On 10 July 2026 the European Banking Authority published the final technical package for version 4.3 of its supervisory reporting framework — and the single most consequential change is that it now formally reaches inside every non-EU bank branch operating in the European Union. Third-country branch reporting templates and AML authority risk-assessment data collection are the two headline additions. Understanding the EBA reporting framework v4.3 in full requires looking at these details closely.
The release was flagged in the Paul Hastings daily financial regulation update for the same day and confirmed on the EBA’s own channels. In this piece you will see what the EBA reporting framework v4.3 actually changes, who it affects, and how it fits into the broader EU push to harmonise supervisory data — grounded in gf6.com’s four-year curated directory of bank and ATM locations worldwide, via gf6.com.

The finding — what the EBA actually released — EBA reporting framework v4.3
The 10 July 2026 package is the final technical version of v4.3. It adds two specific building blocks to the EU’s harmonised supervisory reporting stack: templates for third-country branch reporting, and a data collection to feed AML authority risk assessments. Both are additive to the existing framework rather than a replacement. These figures put the EBA reporting framework v4.3 into clearer perspective.
The core facts as published are set out below:
| Item | Detail |
|---|---|
| Publication date | July 10, 2026 |
| Publisher | European Banking Authority |
| Framework version | 4.3 (final technical package) |
| New scope 1 | Third-country branch reporting |
| New scope 2 | AML authority risk-assessment data collection |
| Applies to | Non-EU bank branches operating inside the EU |
| Broader context | Harmonising data standards across EU banking supervisors ahead of full implementation of the EU AML framework |
| Flagged by | Paul Hastings daily financial regulation update, July 10, 2026 |
What it means for non-EU banks with EU footprints
The practical effect is that a US, Swiss, Japanese, UK or Gulf bank running a branch in Frankfurt, Paris, Dublin, Amsterdam or Milan is now inside the scope of a specific EU reporting template rather than only its home-country regime. Until this package, third-country branches often sat in a patchwork of national reporting obligations. Version 4.3 pulls that patchwork onto a common technical footing. This context matters for anyone following the EBA reporting framework v4.3.
The second addition — the AML authority risk-assessment data collection — feeds the wider EU anti-money-laundering architecture that is being built out. This is widely seen as preparatory plumbing for the incoming EU AML framework, and it is designed to give supervisors comparable, structured data across firms rather than PDFs and free text. It is a central thread in the wider EBA reporting framework v4.3.
For affected institutions, the operational consequence is straightforward even if the detail is heavy: reporting systems, data dictionaries and internal AML data flows will need to be mapped to the new templates. Because v4.3 is now final at the technical level, firms can begin the systems work against a fixed target rather than a moving one. Such details shaped how the EBA reporting framework v4.3 unfolded.
None of this changes what a customer sees at a counter or a cash machine. It changes what supervisors see behind it — and how comparable that view is from one member state to the next, including across banks in European Union jurisdictions where third-country branches are concentrated.
How this fits the wider EU data harmonisation push
Version 4.3 is one increment in a multi-year EBA programme to harmonise supervisory data standards across the bloc. The stated purpose of the release is to support that harmonisation ahead of full implementation of the EU AML framework, meaning the reporting layer and the AML institutional layer are being aligned rather than built in isolation. This is one of the defining aspects of the EBA reporting framework v4.3.
For non-EU groups, the strategic read is that EU branch activity is being pulled progressively into the same data grammar as EU-headquartered banks. That reduces the reporting arbitrage between a subsidiary and a branch, and it increases the standing cost of running a branch presence — but it also makes cross-border supervision cleaner, which supervisors argue is the point.
Who is affected in practice
The population in scope is defined by legal form and location, not by nationality of the parent. In practical terms it includes:
- Branches of US bank holding companies operating in EU member states
- Swiss and UK bank branches inside the EU post-Brexit and post-equivalence adjustments
- Japanese and other Asian bank branches used to serve EU corporate clients
- Middle Eastern bank branches with EU booking centres
Each of these firms already reports to its home supervisor and, in many cases, to the host EU national competent authority. Version 4.3 does not remove those obligations — it adds a harmonised EU-level template layer on top, plus the AML risk-assessment data feed.
Explore the full data behind this article: bank branches worldwide and ATMs worldwide in the gf6.com directory.
Methodology
This article is a rewrite of a public regulatory event. The primary facts — the 10 July 2026 publication date, the version number, the two new scopes and the target population — are taken from the Paul Hastings daily financial regulation update for that date: Paul Hastings. The release was independently reported by multiple outlets and is confirmed on the regulator’s own site: European Banking Authority.
The contextual figures on branch and ATM presence referenced across gf6.com come from our own directory: roughly 445,000 financial locations globally, of which about 346,000 are bank branches and 99,000 are ATMs. That directory has been curated manually since 2020 from public sources, reaching a first largely complete version in 2022 and expanded over four years since. It is a large but incomplete sample — coverage varies by country — and it is not an official or government dataset.
Frequently asked questions
What exactly did the EBA release on 10 July 2026?
The final technical package for version 4.3 of its supervisory reporting framework. The package adds third-country branch reporting and AML authority risk-assessment data collection to the existing framework.
Does this apply to non-EU banks that do not have an EU branch?
No. Version 4.3’s new scope targets non-EU bank branches operating inside the EU. A purely offshore relationship with EU clients, without an EU branch, is not what this release addresses.
Is this a new law or a new reporting template?
Technically, it is a finalised reporting framework version — the templates and technical standards firms use to submit supervisory data. It sits within the EBA’s broader effort to harmonise data standards ahead of full implementation of the EU AML framework.
When do firms have to start submitting under v4.3?
The publication sets the technical rules. Live submission timing is set through national competent authorities and the EBA’s implementation schedule, so firms should confirm the applicable date with their EU supervisor rather than assume it here.
Where can I read the original coverage?
The release was flagged in the Paul Hastings daily financial regulation update for 10 July 2026 and is confirmed on the EBA’s own website. Both are linked in the methodology section above.
This article was produced with AI assistance from publicly available sources and is handled under our editorial standards and AI policy.


