In recent years, consumers’ and investors’ interest in sustainability has been growing. Since 2015, assets under management in ESG funds have nearly tripled, the outstanding value of green bonds issued by residents of the euro area has surged eightfold, and emission-related derivatives have seen a more than sevenfold increase¹. 

The global push for sustainable and environmentally responsible practices has led to an increased focus on the role of financial institutions in supporting green initiatives. One of the ways financial institutions use to incentivise sustainable investments, is by designing new products, such as blue bonds to protect marine areas and other sustainability-linked bonds², or by transitioning to funding sectors with positive sustainability impact.

However, amidst the growing wave of environmental consciousness, the credibility of "green" claims made by some financial institutions is a point of concern. This phenomenon, known as greenwashing, is gaining attention, not only within financial institutions, but also with regulators. Financial regulators, including the European Supervisory Authorities (ESAs) and UK’s Financial Conduct Authority (FCA) have taken action against potentially misleading green statements made by institutions. Despite these regulatory interventions, the persistent risk of greenwashing persists, primarily due to the absence of consistent standards governing sustainability claims and disclosures. The lack of uniform criteria poses an ongoing challenge to effectively combatting greenwashing practices within the financial landscape.

Defining Greenwashing

The ESAs describe greenwashing as “a practice where sustainability-related statements, declarations, actions, or communications do not clearly and fairly reflect the underlying sustainability profile of an entity, a financial product, or financial services. This practice may be misleading to consumers, investors, or other market participants” ³.

Financial institutions, as key players in the global economy, play a crucial role in fostering sustainability. However, some have been accused of using deceptive practices to push their green image without making substantial changes. This practice may be misleading to consumers, investors, and other market participants.

In practice, greenwashing can take different forms depending on the institution. For insurance companies, the European Insurance and Occupational Pensions Authority (EIOPA) found in their Advise to the European Commission on Greenwashing⁴ various examples where insurers misleadingly claimed to be transitioning their underwriting activities to net zero by 2050 without any credible plans to do so. Other examples include insurance companies falsely claiming to plant trees for each life insurance policy sold but failing to fulfil this promise, or products being marketed as sustainable merely because of a positive "ESG rating," despite the rating not taking into account any actual sustainability factors and focusing solely on financial risks.

Withing the banking sector, the EBA reported⁵ that the most common misleading claims relate to the current approach to integrating sustainability into the business strategy, claims on the sustainability results and the real-world impact, and claims on future commitments on medium and long-term plans.

Finally, for investment companies and pension funds, the European Securities and Markets Authority (ESMA) reported⁶ that most the common greenwashing practices result from exaggerated claims without any proven link between and ESG metric and the real-world impact.

Key Indicators of Greenwashing:

1. Vague and Ambiguous Language: Financial institutions engaging in greenwashing often use vague terms and ambiguous language in their marketing materials. This lack of clarity makes it challenging for consumers to discern the actual environmental impact of their investments.
2. Lack of Transparency: Genuine commitment to sustainability involves transparency about investment choices and the environmental impact of financial products. Institutions that are less forthcoming about their practices may be concealing less-than-green investments.
3. Inconsistent Policies: Greenwashing is also evident when there is a misalignment between a financial institution's sustainability claims and its actual policies and practices. Actions, or lack thereof, can speak louder than words.

The Role of Regulatory Bodies

Greenwashing poses potential reputational and financial risks for the institutions involved. Addressing greenwashing might not only improve consumer’s trust in the products and services offered by financial institutions, but also will allow customers to make informed decisions that are align with their sustainability preferences and increase the capital into products that genuinely represent a more sustainable choice and drive a positive change. Tackling greenwashing should therefore be a priority for regulatory supervisors.

The introduction of the EU’s Taxonomy Regulation and the Sustainable Finance Disclosure Regulation (SFDR) addresses the initial concerns of greenwashing within the financial sector. The Taxonomy determines which economic activities are environmentally sustainable and addresses greenwashing by enabling market participants to identify and invest in sustainable assets with more confidence. SFDR promotes openness and transparency in sustainable finance transactions and requires Financial Market Participants to share the environmental and social impact of their transactions with stakeholders. In May 2023, the ESA published their progress report on greenwashing monitoring and supervision⁷. The report aims to provide insights into an understanding of greenwashing and identify the specific forms it can take within banking. It also evaluates greenwashing risk within the EU banking sector and determines the extend to which it might be and issue from a regulatory perspective.

In the UK, the FCA published in November 2023 a guidance consultation on the Anti-Greenwashing Rule⁸. The anti-greenwashing rule is one part of a package of measures introduced through the Sustainability Disclosure Requirements (SDR). The anti-greenwashing rule requires FCA-authorised firms to ensure that any claims they make to the sustainability characteristics of their financial products and services are consistent with the actual sustainability characteristics of the product or service and are fair, clear and not misleading, and have evidence to back them up. The propose rule will come into force on 31 May 2024.

While the existing and planned regulation contributes to addressing aspects of greenwashing, several measures have not yet fully entered into application, making the impact of the frameworks not visible yet. Beyond disclosures, regulators should also focus on tightening requirements on sustainability data and ratings, and creating mandates to prevent misleading statements and unfair commercial practices.

Going forward, as regulators gain more experience to comprehensively address greenwashing, financial institutions should expect increased supervision and enforcement of sustainable finance policies aimed at preventing misleading sustainability claims.

Actions to mitigate greenwashing risk

One of the biggest challenges financial institutions faced in relation to sustainability is that scientific progress, policy development and social values are in constant evolution. What was a well-supported green initiative two years ago can potentially be considered as greenwashing today.

In the meantime that stricter regulations and guidance is in place, financial institutions should take a broad view on how to develop and communicate sustainability strategies to mitigate greenwashing risk.

Here are three ways on how to prevent greenwashing:

1. Promote disclosure: financial institutions should publish comprehensive sustainability reports and disclose ESG information as part of their financial reports.
2. Commit to transparency: claims about environmental aspects or performance of their products should be justified with science-based and verifiable methods. Financial institutions should be transparent about their ambitions, status, and be open about any shortcomings they identified.
3. Align business practices with purpose:  financial institutions should determine which climate-related and environmental risks impact business strategy in the short, medium and long term. They should reflect climate-related and environmental risks in business strategies and its implementation. In addition, they should balance sustainability ambitions with the reality of real transformation.

Zanders’ approach to managing reputational risk

Avoiding greenwashing should always be a priority for institutions. If a risk arises in this area, reputational risk management can help to limit negative effects. Due to the interdependencies between ESG, reputational, business and liquidity risk, the supervisory authorities are also increasingly focusing on this area.

In the context of reputational risk management, we recommend a holistic approach that includes both existing and new business in the analysis. In addition to identifying critical transactions from a reputational perspective, the focus is also on active stakeholder management. This requires cross-departmental cooperation between various units within the institution. In many cases, the establishment of a reputation risk management committee is key to manage that topic properly within the institution.

Conclusion

While many financial institutions genuinely strive for sustainability, the rise of greenwashing highlights the need for increased vigilance and scrutiny. Consumers, regulators, and industry stakeholders must work together to ensure that financial institutions align their actions with their environmental claims, fostering a truly sustainable and responsible financial sector.

Curious to learn more? Please contact: Elena Paniagua-Avila or Martin Ruf

Model risk from risk models has become a focal point of discussion between regulators and the banking industry. As financial institutions strive to enhance their model risk management practices, the need for robust model risk quantification becomes paramount.​​

An introduction to model risk quantification​

Many firms already have comprehensive model risk management frameworks that tier models using an ordinal rating (such as high/medium/low risk). However, this provides limited information on potential losses due to model risk or the capital cost of already identified model risks. Model risk quantification uses quantitative techniques to bridge this gap and calculate the potential impact of model risk on a business. ​

The goal of a model risk quantification framework​

As with many other sources of risk within a financial institute, the aim is to manage risk by holding capital against potential losses from the use of individual models across the firm. This can be achieved by including model risk as a component of Pillar 2 within the Internal Capital Adequacy Assessment Process (ICAAP).​

Concepts in Model Risk Quantification​

Impacts of Model Risk​

Model risk significantly influences financial institutions through valuations, capital requirements, and overall risk management strategies. The uncertainties tied to model outcomes can have profound impacts on regulatory compliance, economic capital, and the firm's standing in the financial ecosystem.​

Model tiering​

Model tiering is a qualitative exercise that assesses the holistic risk of a model by considering various factors (e.g. materiality, importance, complexity, transparency, operational intricacies, and controls).​

The tiering output grades the risk of a model on an ordinal scale, comparing it to other models within the institute. However, it doesn't provide a quantitative metric that can be aggregated with other models.​

Overlap with quantitative regulations​

Most firms already perform quantitative processes to measure the performance of Pillar 1 models that impact the regulatory capital held (such as the VaR backtesting multiplier applied to market risk RWA).​

Model Risk Quantification Framework​ - The Model Uncertainty Approach​

A crucial step in building a robust model risk quantification framework is classifying and assessing the impact of model risk. The model uncertainty approach is an internal quantitative approach in which model risks are identified and quantified on an individual level. Individual model risks are subsequently aggregated and translated into a monetary impact on the bank.   

