Governance, operational resilience, and business models remain crucial for banks in an environment of rising rates and digital banking
Interviews | 8 March 2023
In an interview, Korbinian Ibel, Director General at the European Central Bank (ECB), shares insight on how bank-specific direct supervision works, what the current risks and challenges are, and priorities to look out for in the coming years.
What does the Banking Supervision arm of the European Central Bank do? Find out about its policies, methodologies, practices, and activities on its website. To learn more about how Banking Supervision is organised, see details here.
The ECB has organised bank-specific direct supervision in three directorates, based on the business model of the supervised banks:
Directorate General Universal & Diversified Institutions (DG/UDI) includes all the universal banks and all the diversified lenders (around 40 banks);
Directorate General Systemic & International Banks (DG/SIB) includes the largest and systemic banks;
Directorate General Specialised Institutions and LessSignificantInstitutions (DG/SPL) includes specialised lenders, and the institutional and sectoral oversight.
When looking at the three areas involved in bank-specific direct supervision, are there differences in terms of risk mapping or in the way banks are supervised?
There is no difference in terms of risk mapping, but there is a difference in the approaches we take when we address the risk. A joint supervisory team (JST) is composed of ca. 1/3 ECB and 2/3 NCA/NCB staff. The JSTs for each global systemic and international bank (GSIB) is larger than the JST for the universal and diversified institutions (UDI). Also, in DG/UDI we supervise business models which are not as complex as those of the globally systemic banks.
Still, the risk types we address are the same, and the largest bank in DG/UDI has nearly 1 trillion-euro assets. Within DG/UDI we have a wide geographical spread of banks – 14 European countries – from Finland to Cyprus. There are great differences among these institutions, and we use a proportionate approach in our supervision. We engage a lot of the specialists from the Directorate General Horizontal Line Supervision (DG/HOL) when our JSTs need additional specialised skills.
The Single Supervisory Mechanism (SSM) recently published its supervisory priorities for 2023-2025. The focus on strengthening banks’ resilience remains and the EU institutions should address deficiencies in their credit risk management frameworks to boost their resilience to potential asset quality deterioration and to swiftly identify and mitigate any build-up of risks. The SSM is now also highlighting the funding risks, as sound planning and diversified funding sources can help banks maintain reliable access to funding, also if funding conditions should become less favourable in the future. In addition, the SSM will continue ensuring that banks address deficiencies in digitalisation strategies effectively and strengthen their management bodies’ steering capabilities. Banks’ governance will always be a priority in banking supervision. Digitalisation is extremely important for the SSM: as supervisors, we will focus on ensuring that banks have sound strategies and adequate arrangements in place to address the challenge. Deficiencies in operational resilience frameworks, including IT and cyber security, and in risk data aggregation and reporting are also in the SSM focus. Finally, stepping up the efforts to address climate change is a clear priority for the SSM and last year we had both a stress test and a thematic review in this area. EU banks have made great efforts and much progress in this area when compared to a few years ago.
How will the SSM approach its direct supervisory practices in the environment of growing interest rate risk banks have? How will the SSM monitor these risks in the coming months and years? In terms of leverage, operational resilience, and cost effectiveness, what are your expectations towards banks’ management? Do you see this context preventing banks in the euro area from consolidation?
When inflation and interest rates started to increase last year, the SSM performed a review on a wide sample of banks, focussing on rising interest rates’ risks. In the short term, higher rates will increase the net interest income (NII) for most banks. At the same time, this can negatively affect the banks’ economic value of equity, especially if banks have locked-in fixed interest rates for long term assets (e.g., the mortgage book), while the short-term funding reprices faster. In the medium term, such an “asset sensitive” exposure, produced by the sensitivity of the banks’ assets to interest rates being higher than the liabilities’ one, might worsen long-term earnings and capital adequacy prospects, which in turn undermines the sector’s ability to attract investments.
Banks make use of internal models when assessing their exposure to interest rate risk, in particular to account for changes in customer preferences and behaviours on some particular balance sheet components (e.g., non-maturing deposits, loan prepayment, etc.). Banks, in this respect, are expected to carefully calibrate the time window over which the estimation of their model is performed to account for periods of both high and low interest rates as consumer preferences may change when the macro-economic conditions shift away from the “low for long” rate environment and extraordinary monetary policy support is withdrawn. Now, as rates are rising fast, deposits rates start rising too, and institutions may start competing for deposits more aggressively. The higher the rates, the more attractive the deposits’ rate, the greater the competition to attract new depositors. There is no clear trend we can detect now although we cannot disregard the risk that there might be new players entering the financial industry and try to aggressively attract deposits from established banks. For instance, if a big tech with a well-established platform enters this market, it will have already a large customer base, which constitute a competitive advantage, without being burdened by legacy assets locked in with lower rates, which sets the ground for the possibility to offer higher returns to the customers. If this happens, banks will realise that their deposit models might have been too optimistic and will have to reprice their deposits much more than anticipated in the models while the asset side will be locked in with lower rates products.
