD VI complements this by imposing qualitative requirements. Banks will have to explicitly integrate ESG risks into their governance structures, internal risk management frameworks and ICAAP; align remuneration policies with ESG risk management; and conduct long-term, climate-related stress tests. Supervisors (NBS and ECB under the SSM) will incorporate ESG considerations into their supervisory review and evaluation process.

The Digital Operational Resilience Act (DORA) came into effect on 17 January 2025 and is binding for all EU  member states.

The regulation focuses primarily on information and communication technology (ICT), which in the context of DORA means all the information and communication technology systems, tools and services on which financial entities rely.

The supervisory authority responsible for monitoring compliance with the conditions set out in DORA within the Slovak Republic is the NBS.

As required by DORA, the NBS mainly monitors compliance with the conditions in five main areas regulated by DORA, which are:

• ICT risk management framework;
• ICT incident management and reporting;
• digital operational testing;
• third-party ICT risk management; and
• information sharing.

It should be emphasised that the legal scope of DORA in Slovakia is identical to that applicable throughout the EU. What differs are local supervisory practices; the NBS has published guidance on reporting deadlines, clarified audit/review expectations and requires DORA readiness in licensing (especially for Crypto-Asset Service Providers (CASPs)).

Of the specific local guidelines and differences between the regulatory framework established by DORA and the practical requirements adjusted and specified by the NBS, we consider it important to mention the following in particular.

Third-Party ICT Risk Management Reporting

Within the Third-Party ICT Risk Management category, the NBS maintains a register of information relating to all contractual arrangements for the use of ICT services provided by external ICT service providers.

The NBS has set 7 April 2025 as the deadline for the first fulfilment of this obligation. It is not yet clear how often the register will need to be updated subsequently, but it is recommended that obligated entities continuously maintain the information in the register in accordance with the actual situation.

The information is uploaded to the register via the Statistical Collection Portal (IS ŠZP – SK) information system, which is aligned with the EBA reporting framework.

While DORA sets minimum content for ICT contracts, the NBS issued guidance with detailed clauses it expects to see (eg, data location, subcontracting policies, audit rights, co-operation duties during incidents, termination rights).

Requirements for Crypto-Asset Service Providers

The term “Crypto-Asset Service Providers” has its origin in the MiCA Regulation, which defines CASPs as legal persons or entities providing professional services related to crypto-assets to third parties on a commercial basis. They act as regulated intermediaries, similar to banks or brokers in traditional finance.

While CASPs are explicitly included in DORA as obliged entities, the NBS also imposes additional conditions on CASPs beyond those set out in DORA in relation to their registration. Therefore, while other regulated entities generally comply with the conditions set out in DORA “on the fly” – ie, after the entity has been duly established and has been providing the relevant service for some time – the NBS requires CASPs to prove DORA compliance from the start in order to obtain their MiCA licence. Unless they are DORA-compliant, CASPs will not get the necessary permit and licences from the NBS to provide the intended services.

TIBER-SK

Concerning the topic of digital operational testing, the ECB has developed a standardised framework for testing the cyber resilience of financial entities, called TIBER-EU (Threat Intelligence-based Ethical Red Teaming).

A Slovak adaptation of this framework is called TIBER-SK, and it is managed and co-ordinated by the NBS. It provides a controlled secure environment for threat-led penetration tests of Slovak financial entities.

It uses intelligence-led red teaming to test how well banks and other critical financial institutions withstand real-world cyberattacks — and it is the way Slovakia will deliver DORA’s advanced testing obligations.

Personal Obligations

DORA requires statutory representatives of financial entities to undergo regular training on digital operational resilience, but DORA does not specify the scope of the training. At the same time, DORA stipulates that every financial institution must ensure that persons responsible for managing ICT risks have adequate expertise and experience.

The NBS specifies these requirements, stating that statutory bodies must undergo training covering IT/cybersecurity, with the NBS monitoring compliance with this requirement by all members of the management body with regard to their education and certifications obtained.

Persons responsible for managing ICT risks must demonstrate the ability to effectively identify, assess, manage and mitigate ICT-related risks. The NBS will evaluate their expertise based on the level and focus of their IT education, relevant professional certifications (such as CISA, CISM or CISSP), and the frequency and quality of training they regularly undertake.

Slovak banks operate within the EU single rulebook and the eurozone supervisory architecture (ie, the SSM), so most material regulatory change is EU-driven and implemented nationally in co-ordination with the ECB. The items below summarise the principal near-term developments, expected impacts and practical implications for Slovak credit institutions.

Finalisation of CRR III/CRD VI (EU Banking Package)

The EU banking package, comprising CRR III and CRD VI, introduces major updates to the prudential framework for banks, implementing the final Basel III standards and strengthening ESG risk management. Key changes include revised capital requirements, enhanced risk-weighted asset calculations, the introduction of an “output floor” to reduce variability in internal model results, expanded Pillar 3 disclosures, and new governance requirements for ESG risk integration. The package also establishes a harmonised regime for third-country branches operating in the EU, ensuring consistent supervision across member states.

In Slovakia, banks must prepare for phased implementation: CRR III applies from 1 January 2025, while CRD VI must be transposed into national law by 10 January 2026, with full application, including the third-country branch regime, effective from 11 January 2027. Banks will need to adjust internal capital planning (ie, ICAAP), incorporate ESG risk considerations into governance and reporting, and ensure that data and reporting systems comply with the new supervisory and disclosure standards.

DORA and NIS2 Directive

In addition to DORA, which from January 2025 introduced harmonised rules for managing ICT and cyber risks in the financial sector, the NIS2 Directive has also entered into effect. Unlike DORA, which applies exclusively to financial institutions, NIS2 has a cross-sector scope, covering essential and important entities across various industries, including the financial and banking sector.

In Slovakia, NIS2 was transposed by an amendment to Act No. 69/2018 Coll. on Cybersecurity, setting minimum cybersecurity, risk management and incident reporting obligations that financial institutions must align with alongside DORA requirements.

Anti-Money Laundering Reforms and the Creation of the AMLA

The EU’s new AML package establishes the European Anti-Money Laundering Authority (AMLA), which co-ordinates supervision and directly oversees high-risk cross-border entities from 2025 onwards.

For Slovak banks, the AML reforms mean tighter monitoring of unusual transactions, greater harmonisation of due diligence standards and faster supervisory follow-up. In addition, the AML Regulation, effective as of 10 July 2027, introduces a Europe-wide upper limit of EUR10,000 for cash payments in the business sector.

Markets in Crypto-Assets Regulation

The MiCA Regulation creates a comprehensive EU framework for crypto-asset activities. Banks that wish to offer custody, trading, issuance or wallet services for crypto-assets must now comply with the MiCA Regulation’s authorisation, governance and consumer-protection requirements.

Supervisors such as the European Securities and Markets Authority, the EBA and national regulators (including the NBS) are issuing detailed technical standards. From 30 December 2024, under the MiCA Regulation, crypto-asset services may be provided only on the basis of authorisation granted by the NBS. Slovak banks interested in offering crypto-related services should therefore closely monitor these developments and prepare their licensing documentation early.

Sustainability and ESG

Sustainability regulation continues to expand through the CSRD, the EU Taxonomy Regulation and new prudential rules on ESG risks introduced under the CRR III/CRD VI package and the EBA Guidelines on ESG risk management (effective from January 2025).

Under the revised CRD VI, banks are required to integrate ESG risks into their overall risk management framework, business strategy and internal governance. Moreover, CRR III strengthens the ESG disclosure requirements, meaning banks must publish more granular and comparable data on their ESG exposures and risk management practices.

Payments Framework Reform

The EU is updating the payments landscape with Payment Services Directive (PSD3) and the new Payment Services Regulation (PSR). These reforms aim to enhance consumer protection, strengthen fraud prevention, promote open banking and support instant payments.

PSD3/PSR were proposed by the European Commission in June 2024, and drafts are now under review by the European Parliament and Council. Political agreement is expected in Q1–Q2 2026, with national implementation likely around 2027–2028. Key changes include stronger customer authentication, unified licensing for payment and e-money institutions, updated rules for marketplaces and the commercial agent exemption, improved fraud liability frameworks, and increased transparency for currency conversion fees.

Supervisory Priorities

The ECB and NBS supervisory priorities for 2025–2027 focus on strengthening banks’ resilience to macroeconomic and geopolitical shocks, enhancing risk governance and addressing challenges arising from digital transformation. Banks are expected to remediate deficiencies in credit risk management, operational resilience, climate and environment-related risk frameworks, and risk data aggregation and reporting, while maintaining adequate provisioning and capital levels. Targeted exercises, including the 2025 EU-wide stress test, on-site inspections and follow-ups on past supervisory findings, will ensure timely remediation and robust risk management.

Digital Euro and Payments Innovation

The digital euro is currently in its final preparation phase. The ECB is selecting platform providers, developing the Digital Euro Scheme Rulebook and conducting technical tests, including offline payments, to ensure usability, security and privacy. The preparation phase is expected to conclude by the end of 2025, with the final launch decision dependent on the completion of the European legislative process in early 2026.