​Regulatory Model Risk Quantificaiton Methods​ - RNIV, Backtesting Multiplier, Prudent Valuation and MoC​

Most banks are already familiar with quantification techniques recommend by regulators for risk management. Below we highlight some of these techniques that can be used as the basis for expansion of quantification within a firm. ​

Expanding Model Risk Quantification​

Our approach to efficient measurement relies on two key components. The first is model risk classifications to prioritize models to quantify, and the second is a knowledge base of already implemented regulatory and internally developed techniques to quantify that risk. This approach provides good risk coverage whilst also being extremely resource efficient.​

Looking to learn more about Model Risk Management? Reach out to our experts Dr. Andreas Peter, Alexander Mottram, Hisham Mirza.

In October 2023, the European Banking Authority (EBA) published a report[1] with recommendations for enhancements to the Pillar 1 prudential framework to reflect environmental and social (E&S) risks, distinguishing between actions to be taken in the short term and in the medium to long term. The short-term actions are to be taken into account over the next three years as part of the implementation of the revised Capital Requirements Regulation and Capital Requirements Directive (CRR3/CRD6).

The EBA report follows a discussion paper on the same topic from May 2022[2], on which it solicited input from the financial industry. In this note, we provide an overview of the recommended actions by the EBA that relate to the prudential framework for banks. The EBA report also contains recommended actions for the prudential framework applying to investment firms, but these are not addressed here.

If the EBA’s recommendations are implemented in the prudential framework, in our view the most immediate implications for banks would be:

• When using external ratings to determine own fund requirements for credit risk under the standardized approach (SA) of Pillar 1, ensure that E&S risks are explicitly considered when evaluating the appropriateness of the external ratings as part of the due diligence requirements.
• When calculating own fund requirements for credit risk under the internal-ratings-based (IRB) approach, embed E&S risks in the rating assignment, risk quantification (for example through a margin of conservatism or the downturn component) and/or expert judgment and overrides.
• To assess E&S risks at a borrower level, establish a process to obtain and update material E&S-related information on the borrowers’ financial condition and credit facility characteristics, as part of due diligence during onboarding and ongoing monitoring of the borrowers’ risk profile.
• For IRB banks, embed E&S risks in the credit risk stress testing programs.
• Ensure that E&S risks are considered in the valuation of collateral, specifically for financial and real estate collateral.
• For market risk, embed environmental risks in trading book risk appetite, internal trading limits and the new product approval process. Furthermore, for banks aiming to use the internal model approach (IMA) of the Fundamental Review of the Trading Book (FRTB) regulation, environmental risks need to be considered in their stress testing program.
• For operational risk, identify whether E&S risks constitute triggers of operational risk losses.

We note that many of these implications align with the ECB’s expectations in the ECB Guide on climate-related and environmental risks[3].

Background

The EBA report considers both environmental and social risks, which the EBA characterizes as follows:

• As drivers of environmental risks, EBA distinguishes physical and transition (climate) risks. It does not explicitly refer in the report to other environmental risks, such as a loss of biodiversity or pollution, but in an earlier report the EBA considered these as part of chronic physical risks[4].
• EBA considers social factors to be related to the rights, well-being and interests of people and communities, including factors such as decent work, adequate living standards, inclusive and sustainable communities and societies, and human rights. As drivers of social risks, EBA distinguishes environmental factors (as materialization of physical and transition risks may change living standards and the labor market and increase social tensions, for example) as well as changes in policies and market sentiment. These may in part be driven by actions taken to meet the United Nation’s sustainable development goals (SDGs) in 2030.

In line with the ECB Guide on climate-related and environmental risks[5], the EBA does not view E&S risks as stand-alone risks, but as drivers of traditional banking risks. This is depicted in Figure 1. The report considers the impact on credit, market, operational, liquidity and concentration risks and reviews to what extent E&S risks can be reflected in capital buffers and the macro-prudential framework. It does not explicitly consider the securitization framework, although this will be implicitly affected by impacts on credit risk. The EBA does not see an impact of E&S risks on the (risk-insensitive) leverage ratio, and therefore does not consider it in the report.

Figure 1: Examples of transmission channels for environmental and social risks (source: EBA).

The EBA notes that the Pillar 1 framework has been designed to capture the possible financial impact of cyclical economic fluctuations, but not to capture the manifestation of long-term environmental risks. It is therefore important to keep the main principles that form the basis of the prudential framework in mind when contemplating adjustments to reflect E&S risks in the prudential framework. The main principles as highlighted by the EBA are summarized below.

Main principles of the prudential framework and the relation to the horizon for E&S risks  

With repect to the framework in general:

• Own fund requirements are intended to cover potential unexpected losses. In contrast, expected losses are directly deducted from own funds, and are generally captured in the accounting rules through provisions, impairments, write-downs and appropriate valuation of assets.
• The purpose of own fund requirements is to ensure resilience of an institution to unexpected adverse circumstances, before appropriate mitigating actions and strategy adjustments can be implemented. Therefore, environmental factors that can affect institutions in the short to medium term are expected to be reflected in the prudential framework. However, for those with an impact in the longer term, institutions are expected to take appropriate mitigating actions in their strategy.
• The high confidence level used in the Pillar 1 framework to protect institutions from risks over the short to medium horizon may no longer be achievable and appropriate if longer horizons would be considered.
• To the extent that institutions are exposed to E&S risks in relation to their specific strategy and business model, coverage of these risks in the Pillar 2 own-fund requirements instead of Pillar 1 could be appropriate. In addition, reflection of these risks in the Pillar 2 guidance for stress testing may be considered.

With respect to the internal-ratings-based (IRB) approach for credit risk:

• The Probability of Default (PD) represents a one-year default probability, which is required to be calibrated based on long-run average (‘through-the-cycle’) default rates. As such, longer-term risk characteristics of the obligor may be taken into account.
• The Credit Conversion Factor (CCF) as an estimate of potential additional drawdowns before default naturally relates to the one-year time horizon for the PD, but is expected to reflect the situation of an economic downturn.
• The time horizon for the Loss Given Default (LGD) extends to the full maturity of the exposure and/or the collection process and its calibration is also expected to reflect the situation of an economic downturn.  

In the following sections we summarize the EBA recommendations by risk type.

Credit risk

The recommendations of the EBA largely put the burden on financial institutions to take E&S risks into account in the inputs for the existing Pillar 1 framework and/or to apply conservatism or overrides to the outputs. It does not recommend to include explicit E&S risk-related elements in the determination of risk weights for rated and unrated exposures in the SA or in the risk-weight formulas of the IRB. The main reasons for not doing so are that it is not clear what common and objective E&S-related factors should be used as input, what the proper functional form would be, a lack of evidence on which the size of an adjustment could be based so that it results in proper risk differentiation, and the risk of double counting with the reflection of E&S risks in the inputs to the existing own funds calculations under Pillar 1 (external ratings in the SA and PD, LGD and CCF in the case of IRB). However, the EBA will continue to evaluate this possibility in the medium to long term. The EBA also does not recommend introducing an environment-related adjustment factor to the risk weights resulting from the existing Pillar 1 framework[6].

Recommended actions for credit risk

• SA) The EBA encourages rating agencies to integrate environmental and social factors as drivers in the external credit risk assessments and to provide enhanced disclosures and transparency about the rating methodologies.
• (SA) Financial institutions to explicitly consider environmental factors in the due diligence that they are required to perform when using external credit risk assessments.
• (IRB) Financial institutions to reflect E&S risks in the rating assignment, risk quantification (for example through a margin of conservatism or the downturn component) and/or expert judgment and overrides, without affecting the overall performance of the rating system. In this context:
  • Quantification of risks must be based on sufficient and reliable observations;
  • Overrides should be for specific, individual cases where the institution believes there is material exposure to E&S risks but it has insufficient information to quantify it. Such overrides need to be regularly assessed and challenged;
  • If an institution derives PDs for internal rating grades by a mapping to a scale from a credit rating institution, it needs to consider whether the default rates associated with the external scale reflect material E&S risks.
• To assess E&S risks at a borrower level, institutions need to have a process to obtain and update material E&S-related information on the borrowers’ financial condition and on credit facility characteristics, as part of the due diligence during onboarding and ongoing monitoring of borrowers’ risk profile.
• (IRB) Financial institutions to consider E&S risks in their stress testing programs.
• (SA, IRB) Financial institutions to ensure prudent valuation of immovable property collateral, considering climate-related physical and transition risks as well as other environmental risks. The prudent valuation should be considered at origination, re-valuation and during monitoring.

• (SA) Financial institutions to monitor that environmental factors are reflected in financial collateral valuations through market values under Pillar 1 and valuation methodologies under Pillar 2.
• (SA) The EBA to consider whether benefits from the Infrastructure Supporting Factor (ISF) should only be applied to high-quality specialized lending corporate exposures that meet strong environmental standards.
• (SA) The EBA to consider adjusting risk weights, both in general and specifically for those assigned to real estate exposures.
• (IRB) As E&S risks materialize in defaults and loss rates over time, institutions need to redevelop or recalibrate their PD and LGD estimates.