The deposit modelling is a very specific topic which deserves full Management Body’s attention. They might benefit from making themselves better aware of the content of their behavioural deposit models. That is why we raised this point in our recent deep dives. We have identified outlier banks and the banks with the most aggressive modelling had a discussion with us in order to raise their awareness.
Operational resilience is a very big topic for us as well. If one looks at the media reports, most big issues do not happen because of a cyber-attack, but because of a new software release or an internal update gone wrong. Operational resilience must cover these internal issues as well as externally driven events and we as supervisors put a lot of efforts there. For example, the backup data centre and the primary data centre should not be geographically too close. Too close in this sense refers to being at risk to be affected by one single event. And this is not only subject to physical distance, but also to the conditions of the environment. In effect, banks should be able to continue to provide their services even in adverse situations: for example, in unexpected weather conditions or floods, in case of internal mistakes, but also if cyber-attacks happen. In our supervision we apply regulation from the European Banking Authority (EBA), for example on ICT and Security Risk Management, but also the Principles of Operational Resilience from the Basel Committee on Banking Supervision. And we expect that banks apply these regulations. We perform intrusive on-site inspections covering this risk area, and the JSTs, in their daily discussions with the banks, also assess whether banks apply the regulations. We also have a cyber-incident reporting process where banks must report significant cyber incidents to the ECB. All of this is normal supervisory day-to-day business.
We see that the degree of outsourcing and the use of cloud services is heavily increasing, IT outsourcing grew by 14% and cloud expenses grew by 45% last year alone. Outsourcing is a crucial element for banks. If a cloud service would stop working, whatever the reason, many banks might find themselves in a very unpleasant situation. And since there are not many cloud providers, the potential concentration risk should be carefully considered.
During the years of ongoing onsite inspections, has the ECB noted improvements in the quality of data provided by the significant European banks? Is there a particular area there where deficiencies still exist and how can banks approach these more constructively?
While we can observe some improvements in the area of risk data management, overall there is less progress than expected. Gaps vis-à-vis to supervisory expectations still exist and the push towards further advancement needs to continue. Accurate risk data availability is critical for the bank management, as much as it is for supervisors. The nature of new risks is usually that they are not known a priori, so one doesn’t know which data are needed. Therefore, banks need to have their data ready in a way to slice and dice flexibly. The capability of constructing and deconstructing bank’s risk exposures in the IT systems is essential.
Limitations in the IT systems and in human interfaces exist. Asking front office workers to add data they do not see any use for, usually doesn’t lead to perfect data quality. Therefore, the more banks use correctly designed and tested automation in this area, expand their access to information from several sources, assign clear responsibilities and promote a data culture, the better the quality of information likely becomes. In this sense, the real solution lies in an advanced fit-for-purpose IT architecture that does not rely on a lot of manual intervention and effective governance arrangements.
We fully appreciate that changing and modernizing an IT architecture takes much time, money, and effort. Therefore, this will remain as one of our clear supervisory priorities also in the future. While we are aware of all the difficulties, we still expect banks to do more.
We observe increased ability of banks to deliver quick and solid risk data today, which is the result of the right decisions of the banks management in the last decade. Financial entities which focused on modular IT strategies and had enough resources to implement them, are in a better position today.
The ECB has been focusing on sustainability, digitalization, and governance for some time now. Do you see these areas keeping their prevalence in the supervisory approach of SSM? What developments (if any) do you expect in the OSI’s and IMI’s methodology in relation to these three points? What changes should banks anticipate regarding SSM’s supervisory priorities in 2023? Finally, will the ECB issue new guidance?
The ECB will always develop further in the areas of sustainability, digitalisation, and governance, as they are “evergreens” in supervision. Every day there are new changes in the environment, and a good governance develops and adapts accordingly. We also constantly need to adapt our supervisory methodologies. If we look at digitalisation, this is a very broad and heterogenous topic. We don’t only care about the front end in our work on digitalisation. We are looking at the degree of digitalisation of the entire bank, including the straight-through process capabilities. Banks need to continue their digital transformation, while adequately identifying and mitigating risks, including by keeping their systems safe, resilient, and sound.
