On 7 July, the European Banking Authority (EBA) began a consultation on guidelines for common procedures and methodologies for the supervisory review and evaluation process (SREP) as provided for in the Capital Requirements Directive (CRD IV).
This is the most comprehensive document on how EU banking supervisors should assess risk issued to date - it extends the focus of the SREP from capital risk and adequacy to a much more comprehensive assessment of a bank’s business and risk profile. To put this in context the Guidelines are almost 5 times longer than those previously issued at an EU level. By providing a risk-by-risk approach, the Guidelines are intended to drive significant convergence in micro-prudential supervision across the EU. They should form the basis for SREP under the Eurozone’s Single Supervisory Mechanism (SSM), thus providing one of the first tangible insights into the practical application of supervision under the SSM.Overall, the Guidelines advance the SREP framework and focus on a range of areas which not only include the Internal Capital Adequacy Assessment Process (ICAAP) but also the underlying business model characteristics and risks, financial resources, governance and controls, using a scoring based-approach which enables peer comparison.
The four key elements upon which the individual institution will be scored are:
1. Business Model Analysis (BMA)
2. Assessment of internal governance and institution-wide controls
3. Assessment of risk to capital (including inherent risks and controls, determination of own funds and stress testing, and capital adequacy assessment)
4. Assessment of risks to liquidity and funding (including inherent risks and controls, determination of liquidity requirements and stress testing, and liquidity adequacy assessment)
Banks are to be assessed on a proportionate basis, being assigned to one of four categories based on their potential impact on the financial system. National Competent Authorities (NCAs) then have to assess and score (again on a 1 to 4 scale) each element of the SREP framework, before forming an overall SREP assessment and an overall SREP score. These would then determine both a view of the viability of the bank and the supervisory measures that may need to be taken. The Guidelines link into recovery and resolution requirements as per the Bank Recovery and Resolution Directive (BRRD), as the SREP evaluation should take into consideration recovery planning and form the basis for determining any early intervention measures.
A Deloitte summary of the proposed assessment and scoring approach is available here:
Download Deloitte EBA draft SREP guidelines_An overview - July 2014
Both in terms of the risks assessed and the controls considered, the scope of the Guidelines is significantly broader and deeper than what has hitherto been the norm for a SREP in most EU countries. With supervisors now expected to analyse business models and internal governance, the Guidelines seem to move towards a wider canvas for supervision, not dissimilar in scope to the Prudential Regulation Authority’s (PRA) risk framework. Furthermore, the assessment expands into what may be new or previously less prioritised areas in prudential supervision, such as business model analysis, conduct risk and risk culture. Importantly, viability evaluations are a key output of the SREP process, thus linking a supervisor’s risk assessment framework with its responsibilities in the areas of recovery and resolution. Again, this is strongly reminiscent of the PRA’s “forward-looking, judgement-based” approach.
Looking at the Guidelines in more depth, a number of issues stand out:
• Risk Appetite Framework (RAF) expectations: There is a clear expectation that banks develop, document and embed a RAF and that risk exposures are made with regard to the bank’s risk appetite. When assessing RAFs, supervisors should consider their comprehensiveness and consistency with risk strategy and with the bank’s financial resources. This is clearly part of the trend which has been evident in the post-crisis years for supervisors to give increasing prominence to RAFs. (Read our in-depth analysis of RAFs here).
• Reliance on peer-group analysis: The Guidelines provide insights into the use of peer-group analysis, a tool often referenced in the context of the SSM and the ECB’s objective to provide consistent supervision of banks of similar business models and risk profiles across the Eurozone. While many supervisors will have used peer-group analysis previously, the key change here is the move from national to Eurozone peer-groups. The Guidelines highlight that NCAs should pay close attention to atypical performance compared to peers when conducting BMA. Peer-group analysis is also given a role in capital and liquidity risk assessment, where comparability is emphasized as a key consideration of a bank’s ICAAP as well as in setting quantitative liquidity requirements.
• Clearer articulation of Pillar 2 capital requirements: The Guidelines introduce the concepts of Total SREP Capital Requirements (TSCR) and Overall Capital Requirement (OCR) which will be fundamental to the assessment of capital adequacy of firms under base and stress cases (1), with the Guidelines clarifying that firms should operate above OCR under the base case and TSCR in the stress case. This means that the EBA expects firms to operate above both Pillar 1 and Pillar 2 capital requirements under stressed conditions. This effectively crystallises the nature of Pillar 2 requirements as being binding constraints rather than ‘guidance’. The Guidelines also provide details around expectations relating to the composition of capital for Pillar 2 risks – effectively stating that all Pillar 2 risks identified in the Guidelines should be covered by the same quality of capital as Pillar 1 and at least in the same proportion (with some scope for supervisory discretion over any other Pillar 2 risks).