(SA = standardized approach; IRB = Internal-rating-based approach)

Market risk

Within market risk, the EBA sees the main interaction of E&S risks with the equity, credit spread and commodity markets, in which E&S risks may cause additional volatility. In line with the existing regulatory guidance, the EBA expects E&S risks not to be treated as separate risk factors but as drivers of existing risk factors, with the exception of products for which cash flows depend specifically on ESG factors (‘ESG-linked products’).

The EBA does not recommend changes at this point to the standardized approach (SA) and the internal model approach (IMA) under the FRTB regulation, which will come into effect in the EU in 2025. The primary reason is the lack of sufficient evidence on the impact of E&S risks to enable a data driven approach, which forms the basis of the FRTB.

When calculating the expected shortfall (ES) measure under the IMA based on last 12 months' market data, the materialization of E&S risks will automatically be reflected in the market data that is used. When using market data from a stress period, either to calculate ES in the IMA or to calibrate risk factor shocks for the sensitivity-based measure (SbM) at a risk class level in the SA, the reflection of E&S risks will depend on the choice of stress period. To include E&S risks fully in the IMA but avoid overlap with the (partial) presence of E&S risks in historical data, the EBA views the consideration of E&S risks in a separate ‘risk not in the model engine’ (RNIME) add-on as most promising option for the medium to long term, leveraging the framework described in the ECB Guide to internal models[7].

Recommended actions for market risk

• (SA, IMA) Financial institutions to consider environmental risks in relation to their trading book risk appetite, internal trading limits and new product approval.
• (IMA) Financial institutions to consider environmental risk as part of their stress testing program that is required to get internal model approval.

• (SA, IMA) Competent authorities to consider how to treat ESG-linked products for the residual risk add-on in the SA and in the IMA.(SA) The EBA to consider including a dimension for ESG risks in the existing equity and credit spread risk classes, or including a separate environmental risk class.
• (IMA) Financial institutions to consider ESG risks when monitoring risks that are not included in the model, for which the ECB’s RNIME framework could be used as a basis.

(SA = standardized approach; IRB = Internal-rating-based approach)

Operational risk

The EBA notes that various types of operational risks can increase as a result of E&S risks, including damage to physical assets, disruption of business processes and litigation. However, the new standardized approach (SA) for operational risk in the Basel III framework, which will come into effect in the EU in 2025, does not have a forward-looking component – it only considers historical loss experience (besides business indicators). Historical losses are unlikely to fully reflect the potential future impact of E&S risks, but there is as of yet insufficient evidence and data to quantify and consider this in an amendment of the SA.

Recommended actions for operational risk

• Financial institutions to identify whether E&S risks constitute triggers of operational risk losses.

• Following evidence of E&S risk factors to trigger operational risk losses, the EBA to consider whether revisions to the BCBS SA methodology are warranted.

Liquidity risk

The EBA report describes three ways in which E&S risks may affect the liquidity coverage ratio (LCR) calculation. First, liquid assets that are specifically exposed to E&S risks may become less liquid and/or decrease in value. As a consequence, they may no longer satisfy the eligibility criteria for liquid assets. If they still do, then the decrease in market value would reflect the lower liquidity and reduce the LCR. Second, contingent liabilities arising from environmentally harmful investments would need to be included as outflows in the LCR calculation, thereby lowering the LCR. Third, a decrease in credit quality of receivables that are particularly exposed to E&S risks will decrease the inflows that can be taken into account in the LCR calculation. The EBA concludes that the existing LCR framework can capture the impact of E&S risks on the definition of liquid assets, outflows and inflows, so that no amendments are needed.

Regarding the existing framework for the net stable funding ratio (NSFR), the EBA notes that a reduction in the creditworthiness and/or liquidity of loans and securities exposed to E&S risks would lead to a higher requirement for stable funding and thereby negatively impact the NSFR. In this way, the existing NSFR framework can capture the impact of E&S risks on the definition of stable assets.

In summary, the EBA does not propose changes to the LCR and NSFR frameworks in relation to E&S risks. In case of excessive exposure to E&S risks for individual institutions, it notes that supervisors can set specific liquidity or funding requirements as part of the Pillar 2 framework for LCR and NSFR.

Concentration risk

The SA and IRB of the Pillar 1 framework for credit risk assume that a bank’s loan portfolio has full diversification of name-specific (idiosyncratic) risk and is well diversified across sectors and geographies. Because of these assumptions, the framework is not able to capture concentration risks, including those arising from E&S risks. In the current framework, single-name concentration risk is separately captured in Pillar 1 using the large exposure regime. Sector and geographic concentrations are considered in the SREP process under Pillar 2.

Recommended actions for concentration risk

• The EBA to develop a definition of environment-related concentration risk as well as exposure-based metrics for its quantification (e.g., ratio of exposures sensitive to a given environmental risk driver in a specific geographical area or in a specific industry sector over total exposures, total capital or RWA). These metrics will be part of supervisory reporting and, when relevant, external disclosure. In addition, they should be considered as part of Pillar 2 under SREP and/or supplement Pillar 3 disclosures on ESG risks.The EBA does not recommend to change the existing large exposure regime.

• Based on the experience obtained with initial environment-related concentration risk metrics and quantification, the EBA may consider enhanced metrics and the appropriateness to introduce it in the Pillar 1 framework.
  • This would entail the design and calibration of possible limits and thresholds, add-ons or buffers, as well as the specification of possible consequences if there are breaches.

Capital buffers and macroprudential framework

An alternative to amending the calculation of capital requirements to capture E&S risks in the prudential framework would be to increase the minimum required level of capital and/or to implement ‘borrower-based measures’ (BMM). Such BMMs aim to prevent a build-up of risk concentrations, for example by setting upper bounds on loan-to-value or loan-to-income for mortgage lending. Of the various possibilities, the EBA deems the use of a systemic risk capital buffer as the most suitable, although a double counting with the inclusion of E&S risks in the calculation of capital requirements under Pillar 1 and 2 needs to be avoided.

Recommended actions for capital buffers and macroprudential framework

• The EBA to asses changes to the guidelines on the appropriate subsets of sectoral exposures to which a systematic risk buffer may be applied.

• The EBA to coordinate with other ongoing initiatives and assess the most appropriate adjustments.

Conclusion

The EBA considers E&S risks as a new source of systemic risk, which may not be adequately captured in the existing prudential framework. At the same time, the EBA recognizes the challenges in assessing the impact of these risks on regulatory metrics. The challenges range from a lack of granular and comparable data, varying definitions of what is environmentally and socially sustainable, historic data not being representative of what can be expected in the future, to the high uncertainty about the probability of future materialization of E&S risks. Moreover, the time horizon considered in the existing Pillar 1 framework is much shorter than the long horizon over which environmental risks are likely to fully materialize, with an exception of short-term acute physical and transition risks.

Against this background, the EBA does not recommend concrete quantitative adjustments to the existing Pillar 1 framework at this point. Nonetheless, it does expect financial institutions to take E&S risks into account in the inputs to the existing Pillar 1 framework or to apply overrides based on expert judgment. The EBA further proposes actions that should provide more clarity over time about the drivers and materiality of E&S risks. In due time, this can provide the basis for quantitative amendments to the Pillar 1 framework.

If you are interested to discuss this topic in more detail or would like support to embed E&S risks in your organization, please contact Pieter Klaassen at p.klaassen@zandersgroup.com or +41 78 652 5505.

[1]EBA (2023), Report on the role of environmental and social risks in the prudential framework (link), October.

[2] EBA (2022), Discussion paper on the role of environmental risks in the prudential framework (link), May. For a summary, see the article (link) on the Zanders website.

[3] ECB (2020), Guide on climate-related and environmental risks (link), November.

[4] See section 2.3.2 in EBA (2021), Report on management and supervision of ESG risks for credit institutions and investment firms (link), June.

[5] ECB (2020), Guide on climate-related and environmental risks (link), November.

[6] In the current EU Pillar 1 framework, adjustments are included that result in lower risk weights for small- and medium-sized enterprises (SME) and infrastructure lending. As the EBA notes, these adjustments are not risk-based but have been included in the EU to support lending to SMEs and for infrastructure projects.

[7] See ECB (2019), ECB Guide to internal models (link).

Liquidity and funding risk

While European banks generally have sufficient liquidity, there are potential challenges on the horizon. Recent events, including bank failures in the United States and the issues with Credit Suisse, have underscored the importance for banks to have a framework in place that allows a quick response to market volatility and changes in liquidity.

Several factors contribute to these challenges, such as the end of funding programs (i.e. quantitative easing and the TLTRO program), changes in market interest rates, and evolving depositor behavior. The EBA stresses it's not just about meeting regulatory requirements; banks are urged to manage liquidity proactively, maintain reasonable liquidity buffers beyond regulatory mandates, diversify their funding sources, and adapt to changing market dynamics.

The EBA also stresses that the role of social media in relation to the financial markets cannot be underestimated. Banks are encouraged to incorporate social media sentiment into their stress-testing frameworks and develop strategies to counter the impact of negative social media news on deposit withdrawals or market funding stability.

