An on-site is not an audit. It is a structured adversarial engagement — and the first 48 hours decide the next six months.
The mission letter is not administrative overhead. It is the single most important intelligence document you will receive. Every line encodes a hypothesis the inspection team already holds about your institution. Read it like a pre-sentencing report — because that is what it is.
The topic the ECB has flagged repeatedly in prior SREP letters, thematic reviews, or horizontal analyses. This is where the inspection team will dig deepest, earliest.
Map to SREP action itemsThe area where your institution has invested, documented, and can walk through the full control chain from board mandate to daily execution. Prepare a crisp narrative here.
Build the evidence packThe scope item you did not expect. This is where the real risk lies. The team already knows something you do not — a peer finding, a thematic flag, or a JST tip-off.
War-game the surprise scenarioCirculate to CRO, programme director, and all scope-area owners within 2 hours.
Map every scope item to an owner, a document set, and a known gap. The gaps become your action list.
Risk, Finance, Compliance, and the relevant business line review the gap analysis together. Assign remediation owners.
Daily stand-ups scheduled, data room structure agreed, interview rehearsal calendar set.
Within 24 hours of receiving the mission letter, convene a cross-functional read-out with Risk, Finance, Compliance, and the relevant business line. Map every scope item to an owner, a document set, and a known gap. The gaps are your action list for the next two weeks.
The inspection team will judge your institution in the first 48 hours based on how fast and how cleanly you deliver documents. A well-structured data room signals operational maturity. A messy one signals the opposite — and that impression is nearly impossible to reverse.
The inspection team will find your exceptions whether you disclose them or not. Proactive disclosure with a remediation plan signals maturity. Discovery through sampling signals concealment — even when it is not. Front-load the difficult conversations.
Banks that treat the on-site as an ad-hoc exercise consistently generate more findings than those that run it as a structured programme. The difference is not knowledge — it is coordination. The inspection team exploits disorganisation.
Requests lost in email chains. No central tracker. Subject-matter experts pulled in without preparation. Inconsistent narratives across interviews. Escalation paths unclear. Average: 18+ findings.
Single programme director. Daily stand-ups. Shared tracker with SLAs. Rehearsed interviews. Clear escalation to CRO. Consistent institutional narrative. Average: 11 findings.
Appoint a single senior person (VP+ or equivalent) as the programme director with authority to convene any function, escalate blockers, and approve all document releases. This is not the CRO — it is someone who can dedicate 80% of their time to the mission.
Daily stand-ups at 08:30. A shared tracker of every request received, assigned, and delivered. Response-time SLAs (24h for standard, 48h for complex extracts). No request should be older than 72 hours without an escalation.
A clear, documented path from working-level coordinators to the programme director to the CRO. The inspection team will test your escalation capability — they will ask for something impossible and watch how you respond.
Before any scheduled interview, run a 45-minute rehearsal with the subject-matter expert and a senior challenger. Rehearse the three hardest questions. If the SME cannot answer them crisply, they are not ready.
“The bank that runs the on-site like a programme delivers 40% fewer findings than the bank that runs it like a crisis. The difference is not luck — it is preparation infrastructure.”Observation from 15+ ECB on-site mandates, 2018–2026
Interviews generate more findings than document reviews. The inspection team is trained to identify gaps between what the policy says and what the practitioner describes. Every inconsistency becomes a finding. Every hesitation becomes a follow-up request.
Not the question you wish they had asked. Not the broader context. Not the history. The specific question. If you do not know the answer, say so and commit to a written follow-up within 24 hours. Guessing is catastrophic.
The inspection team distinguishes sharply between “the policy states”, “the process is”, and “I think.” The first two are facts. The third is an opinion — and opinions become findings when they contradict the documented framework.
If you are being interviewed about the credit risk policy, you should be able to cite the section number, the approval date, and the last material change. The team will test whether you have read your own framework.
| Common mistake | What the inspector hears | Correct response |
|---|---|---|
| “We usually do it this way” | No documented process; ad-hoc execution | “The process is documented in [Policy X, Section Y], and the last review was [date].” |
| “I think that was approved” | Approval chain may be broken | “I will confirm the approval record and provide it within 24 hours.” |
| “That is handled by another team” | No end-to-end ownership | “The end-to-end owner is [Name/Function]. I can arrange a joint session.” |
| Volunteering additional context | New scope for investigation | Answer precisely what was asked. Stop. Wait for the next question. |
In over 60% of post-inspection debriefs, the single largest source of unplanned findings was information volunteered during interviews that was not asked for. Silence after answering is not awkward — it is disciplined.
The closing meeting is the last moment to influence how findings are characterised before they enter the formal reporting chain. Every word matters. This is not a debrief — it is a structured negotiation with lasting SREP consequences.
The phrase “we disagree with this finding” triggers an adversarial dynamic that almost always results in a harsher final characterisation. Instead, use: “We acknowledge the observation and would like to provide additional context that may be relevant to the characterisation.” Then present the evidence. Let the evidence do the arguing.
Prepare a written response to every anticipated finding. Each response should contain: (1) acknowledgement of the factual observation, (2) additional context or evidence, (3) remediation actions already underway or planned, with timelines.
The CRO or programme director should lead. Keep responses to under 90 seconds per finding. Reference specific documents by name and page number. Do not debate methodology — debate facts.
| Severity | ECB Classification | SREP Impact | Remediation Window |
|---|---|---|---|
| F4 | Very Important | Direct P2R add-on; potential formal supervisory measure | 3–6 months |
| F3 | Important | SREP score deterioration; heightened JST monitoring | 6–12 months |
| F2 | Somewhat Important | Noted in SREP assessment; follow-up expected | 12–18 months |
| F1 | Not Material | Tracked but limited direct SREP impact | 18–24 months |
The inspection report is not the end. It is the beginning of a remediation programme that the JST will track through multiple SREP cycles. The quality and speed of your remediation response determines whether findings escalate into formal measures or fade into resolved items.
Unresolved on-site findings compound. A finding rated “important” in year one that remains open in year two is almost always escalated to “very important” — with direct consequences for P2R add-ons and supervisory measures. Remediation speed is not optional.
On-site inspections are not purely technical exercises. They are human interactions governed by institutional dynamics, personal credibility, and the politics of supervisory relationships. The banks that navigate them best understand this.
“The inspection team forms its view of your institution in the first 48 hours. Everything after that is either confirmation or revision. Make the first 48 hours count — not with polish, but with substance, speed, and honesty.”Hannan Mohammad — Founder & Managing Partner, Ezelman
The best-prepared banks share three characteristics: they treat the inspection as a programme with dedicated resources, they front-load difficult disclosures rather than waiting for discovery, and they maintain discipline in every interaction — from the first data room upload to the closing meeting.
None of this is secret. All of it is hard to execute under pressure. That is where external support changes the outcome.
Dedicated resources, daily cadence, centralised tracking. The on-site is treated as a temporary programme, not a distraction from BAU.
Known gaps are surfaced early with remediation plans attached. The inspection team discovers transparency, not concealment.
Every touchpoint — documents, interviews, the closing meeting — delivers a consistent, evidence-backed institutional narrative.
Ezelman has supported 15+ ECB on-site inspections across G-SIBs and Tier-One banks. We bring the playbook, the rehearsal discipline, and the closing-meeting experience that makes the difference.