Presently, we have coordinated on-site inspections on cyber security, and in 2022 we also started with coordinated on-site inspections focused on digital transformation. With this coordinated approach, we have clusters of onsite inspections with aligned scopes and conducted using the same methodology within a certain time window. Afterwards, we consolidate the results to take a horizontal view on the outcomes of the inspections.
The Prudential Regulation Authority (PRA) is putting together a new “Strong and Simple” regulatory regime in the UK and has also consulted on its own cut of Basel 3.1. These developments indicate that there could be a lot more regulatory divergence between the UK and EU than before. How would this divergence impact the supervision of branches or subsidiaries of UK banks operating in the EU, and vice versa?
We understand that this special regime would apply to small domestic banks and it’s for the UK only. There is no expected influence on the EU banks. We expect the UK to largely follow the globally agreed Basel rules for their internationally active banks. But the jury is still out: in both the UK and the EU the legislative process is still ongoing, and we need to wait and see the final outcomes on both sides of the Channel, before we will get a better view on the regulatory divergences. That said, we will ensure that any activities of UK-based entities in the EU – be it through subsidiaries or branches – is properly supervised,
We expect from their entities, which operate in the EU and have risk here, to maintain their risk management here as well.
The ECB, together with the EBA, has recently voiced that those deviations from Basel standards decided at the EU level could harm banks reputation and competitiveness. If those deviations were to be maintained in the final legislative text, especially on credit risk, should we expect the ECB to correct this bias via pillar 2 capital requirements?
We should faithfully implement Basel III. When implementation is not done properly, we cannot rule out the Basel Committee labelling the EU to “non-compliant” (the lowest possible rate) with the Basel rules. We should deliver an implementation of the Basel rules as close as possible to the internationally agreed standards in order to be seen by our international peers as a trusted partner. If not, in the end the European banks will be paying the price, as international investors will put a discount on the numbers of European banks.
Related posts
The insurance industry in flux: what changes are currently unfolding?
The regulatory requirements for insurance companies are becoming increasingly complex. In this interview, Marc Böhlhoff and Thomas Volkmer, Partners at Mazars in Germany, discuss the impact of this change on the industry and delve into what it means for the operations of auditing and consulting firms. Mr. Volkmer, the insurance industry is undergoing rapid change. What […]
Banking: crisis, what crisis?
The rapid collapse of one of Switzerland’s most emblematic banks, following the demise of tech lenders on America’s west coast, has raised concern over banking stability. What are the consequences for the sector, the economy and for society? Gregory Marchat, Global Head of FS Advisory, and Emmanuel Dooseman, Global Head of Banking and Capital Markets, […]
Implications of Covid-19 for the LSIs and the supervisory focus: an interview with Patrick Amis, ECB
On 19 January 2022, Mr Patrick Amis, the head of ECB Directorate General Specialised Institutions and Less Significant Institutions (DG/SPL) had a formal meeting with Mazars to discuss the implications of the pandemic for the LSIs and the supervisory focus. The main risks outlined by Mr Amis, were in the areas of NPLs, digitalisation, IRRBB, […]
Injecting noise into the discussion
Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Sustainable Development Office (FfDO) of the United Nations, examines the role of tax toolkits for developing countries from a personal perspective. The Platform for Collaboration on Tax (PCT) involving the UN, OECD, IMF and the World Bank, is certainly a good example […]
Building a more inclusive tax model
Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Sustainable Development Office (FSDO) of the United Nations, discusses, from a personal perspective, a range of key issues on the UN’s approach to transfer pricing. In 2019 the United Nations Tax Committee issued draft guidance on financial transactions. It was finalized in […]
A Tax Playbook for the Digitalised Economy (Part 2)
In a series of articles aimed at promoting debate on the evolution of international tax regimes, Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Sustainable Development Office (FSDO) of the United Nations, discusses the tax-related challenges governments, professionals and practitioners face. Following on from the first article on this topic, […]
A Tax Playbook for the Digitalised Economy (Part 1)
In a series of articles aimed at promoting debate on the evolution of international tax regimes, Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Development Office (FfDO) of the United Nations, discusses the tax-related challenges governments, professionals and practitioners face. In the first of this two-part article, Mr Lennard expresses […]
Creating a More Homogenous Financial Reporting Platform: An Interview with Javier de Frutos, Chairman of EFFAS
Financial reporting is witnessing a period of evolution as the needs of users become more complex. Javier de Frutos, Chairman of the Commission on Financial Reporting of the European Federation of Financial Analysts’ Societies (EFFAS) and CIO at the investment firm Sailbridge Capital in New York talks to Mazars about his thoughts on the direction […]
Interview with Nadia Filali, Head of Blockchain Programs at Caisse des Dépôts et Consignations: Is collaboration the key to developing a strong blockchain eco-system?