Supervisory authorities should assess institutions’ liquidity risk, funding profiles, and their readiness to deal with wholesale/retail counterparties and funding concentrations. They should also scrutinize banks’ internal liquidity adequacy assessment processes (ILAAP) and their ability to sell securities under different market conditions. Relevant to the increased scrutiny of liquidity and funding risk are the revised technical standards on supervisory reporting on liquidity, published in the summer of 2023 (EBA, June 2023).

Interest rate risk and hedging

The transition from an era of persistently low or even negative interest rates to a period of rising rates and persistent inflation is a major concern for banks in 2024. While the initial impact on net interest margins may be positive, banks face challenges in managing interest rate risk effectively.

Supervisors are tasked with assessing whether banks have suitable organizational frameworks for managing interest rate risk. This includes examining responsibilities at the management level and ensuring that senior management is implementing effective interest rate risk strategies. Moreover, supervisors should evaluate how changes in interest rates may impact an institution’s Net Interest Income (NII) and Economic Value of Equity (EVE). This involves examining assumptions about customers’ behavior, particularly in the context of deposit funding in the digital age.

Interest rate risk and liquidity and funding risk are closely linked, and supervisors are encouraged to consider these links in their assessments, reflecting the interconnected nature of these topics. The new guidelines on IRRBB and CSRBB (EBA, July 2023) emphasize this interconnectedness. It underscores the necessity for financial institutions and regulatory bodies alike to adopt a holistic approach, recognizing that addressing one risk may have cascading effects on others.

The EBA has announced a data collection scheme regarding IRRBB data of financial institutions, highlighting the priority the EBA gives to IRRBB. The data collection exercise is based on the newly published implementing technical standards (ITS) for IRRBB and has a March 2023 deadline. The collection of the IRRBB data will only apply to those institutions that are already reporting IRRBB to the EBA in the context of the QIS exercise.

Recovery operationalization

Recent financial market events (such as Credit Suisse, SVB) have underscored the importance of being prepared for swift and effective crisis responses. Recovery plans, which banks are required to have in place, must be updated and they must include credible options to restore financial soundness in a timely manner.

Supervisors play a vital role in assessing the adequacy and severity of scenarios in recovery plans. These scenarios must be sufficiently severe to trigger the full range of available recovery options, allowing institutions to demonstrate their capacity to restore business and financial viability in a crisis.

Moreover, the Overall Recovery Capacity (ORC) is a key outcome of recovery planning, providing an indication of the institution’s ability to restore its financial position following a significant downturn. It’s crucial for supervisors to review the adequacy and quality of the ORC, with a focus on liquidity recovery capacity.

To ensure the effectiveness of recovery plans, supervisors should also encourage banks to perform dry-run exercises and assess the suitability of communication arrangements, including faster communication tools like social media.

A strategic imperative

Beyond these key focus areas, the EBA also emphasizes the ongoing relevance of issues such as asset quality, cyber risk, and data security. These challenges remain important in the supervisory landscape, although they are not the main priorities in the coming year.

Thus, in light of the EBA’s aforementioned regulatory priorities for 2024, it is imperative for all financial institutions across the European Union to proactively engage in ensuring the stability and resilience of the banking sector. From a liquidity perspective, it is vital to actively manage your financial institution’s liquidity and anticipate the ripples of market volatility. Moreover, the insights of social media sentiment within your stress-testing frameworks can add vital information. The ability to navigate funding challenges is not just a regulatory requirement; it’s a strategic imperative.

The shift to the current high interest rate environment warrants an assessment of a bank’s organizational readiness for this change. Make sure that your senior management is not only aware of implementing effective interest rate risk strategies but also adept at them. Moreover, scrutinize the impact of changing interest rates on your NII and EVE.

How can Zanders support?

Zanders is a thought leader in the management and modeling of IRRBB. We enable financial institutions to meet their strategic risk goals while achieving regulatory compliance, by offering support from strategy to implementation. In light of the aforementioned regulatory priorities of the EBA, we can support and guide you through these changes in the world of IRRBB with agility and foresight.

Are you interested in IRRBB-related topics? Contact Jaap Karelse, Erik Vijlbrief (Netherlands, Belgium and Nordic countries) or Martijn Wycisk (DACH region) for more information.

EBA, July 2023. Guidelines on IRRBB and CSRBB. s.l.:s.n.
EBA, June 2023. Implementing Technical Standards on supervisory reporting amendments with regards to COREP, asset encumbrance and G-SIIs. s.l.:s.n.
EBA, September 2023. Work Program 2024. s.l.:s.n.

In the stress test methodology, participating banks are required to evaluate the impact of a cyber attack. They must communicate their response and recovery efforts by completing a questionnaire and submitting pertinent documentation. Banks undergoing enhanced assessment are further mandated to conduct and report the results of IT recovery tests specific to the scenario. The reporting of the cyber incident is to be done using the template outlined in the SSM Cyber-incident reporting framework.

Assessing Digital Fortitude: Scope and Objectives

The ECB's decision to conduct a thematic stress test on cyber resilience in 2024 holds profound significance. The primary objective is to assess the digital operational resilience of 109 Significant Institutions, contemplating the impact of a severe but plausible cybersecurity event. This initiative seeks to uncover potential weaknesses within the systems and derive strategic remediation actions. Notably, 28 banks will undergo an enhanced assessment, heightening the scrutiny on their cyber resilience capabilities. The outcomes are poised to reverberate across the financial landscape, influencing the 2024 SREP OpRisk Score and shaping qualitative requirements.

General Overview and Scope​

• Supervisory Board of ECB has decided to conduct a thematic stress test on „cyber resilience“ in 2024.​
• Main objective is to assess the digital operational resilience in case of a severe but plausible cybersecurity event, to identify potential weaknesses and derive remediation actions.​
• Participants will be 109 Significant Institutions (28 banks will be in scope of an enhanced assessment).​
• The outcome will have an impact on the 2024 SREP OpRisk Score and qualitative requirements.​

Navigating the Evaluation: Stress Test Methodology

Participating banks find themselves at the epicenter of this evaluative process. They are tasked with assessing the impact of a simulated cyber attack and meticulously reporting their response and recovery efforts. This involves answering a comprehensive questionnaire and providing relevant documentation as evidence. For those under enhanced assessment, an additional layer of complexity is introduced – the execution and reporting of IT recovery tests tailored to the specific scenario. The cyber incident reporting follows a structured template outlined in the SSM Cyber-incident reporting framework.

Stress Test Methodology​

• Participating banks have to assess the impact of the cyber-attack and report their response and recovery by answering the questionnaire and providing relevant documentation as evidence.​
• Banks under the enhanced assessment are additionally requested to execute and provide results of IT recovery tests tailored to the specific scenario.​
• The cyber incident has to be reported by using the template of the SSM Cyber-incident reporting framework.​

Setting the Stage: Scenario Unveiled

The stress test unfolds with a meticulously crafted hypothetical scenario. Envision a landscape where all preventive measures against a cyber attack have either been bypassed or failed. The core of this simulation involves a cyber-attack causing a loss of integrity in the databases supporting a bank's main core banking system. Validation of the affected core banking system is a crucial step, overseen by the Joint Supervisory Team (JST). The final scenario details will be communicated on January 2, 2024, adding a real-time element to this strategic evaluation.

Scenario

• The stress test will consist of a hypothetical scenario that assumes that all preventive measures have been bypassed or have failed.​
• The cyber-attack will cause a loss of integrity of the database(s) that support the bank’s main core banking system.​
• The banks have to validate the selection of the affected core banking system with the JST.​
• The final scenario will be communicated on 2 January 2024.​

Partnering for Success: Zanders' Service Offering

In the complex terrain of the Cyber Resilience Stress Test, Zanders stands as a reliable partner. Armed with deep knowledge in Non-Financial Risk, we navigate the intricacies of the upcoming stress test seamlessly. Our support spans the entire exercise, from administrative aspects to performing assessments that determine the impact of the cyber attack on key financial ratios as requested by supervisory authorities. This service offering underscores our commitment to fortifying financial institutions against evolving cyber threats.

Zanders Service Offering​

• Our deep knowledge in Non-Financial Risk enables us to navigate smoothly through the complexity of the upcoming Cyber Resilience Stress Test.​
• We support participating banks during the whole exercise of the upcoming Stress Test.​
• Our Services cover the whole bandwidth of required activities starting from administrative aspects and ending up at performing assessments to determine the impact of the cyber-attack in regard of key financial ratios requested by the supervisory authority.​​

In this report, biodiversity loss ranks as the fourth most pressing concern after climate change adaptation, mitigation failure, and natural disasters. For financial institutions (FIs), it is therefore a relevant risk that should be taken into account. So, how should FIs implement biodiversity risk in their risk management framework?

