Pillar 1 sets the minimum capital that all banks must hold. It represents the foundation of the prudential framework. Every regulated bank must meet these requirements at all times. They are not targets to aspire to. They are floors below which a bank must never fall. Breaching Pillar 1 triggers serious supervisory consequences.
The concept is straightforward. Banks face risks. Capital absorbs losses when those risks materialise. Pillar 1 quantifies the main categories of risk and prescribes how much capital must be held against them. The higher the risk, the more capital required. This provides a cushion that protects depositors and the financial system.
The three risk categories
Credit risk is the risk that borrowers or counterparties fail to meet their obligations. This is typically the largest component for most banks. A loan defaults. A bond issuer fails. A counterparty to a derivative cannot pay. Pillar 1 requires capital against all these possibilities. The capital requirement reflects both the probability of default and how much might be lost if default occurs.
Market risk is the risk of losses from changes in market prices. Interest rates move. Equity prices fall. Foreign exchange rates shift. These movements can reduce the value of a bank’s trading positions. Banks with significant trading activities must hold capital against this risk. The amount depends on the size and volatility of the positions held and how quickly they could be liquidated.
Operational risk covers losses from inadequate or failed internal processes, people, systems, or external events. A rogue trader causes losses. A system failure disrupts operations. A cyber attack compromises data. Fraud occurs. Regulators fine the bank for misconduct. All these require capital backing. This is the hardest risk to model because operational failures are diverse and often unpredictable.
How capital requirements are calculated
Banks can use different approaches depending on their size and sophistication. The standardised approach uses regulatory risk weights assigned to different asset classes. A mortgage attracts a different weight than an unsecured business loan. A loan to a large corporation attracts a different weight than a loan to a small business. This approach is simpler but less risk-sensitive. It applies the same weight to all exposures in a category regardless of their specific quality.
The internal ratings-based approach allows larger banks to use their own models to estimate risk parameters such as probability of default and loss given default. This requires regulatory approval and ongoing validation. The models must meet specific standards and are subject to an output floor that prevents capital falling below 72.5% of the standardised approach when fully phased in. This stops banks using models to reduce their capital requirements too aggressively.
For operational risk, Basel III introduced a new standardised approach based on a business indicator derived from income statement components. This replaced previous approaches including the advanced measurement approach that allowed internal modelling. The new approach is simpler and more comparable across banks. It links operational risk capital to the size and nature of the business. Larger banks with more complex activities face higher requirements.
The minimum requirement
The headline requirement is 8% of risk-weighted assets. Within this, at least 4.5% must be Common Equity Tier 1 capital. This is the highest quality form of capital. Ordinary shares and retained earnings. At least 6% must be Tier 1 capital, which adds certain perpetual instruments. The full 8% can include Tier 2 capital such as subordinated debt with a maturity of at least five years.
Risk-weighted assets are calculated by multiplying each exposure by its risk weight. A £100 exposure with a 50% risk weight contributes £50 to risk-weighted assets. A £100 exposure with a 100% risk weight contributes £100. The capital requirement is then 8% of that total.
UK and EU implementation
Both jurisdictions are implementing the final Basel III standards. The UK plans implementation from January 2027 following delays announced in early 2025. The original date was July 2025 but the PRA pushed this back to align with other major jurisdictions. The EU’s CRR3 entered into force in January 2025 with certain market risk elements delayed to January 2026.
Both frameworks make national adjustments while broadly following the Basel standards. The PRA has indicated its approach will be stricter than the EU in some areas. It is determined not to deviate from Basel standards in ways that could create regulatory arbitrage or undermine financial stability.
