Danièle Nouy of ECB spoke at the Second Banking Supervision Conference in Frankfurt, highlighting the progress made by banks in the area of sound governance. Although “banks have made progress” in this area since the start of European banking supervision in 2014, she pointed out areas in which the “progress has been too slow.”
She mentioned that banks must implement the recommendations issued by the Joint Supervisory Teams, with more work still to be done in the following five areas:
- Improving awareness of the importance of the oversight function of boards. Banks should “clearly structure their boards” and the size of their boards should not “impede their work.”
- Ensuring independence within the board. She supported the EBA guidelines in this area, as “independent board members play a key role in providing the checks and balances which are crucial for sound decision-making.”
- Strengthening the link between the board and internal control functions. Risk management, compliance, and internal audit must inform the decisions that are taken at the top, with the heads of these areas reporting regularly and directly to the board of directors. Meanwhile, the board must assess whether internal control functions are working efficiently and effectively.
- Integrating risk appetite frameworks within the organizational strategy. Both financial and non-financial risks must be integrated closely into the entire organization, linked to the overall strategy, and aligned with the remuneration policies.
- Improving data quality. The largest banks need to comply with the principles on risk data aggregation and risk reporting issued by BCBS; “many banks are far from doing so.”
In the context of digitalization offering new opportunities, Ms. Nouy emphasized that banks must ensure that their “three lines of defense” model is adapted to the digital world. As a first line of defense, banks must define additional controls to ensure that IT systems are always available and secure. As a second line, they must define an IT risk strategy, also setting out the desired IT risk appetite. As for the third line of defense, banks must incorporate digitalization into their audit plans and the related methods and processes. Such changes and developments put governance frameworks to the test; it remains to be seen whether they be able to ensure that banks make sound decisions. She added that risk management is one of the supervisory priorities for 2018. In that context, ECB will assess the internal models banks use to determine their risk-weighted assets. ECB also expects banks to improve their internal capital and liquidity adequacy assessment processes (ICAAP and ILAAP).
In conclusion, Ms. Nouy reinforced that banks must improve and adapt their internal governance frameworks to address these challenges. Supervisors will take the stance of being “tough and intrusive” and plan to use all tools that have been developed in the recent years.
Related Link: Speech
Previous ArticleEIOPA Q&A on Regulations: First Update for March 2018
Next ArticleEBA Single Rulebook Q&A: First Update for April 2018
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.