Despite an increasing awareness of the importance of biodiversity, human activities continue to significantly alter the ecosystems we depend on. The present rate of species going extinct is 10 to 100 times higher than the average observed over the past 10 million years, according to Partnership for Biodiversity Accounting Financials[i]. The Intergovernmental Science-Policy Platform on Biodiversity and Ecosystem Services (IPBES) reports that 75% of ecosystems have been modified by human actions, with 20% of terrestrial biomass lost, 25% under threat, and a projection of 1 million species facing extinction unless immediate action is taken. Resilience theory and planetary boundaries state that once a certain critical threshold is surpassed, the rate of change enters an exponential trajectory, leading to irreversible changes, and, as noted in a report by the Nederlandsche Bank (DNB), we are already close to that threshold[ii].

We will now explain biodiversity as a concept, why it is a significant risk for financial institutions (FIs), and how to start thinking about implementing biodiversity risk in a financial institutions’ risk management framework.

What is biodiversity?

The Convention on Biological Diversity (CBD) defines biodiversity as “the variability among living organisms from all sources including, i.a., terrestrial, marine and other aquatic ecosystems and the ecological complexes of which they are part.”[iii] Humans rely on ecosystems directly and indirectly as they provide us with resources, protection and services such as cleaning our air and water.

Biodiversity both affects and is affected by climate change. For example, ecosystems such as tropical forests and peatlands consist of a diverse wildlife and act as carbon sinks that reduce the pace of climate change. At the same time, ecosystems are threatened by the accelerating change caused by human-induced global warming. The IPBES and Intergovernmental Panel on Climate Change (IPCC), in their first-ever collaboration, state that “biodiversity loss and climate change are both driven by human economic activities and mutually reinforce each other. Neither will be successfully resolved unless both are tackled together.”[iv]

Why is it relevant for financial institutions?

While financial institutions’ own operations do not materially impact biodiversity, they do have impact on biodiversity through their financing. ASN Bank, for instance, calculated that the net biodiversity impact of its financed exposure is equivalent to around 516 square kilometres of lost biodiversity – which is roughly equal to the size of the isle of Ibiza in Spain[v]. The FIs’ impact on biodiversity also leads to opportunities. The Institute Financing Nature (IFN) report estimates that the financing gap for biodiversity is close to $700 billion annually[vi]. This emphasizes the importance of directing substantial financial resources towards biodiversity-positive initiatives.

At the same time, biodiversity loss also poses risks to financial institutions.

The global economy highly depends on biodiversity as a result of the increasedglobalization and interconnectedness of the financial system. Due to these factors, the effects of biodiversity losses are magnified and exacerbated through the financial system, which can result in significant financial losses. For example, approximately USD 44 trillion of the global GDP is highly or moderately dependent on nature (World Economic Forum, 2020). Specifically for financial institutions, the DNB estimated that Dutch FIs alone have EUR 510 billionof exposure to companies that are highly or very highly dependent on one or more ecosystems services[vii]. Furthermore, in the 2010 World Economic Forum report worldwide economic damage from biodiversity loss is estimated to be around USD 2 to 4.5 trillion annually. This is remarkably high when compared to the negative global financial damage of USD 1.7 trillion per year from greenhouse gas emissions (based on 2008 data), which demonstrates that institutions should not focus their attention solely on the effects of climate change when assessing climate & environmental risks[viii].

Examples of financial impact

Similarly to climate risk, biodiversity risk is expected to materialize through the traditional risk types a financial institution faces. To illustrate how biodiversity loss can affect individual financial institutions, we provide an example of the potential impact of physical biodiversity risk on, respectively, the credit risk and market risk of an institution:

Credit risk:

Failing ecosystem services can lead to disruptions of production, reducing the profits of counterparties. As a result, there is an increase in credit risk of these counterparties. For example, these disruptions can materialize in the following ways:

• A total of 75% of the global food crop rely on animals for their pollination. For the agricultural sector, deterioration or loss of pollinating species may result in significant crop yield reduction.
• Marine ecosystems are a natural defence against natural hazards. Wetlands prevented USD 650 million worth of damages during the 2012 Superstorm Sandy [OECD, 2019), while the material damage of hurricane Katrina would have been USD 150 billion less if the wetlands had not been lost.

Market risk:

The market value of investments of a financial institution can suffer from the interconnectedness of the global economy and concentration of production when a climate event happens. For example:

• A 2011 flood in Thailand impacted an area where most of the world's hard drives are manufactured. This led to a 20%-40% rise in global prices of the product[ix]. The impact of the local ecosystems for these type of products expose the dependency for investors as well as society as a whole.

Core part of the European Green Deal

The examples above are physical biodiversity risk examples. In addition to physical risk, biodiversity loss can also lead to transition risk – changes in the regulatory environment could imply less viable business models and an increase in costs, which will potentially affect the profitability and risk profile of financial institutions. While physical risk can be argued to materialize in a more distant future, transition risk is a more pressing concern as new measures have been released, for example by the European Commission, to transition to more sustainable and biodiversity friendly practices. These measures are included in the EU biodiversity strategy for 2030 and the EU’s Nature restoration law.

The EU’s biodiversity strategy for 2030 is a core part of European Green Deal. It is a comprehensive, ambitious, and long-term plan that focuses on protecting valuable or vulnerable ecosystems, restoring damaged ecosystems, financing transformation projects, and introducing accountability for nature-damaging activities. The strategy aims to put Europe's biodiversity on a path to recovery by 2030, and contains specific actions and commitments. The EU biodiversity strategy covers various aspects such as:

• Legal protection of an additional 4% of land area (up to a total of 7%) and 19% of sea area (up to a total of 30%)
• Strict protection of 9% of sea and 7% of land area (up to a total of 10% for both)
• Reduction of fertilizer use by at least 20%
• Setting measures for sustainable harvesting of marine resources

A major step forwards towards enforcement of the strategy is the approval of the Nature restoration law by the EU in July 2023, which will become the first continent-wide comprehensive law on biodiversity and ecosystems. The law is likely to impact the agricultural sector, as the bill allows for 30% of all former peatlands that are currently exploited for agriculture to be restored or partially shifted to other uses by 2030. By 2050, this should be at least 70%. These regulatory actions are expected to have a positive impact on biodiversity in the EU. However, a swift implementation may increase transition risk for companies that are affected by the regulation.

The ECB Guide on climate-related and environmental risks explicitly states that biodiversity loss is one of the risk drivers for financial institutions[x]. Furthermore, the ECB Guide requires financial institutions to asses both physical and transition risks stemming from biodiversity loss. In addition, the EBA Report on the Management and Supervision of ESG Risk for Credit Institutions and Investment Firms repeatedly refers to biodiversity when discussing physical and transition risks[xi].

Moreover, the topic ‘biodiversity and ecosystems’ is also covered by the Corporate Sustainability Reporting Directive (CSRD), which requires companies within its scope to disclose on several sustainability related matters using a double materiality perspective.[1] Biodiversity and ecosystems is one of five environmental sustainability matters covered by CSRD. At a minimum, financial institutions in scope of CSRD must perform a materiality assessment of impacts, risks and opportunities stemming from biodiversity and ecosystems. Furthermore, when biodiversity is assessed to be material, either from financial or impact materiality perspective, the institution is subject to granular biodiversity-related disclosure requirements covering, among others, topics such as business strategy, policies, actions, targets, and metrics.

Where to start?

In line with regulatory requirements, financial institutions should already be integrating biodiversity into their risk management practices. Zanders recognizes the challenges associated with biodiversity-related risk management, such as data availability and multidimensionality. Therefore, Zanders suggests to initiate this process by starting with the following two steps. The complexity of the methodologies can increase over time as the institution’s, the regulator’s and the market’s knowledge on biodiversity-related risks becomes more mature.  

1. Perform materiality assessment using the double materiality concept. This means that financial institutions should measure and analyze biodiversity-related financial materiality through the identification of risks and opportunities. Institutions should also assess their impacts on biodiversity, for example, through calculation of their biodiversity footprint. This can start with classifying exposures’ impact and dependency on biodiversity based on a sector-level analysis.
2. Integrate biodiversity-related risks considerations into their business strategy and risk management frameworks. From a business perspective, if material, financial institutions are expected to integrate biodiversity in their business strategy, and set policies and targets to manage the risks. Such actions could be engagement with clients to promote their sustainability practices, allocation of financing to ‘biodiversity-friendly’ projects, and/or development of biodiversity specific products. Moreover, institutions are expected to adjust their risk appetites to account for biodiversity-related risks and opportunities, establish KRIs along with limits and thresholds. Embedding material ESG risks in the risk appetite frameworks should include a description on how risk indicators and limits are allocated within the banking group, business lines and branches.

Considering the potential impact of biodiversity loss on financial institutions, it is crucial for them to extend their focus beyond climate change and also start assessing and managing biodiversity risks. Zanders can support financial institutions in measuring biodiversity-related risks and taking first steps in integrating these risks into risk frameworks. Curious to hear more on this? Please reach out to Marije Wiersma, Iryna Fedenko, or Jaap Gerrits.

[1] CSRD applies to large EU companies, including banks and insurance firms. The first companies subject to CSRD must disclose according to the requirements in the European Sustainability Reporting Standards (ESRS) from 2025 (over financial year 2024), and by the reporting year 2029, the majority of European companies will be subject to publishing the CSRD reports. The sustainability report should be a publicly available statement with information on the sustainability-matters that the company considers material. This statement needs to be audited with limited assurance.