• Focus on liquidity: The Guidelines have a strong focus on liquidity risk management and the role of Internal Liquidity Adequacy Assessment Processes (ILAAP). CRD IV requirements highlighted the need for firms to develop robust liquidity risk management frameworks. Within the EU, countries such as the Netherlands have already outlined their requirements concerning ILAAPs. The Guidelines build on this narrative and place the ILAAP at the centre of the assessment of liquidity and funding risks.
• The supervisory toolkit: Finally, the Guidelines spell out the broad set of supervisory measures available to address concerns discovered during the SREP under CRD IV – ranging from requiring banks to apply specific provisioning policy to mitigate credit risk to making changes to their overall business strategy. Given the significant supervisory measures outlined in the guidelines, firms will need to consider the breadth of supervisory actions and their direct and indirect implications on strategy, business model, internal governance and risk frameworks. Regulatory communication strategies and procedures will assume even more critical importance.
• The importance of data: The Guidelines place significant emphasis on the importance of effective risk data aggregation and reporting by banks. This is proving a significant challenge for Global Systemically Important Banks as they seek to comply with the Basel Committee’s Principles for Effective Risk Data Aggregation and Reporting by the start of 2016. We expect similar challenges for EU banks generally. The principles should no longer be view as directed mainly towards the larger institutions, but as universal in nature.
Implications for banks
UK-based banks may find the Guidelines a familiar read, as a number of their elements are not dissimilar to the current SREP and Supervisory Liquidity Review Process (SLRP) approach. In particular, UK firms are already categorised by reference to their potential systemic impact albeit in five, not four, groups. Additionally, the EBA’s TSCR requirements are comparable to the UK’s Individual Capital Guidance (ICG) regime based on Pillar 1 plus scaling factors which capture Pillar 2 based capital requirements and weaknesses in governance and controls. Overall, the combination of a broad based SREP evaluation process and an underlying concern with viability resonate with the UK’s risk assessment framework as well as its Proactive Intervention Framework (PIF).
However, banks elsewhere in the EU may see a (much) greater change in the supervisory assessments they receive. The Guidelines should feed into the ECB’s approach to supervision, on which more clarity is expected with the publication of a Guide to supervisory practices and methodologies before November this year. The Guidelines also give clues on the granularity of information, and the drive to convergence, which Eurozone supervisors in particular could see under the SSM.
Overall, equipping supervisors with a tool which facilitates scoring and comparing banks’ risk profiles and risk management across peer groups could have significant implications for the industry – potentially establishing current best practices as the benchmark for supervision.
By formalising a score-based SREP framework, the EBA is aiming to improve the consistency of how Pillar 2 is applied in the EU. However, the Guidelines are not intended to establish granular-level procedures and methodologies, and as such some scope for supervisory discretion, and divergence, remains. But this scope is clearly less under the SSM and, over time, the SSM approach should converge across all SSM members. In other words, national supervisory discretion should become increasingly constrained, or at least more consistently exercised.
However, the Guidelines do not give all the answers, nor do they cover all the relevant risks. For example, the treatment of reputational risk remains somewhat vague, which is surprising given how much attention this issue is currently receiving. Moreover, there is no mention of pension scheme risk which has been a big topic for some banks.
The implications and costs associated with the modification of ICAAP and supporting processes may represent an important area of investment for individual firms. In the extreme, the new ICAAP and SREP process, to the extent that it uncovers new risks, may have consequences for a firm’s business model.
Overall, the Guidelines represent a major shift in terms of breath of risk coverage in the SREP and the detail of the approach for carrying it out. Taken at face value, the Guidelines will require a significant increase in the resources dedicated to the SREP, both by banks and, in some cases, by supervisors too.
(1) TSCR = own funds requirements as set out in the Capital Requirements Regulation + additional own fund requirements; OCR = TSCR + capital buffers + macro-prudential requirements
Vishwas Khanna, Manager, Risk and Regulation, Deloitte LLP
Vishwas is a Manager within Deloitte’s Risk and Regulation Practice and specialises in prudential regulation, risk based supervision, ICAAPs and stress testing. Vishwas has experience of working on a wide variety of risk engagements in India, the UK, Ireland, Middle East and the US. LinkedIn
Dea Markova - Assistant Manager, Deloitte EMEA Centre for Regulatory Strategy
Dea is an Assistant Manager in the EMEA Centre for Regulatory Strategy. Her primary areas of focus are the Single Supervisory Mechanism and international, EU and UK insurance regulatory initiatives. She has past experience in financial journalism and an academic background in financial regulation. LinkedIn