Integrating Resolution Planning into Risk Management Architecture and Change Programs

Designing, implementing, executing, and deploying effective recovery and resolution plans (RRPs, or “living wills”) have become one of the more important and complex risk management requirements imposed on financial institutions by regulators.¹

In the US, more than 120 banking organizations are subject to resolution planning requirements.² Under these requirements, when a resolution plan is not credible and does not meet the regulatory expectations, regulators can force a series of remedial actions, including, but not limited to, assessing the feasibility of the covered company's plans (including timeframes) for executing any sales, divestitures, restructurings, recapitalizations, or other similar actions, as well as assessing the impact of any sales, divestitures, restructurings, recapitalizations, or other similar actions on the value, funding, and operations of the institution, its material entities, critical operations, and core business lines.

Similarly, the EBA requested resolution plans of the 39 largest cross border banks in 2013. This was driven by the Recovery and Resolution Directive, which applies to all credit institutions and major investment firms, rather than just to banks or systemically important firms. The national authorities retain the right to apply the requirements proportionately to non-systemic firms.

The EBA launched a consultation on draft Regulatory Technical Standards (RTS) on resolution planning in July 2014. The consultation runs until October 9, 2014.

A recovery plan defines the resolving and liquidation strategy for a financial institution after incurring losses beyond the available capital under a stressed scenario to restore the business to a stable state. Therefore, the analytical quantification of those events plays an important role when designing a resolution plan and the projected minimum loss absorbance capacity (MLAC) under stress.

A resolution plan defines the resolution powers use of recapitalization, restructuring and/or transfer or wind-down of a firm’s businesses, returning to systemic stability, and protecting critical economic functions without help from the public sector.

In the UK, critical economic functions are defined as business activities that potentially have a detrimental effect on the economy and financial system if a wind-down is not coordinated in a systematic fashion. Critical economic functions are agreed with the FCA and resolution planning is based on those functions.

It is important to note that recovery and resolution planning is driven by the legal entity mind-set of the regulators versus the business unit mind-set of banks.

Meeting multiple RRP requirements from various jurisdictions is certainly posing challenges for Systematically Important Financial Institutions (SIFIs). As the requirements from the various regulators start to impact these SIFIs, we expect to see some degree of convergence in terms of minimum regulatory expectations.

From an operational point of view, there are three types of resolution strategies adapted to the financial and corporate structure of banks, regulatory regimes, business models, and jurisdictions:

1. Single point-of-entry (SPE)
2. Multiple points-of-entry (MPE)
3. Hybrid points-of-entry (HPE)

Under the SPE resolution strategy, a resolution is initiated for the whole banking group (parent company) and led by a single authority. This strategy is usually suitable for centralized banking groups where subsidiaries are not self-sufficient (e.g., funding and capital is provided to the subsidiaries by the group).³

Under the MPE resolution strategy, the resolution can be initiated for one subsidiary of the banking group without contagion effects to the parent or other subsidiaries; thus, avoiding having to resolve the whole banking group. One or multiple authorities for each jurisdiction where the subsidiary is legally established can lead the MPE. This strategy is usually more suitable for international retail banks that are self-sufficient and where capital and funding is located locally.

The HPE resolution strategy is a combination of both the SPE and MPE resolution frameworks. The HPE provides additional flexibility to banks with a decentralized corporate structure across regions and/or multiple regulations (e.g., cross-border resolution initiatives). This strategy is more suitable for those international banks with subsidiaries located in both diverse geographies with an acting single regulator (e.g., Single Supervisory Mechanism in Europe), as well as geographies with their own regulatory bodies and capital, liquidity, and resolution requirements.⁴

There is a trade-off between SPE and MPE resolution plans. From an MLAC perspective, SPE resolution mechanisms are usually more efficient than the MPE or HPE frameworks where capital is distributed across subsidiaries. On the other hand, MPE and HPE frameworks reduce the contagion risk and potentially guarantee the survival of the banking group without disrupting the operations of subsidiaries not subject to the resolution procedure.

From an enterprise-wide infrastructure point of view, institutions should catalogue the systems and map them to subsidiaries and legal entities. At this stage, they should also evaluate the enterprise-wide risk architecture to ensure that it is aligned with a resolution plan. For example:

• Build policies, procedures, and internal controls governing the preparation and the approval of a resolution plan
• Describe the interconnections and interdependencies among the holding companies and their entities
• Create recovery strategies and operational plans

• Pinpoint recovery triggers
• Establish the severity of scenarios

• List all entities within an institution’s organizational structure and the information relating to each of them
• Map critical operations and core business lines
• Generate information regarding material liabilities, off-balance sheet exposures, derivatives, trading, hedges, and major counterparties (mapped to material entities)

• Ensure that the architecture for risk management, data consolidation, and aggregation is flexible and adaptable to all the potential resolution scenarios
• Generate reporting at a legal entity level – not only at a business unit level – with risk management architecture and systems (intra- group exposures, hierarchy, and their seniority should easily be identified and reported)
• Stress testing architecture should calculate the MLAC, optimize the allocation under different resolution strategies, and align with a business model and cross-border, jurisdiction-specific regulatory requirements

• Plan the potential data disruptions to subsidiaries at a group level and ensure business continuity must work under all the potential scenarios, regardless of which subsidiary has initiated the resolution
• Evaluate the ownership of the data and cross- border architecture design implications in terms of data privacy and data quality

Designing a resolution plan also affects the data aggregation strategy, models and analytics, processes, infrastructure, governance, risk management architecture, and reporting systems. Therefore, leadership should focus on numerous aspects, including designing risk management infrastructure change programs given the strategic nature of the resolution plan for banks and evaluating the significant implications in their legal, technological, and business model structures.

Some of these aspects are listed:

• Governance framework and risk assessment
• Design and relevance of assumptions for the business model and legal structures
• Data aggregation and reporting strategy (across both legal entities and business lines
• Infrastructure deployment and change program roadmap
• Stress testing architecture
• Contingency planning and funding model
• Capital planning
• Scenario design and challenger plans
• Ability to leverage existing analytics and processes
• Quantification, aggregation, and automation of local stress testing frameworks
• Efficiency of capital and liquidity allocation; calculation of the MLAC
• Systemically important financial institution, (SIFI) requirements (e.g., for those institution subject to the SIFI classification in the host country and/for the subsidiaries)

Due to the strong links between a firm’s Contingency Funding Plan (CFP) and its stress and reverse stress testing, more advanced firms are investigating ways to leverage these and other existing data sources – identifying commonalities in stress tests, risk appetite/tolerance/limits, reporting, and escalation criteria, etc.

Finally, resolution plans provide a strong incentive for redesigning the infrastructure change program by identifying the gaps in the current risk management and data aggregation infrastructure, as well as achieving synergies under true enterprise-wide risk management architecture. Those institutions that accelerate the change program in those areas will maximize their return on investment and meet the regulatory requirements more efficiently, while adding value for the business, creditors, and equity holders.