[i] PBAF. (2023). Dependencies - Pertnership for Biodiversity Acccounting Financials (PBAF)

[ii] De Nederlandche Bank. (2020). Indepted to nature - Exploring biodiversity risks for the Dutch Financial Sector.

[iii] CBD. (2005). Handbook of the convention on biological diversity

[iv] IPBES. (2021). Tackling Biodiversity & Climate Crises Together & Their Combined Social Impacts

[v] ASN Bank (2022). ASN Bank Biodiversity Footprint

[vi] Paulson Institute. (2021). Financing nature: Closing the Global Biodiversity

[vii] De Nederlandche Bank. (2020). Indepted to nature - Exploring biodiversity risks for the Dutch Financial Sector

[viii] PwC for World Economic Forum. (2010). Biodiversity and business risk

[ix] All the examples related to credit and market risk are presented in the report by De Nederlandsche Bank. (2020). Biodiversity Opportunities and Risks for the Financial Sector

[x] ECB. (2020). Guide on climate-related and environmental risks.

[xi] EBA. (2021). EBA Report on Management and Supervision of ESG Risk for Credit Institutions and Investment Firms

Early October, the Basel Committee on Banking Supervision (BCBS) published a report[1] on the 2023 banking turmoil that involved the failure of several US banks as well as Credit Suisse. The report draws lessons for banking regulation and supervision which may ultimately lead to changes in banking regulation as well as supervisory practices. In this article we summarize the main findings of the report[2]. Based on the report’s assessment, the most material consequences for banks, in our view, could be in the following areas:

• Reparameterization of the LCR calculation and/or introduction of additional liquidity metrics
• Inclusion of assets accounted for at amortized cost at their fair value in the determination of regulatory capital
• Implementation of extended disclosure requirements for a bank's interest rate exposure and liquidity position
• More intensive supervision of smaller banks, especially those experiencing fast growth and concentration in specific client segments
• Application of the full Basel III Accord and the Basel IRRBB framework to a larger group of banks

Bank failures and underlying causes

The BCBS report first describes in some detail the events that led to the failure of each of the following banks in the spring of 2023:

• Silicon Valley Bank (SVB)
• Signature Bank of New York (SBNY)
• First Republic Bank (FRB)
• Credit Suisse (CS)

While each failure involved various bank-specific factors, the BCBS report highlights common features (with the relevant banks indicated in brackets).

• Long-term unsustainable business models (all), in part due to remuneration incentives for short-term profits
• Governance and risk management did not keep up with fast growth in recent years (SVB, SBNY, FRC)
• Ineffective oversight of risks by the board and management (all)
• Overreliance on uninsured customer deposits, which are more likely to be withdrawn in a stress situation (SVB, SBNY, FRC)
• Unprecedented speed of deposit withdrawals through online banking (all)
• Investment of short-term deposits in long-term assets without adequate interest-rate hedges (SVB, FRC)
• Failure to assess whether designated assets qualified as eligible collateral for borrowing at the central bank (SVB, SBNY)
• Client concentration risk in specific sectors and on both asset and liability side of the balance sheet (SVB, SBNY, FRC)
• Too much leniency by supervisors to address supervisory findings (SVB, SBNY, CS)
• Incomplete implementation of the Basel Framework: SVB, SBNY and FRB were not subject to the liquidity coverage ratio (LCR) of the Basel III Accord and the BCBS standard on interest rate risk in the banking book (IRRBB)

Of the four failed banks, only Credit Suisse was subject to the LCR requirements of the Basel III Accord, in relation to which the BCBS report includes the following observations:

• A substantial part of the available high quality liquid assets (HQLA) at CS was needed for purposes other than covering deposit outflows under stress, in contrast to the assumptions made in the LCR calculation
• The bank hesitated to make use of the LCR buffer and to access emergency liquidity so as to avoid negative signalling to the market

Although not part of the BCBS report, these observations could lead to modifications to the LCR regulation in the future.

Lessons for supervision

With respect to supervisory practices, the BCBS report identifies various lessons learned and raises a few questions, divided into four main areas:

1. Bank’s business models

• Importance of forward-looking assessment of a bank’s capital and liquidity adequacy because accounting measures (on which regulatory capital and liquidity measures are based) mostly are not forward-looking in nature
• A focus on a bank’s risk-adjusted profitability
• Proactive engagement with ‘outlier banks’, e.g., banks that experienced fast growth and have concentrated funding sources or exposures
• Consideration of the impact of changes in the external environment, such as market conditions (including interest rates) and regulatory changes (including implementation of Basel III)

2. Bank’s governance and risk management

• Board composition, relevant experience and independent challenge of management
• Independence and empowerment of risk management and internal audit functions
• Establishment of an enterprise-wide risk culture and its embedding in corporate and business processes.
• Senior management remuneration incentives

3.Liquidity supervision

• Do the existing metrics (LCR, NSFR) and supervisory review suffice to identify start of material liquidity outflows?
• Should the monitoring frequency of metrics be increased (e.g., weekly for business as usual and daily or even intra-day in times of stress)?
• Monitoring of concentration risks (clients as well as funding sources)
• Are sources of liquidity transferable within the legal entity structure and freely available in times of stress?
• Testing of contingency funding plans

4. Supervisory judgment

• Supplement rules-based regulation with supervisory judgment in order to intervene pro-actively when identifying risks that could threaten the bank’s safety and soundness. However, the report acknowledges that a supervisor may not be able to enforce (pre-emptive) action as long as an institution satisfies all minimum requirements. This will also depend on local legislative and regulatory frameworks

Lessons for regulation

In addition, the BCBS report identifies various potential enhancement to the design and implementation of bank regulation in four main areas:

1. Liquidity standards

• Consideration of daily operational and intra-day liquidity requirements in the LCR, based on the observation that a material part of the HQLA of CS was used for this purpose but this is not taken into account in the determination of the LCR
• Recalibration of deposit outflows in the calculation of LCR and NSFR, based on the observation that actual outflow rates at the failed banks significantly exceeded assumed outflows in the LCR and NSFR calculations
• Introduction of additional liquidity metrics such as a 5-day forward liquidity position, survival period and/or non-risk based liquidity metrics that do not rely on run-off assumptions (similar to the role of the leverage ratio in the capital framework)

2. IRRBB

• Implementation of the Basel standard on IRRBB, which did not apply to the US banks, could have made the interest rate risk exposures transparent and initiated timely action by management or regulatory intervention.
• More granular disclosure, covering for example positions with and without hedging, contractual maturities of banking book positions and modelling assumptions 

3. Definition of regulatory capital

• Reflect unrealised gains and losses on assets that are accounted for at amortised cost (AC) in regulatory capital, analogous to the treatment of assets that are classified as available-for-sale (AFS). This is supported by the observation that unrealised losses on fixed-income assets held at amortised cost, resulting from to the sharp rise in interest rates, was an important driver of the failure of several US banks when these assets were sold to create liquidity and unrealised losses turned into realised losses. The BCBS report includes the following considerations in this respect:
  • If AC assets can be repo-ed to create liquidity instead of being sold, then there is no negative impact on the financial statement
  • Treating unrealised gains and losses on AC assets in the same way as AFS assets will create additional volatility in earnings and capital
  • The determination of HQLA in the LCR regulation requires that assets are measured at no more than market value. However, this does not prevent the negative capital impact described above
• Reconsideration of the role, definition and transparency of additional Tier-1 (AT1) instruments, considering the discussion following the write-off of AT1 instruments as part of the take-over of CS by UBS

4. Application of the Basel framework

• Broadening the application of the full Basel III framework beyond internationally active banks and/or developing complementary approaches to identify risks at domestic banks that could pose a threat to cross-border financial stability. The events in the spring of this year have demonstrated that distress at relatively small banks that are not subject to the (full) Basel III regulation can trigger broader and cross-border systemic concerns and contagion effects.
• Prudent application of the ‘proportionality’ principle to domestic banks, based on the observation that financial distress at such banks can have cross-border financial stability effects
• Harmonization of approaches that aim to ensure that sufficient capital and liquidity is available at individual legal entity level within banking groups

Conclusion

The BCBS report identifies common shortcomings in bank risk management practices and governance at the four banks that failed during the 2023 banking turmoil and summarizes key take-aways for bank supervision and regulation.

The identified shortcomings in bank risk management include gaps in the management of traditional banking risks (interest rate, liquidity and concentration risks), failure to appreciate the interrelation between individual risks, unsustainable business models driven by short-term incentives at the expense of appropriate risk management, poor risk culture, ineffective senior management and board oversight as well as a failure to adequately respond to supervisory feedback and recommendations.

Key take-aways for effective supervision include enforcing prompt action by banks in response to supervisory findings, actively monitoring and assessing potential implications of structural changes to the banking system, and maintaining effective cross-border supervisory cooperation.