Nadia Filali is director of blockchain programmes and founder of LaBChain at the French public group Caisse des Dépôts et Consignations. Here Mazars partner Jean Latorzeff and senior managers Emilie Legroux and Christophe Bonnefoy talk to Nadia about the pioneering role Caisse des Dépôts is taking in the development of blockchain technology. Why and how […]
An interview with Ian-Edward Stafrace of Atlas Insurance PCC : Embracing and enabling insurance disruption
As chief risk officer and executive committee member of Atlas Insurance PCC, Ian-Edward Stafrace is passionate about effective enterprise risk management and seeking opportunity from risk. Here Alan Craig and Enrico Federici of Mazars in Malta, talk to him about technological, regulatory and business model changes and how protected cells are enabling innovation. What do […]
Challenges Facing the Insurance Sector : An Interview with AXA Group’s CFO Gérald Harlin
Since 2010, Gérald Harlin has been Group Chief Financial Officer and a member of the Group’s Executive Committee since July 2008. As of July 1st, 2016, he joined the Group’s Management Committee.Here he talks about AXA’s response to challenges facing the insurance sector. What will be the most important issues for the insurance sector in […]
Interview with Foncière des Régions deputy CEO, Olivier Estève : Is the German market the new Eldorado for property investments in Europe?
Foncière des Régions (FDR) is one of the largest European property companies, with assets worth more than 19 billion euros. The company is mainly active in the office, hotel and residential markets in a number of European countries including France, Germany, Italy and Spain. Here we talk to Olivier about what’s driving the group’s recent […]
Arkéa Banking Services : Innovation in Banking
Arkéa Banking Services began life in 2009 by offering white label banking services on behalf of third parties. CEO, Christophe Bitner tells Mazars why offering support to Fintechs is now an important next step. What’s the driving force behind the evolution of Arkéa Banking Services and what are the levers for growth? Christope Bitner: when the […]
Making Big Data Work
The unique business transformation attached to the digital era requires companies to respond with velocity. New systems integrating core transactional assets with mobile and social media have to be used – implying their ability to face volume. Moreover those new systems need to manage enriched operational reality and risks. Laurence Malroux, CEO and President of […]
Permanent tsb: Digitalisation’s role in the ethical banking mix
The arrival of technology has been a game changer for Ireland’s banking industry. Niall O’Grady Commercial Director of permanent tsb (PTSB) talks to Liam McKenna Partner Consulting Services – Mazars Ireland, about how the bank is using digitalisation to create more meaningful relationships with customers. Liam McKenna: Where does technology fit into PTSB’s proposition – as an […]
Bank of Ireland: Placing ethics at the heart of banking
Customers trust their banks with an increasing amount of data that paints a picture not just about their financial situation and preferences, but about their lifestyles. Bank of Ireland’s Garvan Callan, Director, Customer, Digital & Innovation talks to Liam McKenna Partner, Consulting Services – Mazars Ireland, about how ethics and good principles are essential in shaping […]
Innovation in payments with Compte Nickel
Compte Nickel is a current account service accessible to all. Operated by the Financial Supervisory Committee of electronic payments (EPF), this new payment account which has been launched recently in France can be opened in 5 minutes at a newsagent/tobacconist by anyone regardless of income requirement. Ryad BOULANOUAR, President of the the French Financial Supervisory […]
Digitalization at the heart of the transformation of AXA Assistance
Digitalization poses many challenges for AXA Assistance as well as bringing great opportunities. Alexis de Schonen, Digital Transformation and Strategy Director, and Roman Puszka, Chief Compliance Officer and Data Privacy Officer, discuss this issue. Does digitalization play a central role at AXA Assistance? And if so, which one? Alexis de Schonen : Digitalization is the […]
Creating a Digital Map for Unclaimed Policies
3 Questions to Mister Doe When it comes to the administration of dormant bank accounts and unclaimed life policies, the quality of data, the inflexibility of internal procedures and complex processing is causing banks and insurers big problems. Vladimir Nguekam, CEO of digital analytical firm Mister Doe talks to Mazars about how taking a digital approach […]
Raising the bar
One of the key takeaways of integrated reporting is that non-financial information ultimately has an impact on a company’s value. It’s for this reason that insurance giant Generali – an international Group based in Italy – prefers to use the term pre-financial rather than non-financial information. For Massimo Romano, who leads Generali’s Group Integrated Reporting […]
Copyright Forvis Mazars 2024
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy