The ECB has imposed administrative penalties totalling €12.18m on J.P. Morgan SE after identifying significant misreporting of the bank’s RWAs a core metric used to determine capital requirements under EU banking rules.
According to the ECB, between 2019 and 2024 the bank submitted figures that understated its RWAs. These inaccuracies arose from two separate but related breaches. For 15 consecutive quarters, J.P. Morgan SE misclassified certain corporate exposures, applying a lower credit risk weighting than permitted under prudential regulations.
In parallel, for 21 consecutive quarters, the bank failed to include specific transactions when calculating RWAs linked to credit valuation adjustment (CVA) risk — a measure designed to capture the risk that a counterparty to a derivative contract could default.
The ECB concluded that both breaches were committed with serious negligence. Supervisors pointed to clear shortcomings in the bank’s internal processes, noting that its control framework did not detect the issues promptly. As a result, incorrectly calculated data was reported to the ECB over a prolonged period.
Risk-weighted assets are fundamental to the prudential supervision of banks. They represent a bank’s exposure to credit, market and operational risks and form the basis for determining minimum capital requirements. By underestimating RWAs, J.P. Morgan SE effectively reported stronger capital ratios than it should have done. Capital ratios are critical indicators of a bank’s financial resilience and its ability to absorb losses during periods of stress.
The ECB said that the misreporting prevented it from maintaining a fully accurate and comprehensive view of the bank’s risk profile during the affected periods. Supervisory authorities rely on timely and precise regulatory reporting to assess systemic stability and institution-specific vulnerabilities, making such inaccuracies a serious matter.
In determining the level of the penalties, the ECB applied its Guide to the method of setting administrative pecuniary penalties. The central bank classifies breaches across five categories: “minor”, “moderately severe”, “severe”, “very severe” and “extremely severe”. In this case, the breach relating to credit risk was classified as “severe”, while the CVA-related breach was deemed “moderately severe”. Together, these resulted in total sanctions of €12.18m.
The decision may yet face legal scrutiny, as the bank has the right to challenge the ruling before the Court of Justice of the European Union.
The case underscores the continued supervisory focus on capital adequacy, internal controls and accurate regulatory reporting across the European banking sector, particularly as authorities intensify scrutiny of prudential risk frameworks.
Keep up with all the latest RegTech news here
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