Key lessons for regulatory standards include the importance of full and consistent implementation of Basel standards as well as potential enhancements of the Basel III liquidity standards, the regulatory treatment of interest rate risk in the banking book, the treatment of assets that are accounted for at amortised cost within regulatory capital and the role of additional Tier-1 capital instruments.

The BCBS report is intended as a starting point for discussion among banking regulators and supervisors about possible changes to banking regulation and supervisory practices. For those interested in engaging in discussions related to the insights and recommendations in the BCBS report, please feel free to contact Pieter Klaassen.

[1] Report on the 2023 banking turmoil (bis.org) (accessed on October 19, 2023)

[2] Although recognized as relevant in relation to the banking turmoil, the BCBS report explicitly excludes from its consideration the role and design of deposit guarantee schemes, the effectiveness of resolution arrangements, the use and design of central bank lending facilities and FX swap lines, and public support measures in banking crises.

The MoRM division of ABN AMRO comprises around 45 people. What are the crucial conditions to run the department efficiently?

Habing: “Since the beginning of 2019, we have been divided into teams with clear responsibilities, enabling us to work more efficiently as a model risk management component. Previously, all questions from the ECB or other regulators were taken care of by the experts of credit risk, but now we have a separate team ready to focus on all non-quantitative matters. This reduces the workload on the experts who really need to deal with the mathematical models. The second thing we have done is to make a stronger distinction between the existing models and the new projects that we need to run. Major projects include the Definition of default and the introduction of IFRS 9. In the past, these kinds of projects were carried out by people who actually had to do the credit models. By having separate teams for this, we can scale more easily to the new projects – that works well.”What exactly is the definition of a model within your department? Are they only risk models, or are hedge accounting or pricing models in scope too?

“We aim to identify the widest range of models as possible, both in size and type. From an administrative point of view, we can easily do 600 to 700 models. But with such a number, we can't validate them all in the same degree of depth. We therefore try to get everything in picture, but this varies per model what we look at.”

To what extent does the business determine whether a validation model is presented?

“We want to have all models in view. Then the question is: how do you get a complete overview? How do you know what models there are if you don't see them all? We try to set this up in two ways. On the one hand, we do this by connecting to the change risk assessment process. We have an operational risk department that looks at the entire bank in cycles of approximately three years. We work with operational risk and explain to them what they need to look out for, what ‘a model’ is according to us and what risks it can contain. On the other hand, we take a top-down approach, setting the model owner at the highest possible level. For example, the director of mortgages must confirm for all processes in his business that the models have been well developed, and the documentation is in order and validated. So, we're trying to get a view on that from the top of the organization. We do have the vast majority of all models in the picture.”

Does this ever lead to discussion?

“Yes, that definitely happens. In the bank's policy, we’ve explained that we make the final judgment on whether something is a model. If we believe that a risk is being taken with a model, we indicate that something needs to be changed.”

Some of the models will likely be implemented through vendor systems. How do you deal with that in terms of validation?

“The regulations are clear about this: as a bank, you need to fully understand all your models. We have developed a vast majority of the models internally. In addition, we have market systems for which large platforms have been created by external parties. So, we are certainly also looking at these vendor systems, but they require a different approach. With these models you look at how you parametrize – which test should be done with it exactly? The control capabilities of these systems are very different. We're therefore looking at them, but they have other points of interest. For example, we perform shadow calculations to validate the results.”

How do you include the more qualitative elements in the validation of a risk model?

“There are models that include a large component from an expert who makes a certain assessment of his expertise based on one or more assumptions. That input comes from the business itself; we don't have it in the models and we can't control it mathematically. At MoRM, we try to capture which assumptions have been made by which experts. Since there is more risk in this, we are making more demands on the process by which the assumptions are made. In addition, the model outcome is generally input for the bank's decision. So, when the model concludes something, the risk associated with the assumptions will always be considered and assessed in a meeting to decide what we actually do as a bank. But there is still a risk in that.”

How do you ensure that the output from models is applied correctly?

“We try to overcome this by the obligation to include the use of the model in the documentation. For example, we have a model for IFRS 9 where we have to indicate that we also use it for stress testing. We know the internal route of the model in the decision-making of the bank. And that's a dynamic process; there are models that are developed and used for other purposes three years later. Validation is therefore much more than a mathematical exercise to see how the numbers fall apart.”

Typically, the approach is to develop first, then validate. Not every model will get a ‘validation stamp’. This can mean that a model is rejected after a large amount of work has been done. How can you prevent this?

“That is indeed a concrete problem. There are cases where a lot of work has been put into the development of a new model that was rejected at the last minute. That's a shame as a company. On the one hand, as a validation department, you have to remain independent. On the other hand, you have to be able to work efficiently in a chain. These points can be contradictory, so we try to live up to both by looking at the assumptions of modeling at an early stage. In our Model Life Cycle we have described that when developing models, the modeler or owner has to report to the committee that determines whether something can or can’t. They study both the technical and the business side. Validation can therefore play a purer role in determining whether or not something is technically good.”

To be able to better determine the impact of risks, models are becoming increasingly complex. Machine learning seems to be a solution to manage this, to what extent can it?

“As a human being, we can’t judge datasets of a certain size – you then need statistical models and summaries. We talk a lot about machine learning and its regulatory requirements, particularly with our operational risk department. We then also look at situations in which the algorithm decides. The requirements are clearly formulated, but implementation is more difficult – after all, a decision must always be explainable. So, in the end it is people who make the decisions and therefore control the buttons.”

To what extent does the use of machine learning models lead to validation issues?

“Seventy to eighty percent of what we model and validate within the bank is bound by regulation – you can't apply machine learning to that. The kind of machine learning that is emerging now is much more on the business side – how do you find better customers, how do you get cross-selling? You need a framework for that; if you have a new machine learning model, what risks do you see in it and what can you do about it? How do you make sure your model follows the rules? For example, there is a rule that you can't refuse mortgages based on someone's zip code, and in the traditional models that’s well in sight. However, with machine learning, you don't really see what's going on ‘under the hood’. That's a new risk type that we need to include in our frameworks. Another application is that we use our own machine learning models as challenger models for those we get delivered from modeling. This way we can see whether it results in the same or other drivers, or we get more information from the data than the modelers can extract.”

How important is documentation in this?

“Very important. From a validation point of view, it’s always action point number one for all models. It’s part of the checklist, even before a model can be validated by us at all. We have to check on it and be strict about it. But particularly with the bigger models and lending, the usefulness and need for documentation is permeated.”

Finally, what makes it so much fun to work in the field of model risk management?

“The role of data and models in the financial industry is increasing. It's not always rewarding; we need to point out where things go wrong – in that sense we are the dentist of the company. There is a risk that we’re driven too much by statistics and data. That's why we challenge our people to talk to the business and to think strategically. At the same time, many risks are still managed insufficiently – it requires more structure than we have now. For model risk management, I have a clear idea of what we need to do to make it stronger in the future. And that's a great challenge.”

According to Constant Thoolen, global head of financial risk at ING, the Accelerating Think Forward strategy, an updated version of the Think Forward strategy that they just call ATF, comprises several different elements.

"Standardization is a very important one. And from standardization comes scalability and comparability. To facilitate this standardization within the financial risk management team, and thus achieve the required level of efficiency, as a bank we first had to make substantial investments so we could reap greater cost savings further down the road."

And how exactly did ING translate this into financial risk management?

Thoolen: "Obviously, there are different facets to that risk, which permeates through all business lines. The interest rate risk in the banking book, or IRRBB, is a very important part of this. Alongside the interest rate risk in trading activities, the IRRBB represents an important risk for all business lines. Given the importance of this type of risk, and the changing regulatory complexion, we decided to start up an internal IRRBB program."

So the challenge facing the bank was how to develop a consistent framework in benchmarking and reporting the interest rate risk?

"The ATF strategy has set requirements for the consistency and standardization of tooling," explains Gilbert van Iersel, head of financial risk analysis. "On the one hand, our in-house QRM program ties in with this. We are currently rolling out a central system for our ALM activities, such as analyses and risk measurements—not only from a risk perspective but from a finance one too. Within the context of the IRRBB program, we also started to apply this level of standardization and consistency throughout the risk-management framework and the policy around it. We’re doing so by tackling standardization in terms of definitions, such as: what do we understand by interest rate risk, and what do benchmarks like earnings-at-risk or NII-at-risk actually mean? It’s all about how we measure and what assumptions we should make."

What role did international regulations play in all this?

Van Iersel: "An important one. The whole thing was strengthened by new IRRBB guidelines published by the EBA in 2015. It reconciled the ATF strategy with external guidelines, which prompted us to start up the IRRBB program."

So regulations served as a catalyst?

Thoolen: "Yes indeed. But in addition to serving as a foothold, the regulations, along with many changes and additional requirements in this area, also posed a challenge. Above all, it remains in a state of flux, thanks to Basel, the EBA, and supervision by the ECB. On the one hand, it’s true that we had expected the changes, because IRRBB discussions had been going on for some time. On the other hand, developments in the regulatory landscape surrounding IRRBB followed one another quite quickly. This is also different from the implementation of Basel II or III, which typically require a preparation and phasing-in period of a few years. That doesn’t apply here because we have to quickly comply with the new guidelines."

Did the European regulations help deliver the standardization that ING sought as an international bank?

Thoolen: "The shift from local to European supervision probably increased our need for standardization and consistency. We had national supervisors in the relevant countries, each supervising in their own way, with their own requirements and methodologies. The ECB checked out all these methodologies and created best practices on what they found. Now we have to deal with regulations that take in all Eurozone countries, which are also countries in which ING is active. Consequently, we are perfectly capable of making comparisons between the implementation of the ALM policy in the different countries. Above all, the associated risks are high on the agenda of policymakers and supervisors."

Van Iersel: "We have also used these standards in setting up a central treasury organization, for example, which is also complementary to the consistency and standardization process."

Thoolen: "But we’d already set the further integration of the various business units in motion, before the new regulations came into force. What’s more, we still have to deal with local legislation in the countries in which we operate outside Europe, such as Australia, Singapore, and the US. Our ideal world would be one in which we have one standard for our calculations everywhere."

What changed in the bank’s risk appetite as a result of this changing environment and the new strategy?

Van Iersel: "Based on newly defined benchmarks, we’ve redefined and shaped our risk appetite as a component part of the strategic program. In the risk appetite process we’ve clarified the difference between how ING wants to manage the IRRBB internally and how the regulator views the type of risk. As a bank, you have to comply with the so-called standard outlier test when it comes to the IRRBB. The benchmark commonly employed for this is the economic value of equity, which is value-based. Within the IRRBB, you can look at the interest rate risk from a value or an income perspective. Both are important, but they occasionally work against one another too. As a bank, we’ve made a choice between them. For us, a constant stream of income was the most important benchmark in defining our interest rate risk strategy, because that’s what is translated to the bottom line of the results that we post. Alongside our internal decision to focus more closely on income and stabilize it, the regulator opted to take a mainly value-based approach. We have explicitly incorporated this distinction in our risk appetite statements. It’s all based on our new strategy; in other words, what we are striving for as a bank and what will be the repercussions for our interest rate risk management. It’s from there that we define the different risk benchmarks."

Which other types of risk does the bank look at and how do they relate to the interest rate risk?

Van Iersel: “From the financial risk perspective, you also have to take into account aspects like credit spreads, changes in the creditworthiness of counterparties, as well as market-related risks in share prices and foreign exchange rates. Given that all these collectively influence our profitability and solvency position, they are also reflected in the Core Tier I ratio. There is a clear link to be seen there between the risk appetite for IRRBB and the overall risk appetite that we as a bank have defined. IRRBB is a component part of the whole, so there’s a certain amount of interaction between them to be considered; in other words, how does the interest rate risk measure up to the credit risk? On top of that, you have to decide where to deploy your valuable capacity. All this has been made clearer in this program.”

Does this mean that every change in the market can be accommodated by adjusting the risk appetite?

Thoolen: “Changing behavior can indeed influence risks and change the risk appetite, although not necessarily. But it can certainly lead to a different use of risk. Moreover, IFRS 9 has changed the accounting standards. Because the Core Tier 1 ratio is based on the accounting standard, these IFRS 9 changes determine the available capital too. If IFRS 9 changes the playing field, it also exerts an influence on certain risk benchmarks.”

In addition to setting up a consistent framework, the standardization of the models used by the different parts of ING was also important. How does ING approach the selection and development of these models?

Thoolen: “With this in mind, we’ve set up a structure with the various business units that we collaborate with from a financial risk perspective. We pay close attention to whether a model is applicable in the environment in which it’s used. In other words, is it a good fit with what’s happening in the market, does it cover all the risks as you see them, and does it have the necessary harmony with the ALM system? In this way, we want to establish optimum modeling for savings or the repayment risk of mortgages, for example.”

But does that also work for an international bank with substantial portfolios in very different countries?

Thoolen: “While there is model standardization, there is no market standardization. Different countries have their own product combinations and, outside the context of IRRBB, have to comply with regulations that differ from other countries. A savings product in the Netherlands will differ from a savings product in Belgium, for example. It’s difficult to define a one-size-fits-all model because the working of one market can be much more specific than another—particularly when it comes to regulations governing retail and wholesale. This sometimes makes standardization more difficult to apply. The challenge lies in the fact that every country and every market is specific, and the differences have to be reconciled in the model.”

Van Iersel: “The model was designed to measure risks as well as possible and to support the business to make good decisions. Having a consistent risk appetite framework can also make certain differences between countries or activities more visible. In Australia, for example, many more floating-rate mortgages are sold than here in the Netherlands, and this alters the sensitivity of the bank’s net interest income when the interest rate changes. Risk appetite statements must facilitate such differences.”

To what extent does the use of machine learning models lead to validation issues?

“Seventy to eighty percent of what we model and validate within the bank is bound by regulation – you can't apply machine learning to that. The kind of machine learning that is emerging now is much more on the business side – how do you find better customers, how do you get cross-selling? You need a framework for that; if you have a new machine learning model, what risks do you see in it and what can you do about it? How do you make sure your model follows the rules? For example, there is a rule that you can't refuse mortgages based on someone's zip code, and in the traditional models that’s well in sight. However, with machine learning, you don't really see what's going on ‘under the hood’. That's a new risk type that we need to include in our frameworks. Another application is that we use our own machine learning models as challenger models for those we get delivered from modeling. This way we can see whether it results in the same or other drivers, or we get more information from the data than the modelers can extract.”

Thoolen: “But opting for a single ALM system imposes this model standardization on you and ensures that, once it’s integrated, it will immediately comply with many conditions. The process is still ongoing, but it’s a good fit with the standardization and consistency that we’re aiming for.”

In conjunction with the changing regulatory environment, the Accelerating Think Forward Strategy formed the backdrop for a major collaboration with Zanders: the IRRBB project. In the context of this project, Zanders researched the extent to which the bank’s interest rate risk framework complied with the changing regulations. The framework also assessed ING’s new interest rate risk benchmarks and best practices. Based on the choices made by the bank, Zanders helped improve and implement the new framework and standardized models in a central risk management system.

Wilfred Nagel is member of the executive board and chief risk officer (CRO) of the ING Group. He is also CRO of the Management Board Banking. Nagel joined ING in 1996, holding various positions: head of financial engineering at ING Bank, country manager Singapore, head of project & structured finance (Asia), head of regional credit risk management (Asia) and head of regional credit risk management (Americas). In 2002 he was appointed head of group credit risk management, followed by his appointment as CEO of ING wholesale bank Asia in 2005. From 2010, Nagel was CEO of ING Bank Turkey, until he became board member at Bank and Insurance in October 2011. Nagel started his career in 1981 at ABN Amro as a management trainee, after obtaining his degree in economics at VU University in Amsterdam.

This summer, William Coen, secretary general of the Basel Committee, said that the end is nigh for post-crisis reforms to banking regulations, and that the focus is now on implementing them. Do you agree?

"This is probably more wishful thinking than reality. Enthusiasm in politics, the media and academia, and as a spin-off also in the regulatory world, for creating ever stricter rules, has not yet diminished. But at the moment you can’t tell if it’s enough or not. What is important is to stop for a while, implement, look at the impact and then decide what’s missing. What we now have is a continuous introduction of new regulations while previous ones have not yet been implemented or their effect felt. A number of them have a phased timeframe, such as CRD4. The question is: are we giving ourselves enough time to discover what the impact is? The amount of time and work it takes to implement new rules and see what they do for your company is often underestimated. The current dilemma for ordinary banks in most countries is that the savings side is growing faster than the lending side, so there is excess liquidity. The future capital demands for interest risk in the banking book means that longer-term investing can put pressure on the capital position. On the other hand, short-term investment with the current interest rate is bad for results. In fact you should really turn your back on the savers. However that is not in line with our customer-oriented strategy and could eventually cause problems with the NSFR. This is a typical example of how different rules, market conditions and client satisfaction are difficult to unite."

Are Dutch banks still viable after introduction of the CRSA floor (Credit Risk Standardized Approach) which has a significant impact on capital requirements?

“Although I am a risk manager, I am also a bit of an optimist. There is a lot of opposition to the introduction on many fronts, and the impact on economic recovery in Europe could be enormous, so I don’t think that it will be introduced exactly as set out in the consultation papers. But I am fairly sure that something will happen with it and that the average risk weighting adopted will be higher. And then banks with (Dutch) property mortgage portfolios on their balance sheets will be fairly vulnerable. At ING we consider ourselves lucky, because this accounts for about 15% of our global balance sheet – other banks have a much higher percentage. So, can we continue banking? Yes but we will have to change our business model with regards to this point. The business model we use is basically: we grant a loan, keep it on the books for its whole duration and the client pays us back over a period of 15 to 20 years. This is no longer applicable to a large proportion of mortgages. After security checks, they will be passed over more often to institutional investors. The question is, how hungry are investors and how long will it take to turn the balance sheet around to what you want it to be. In the meantime, you, as a bank, are fairly limited in what you can do. Also, the ‘one size fits all’ attitude which is behind the latest proposals could be open to modification. Not everything with the same label is the same. Our Spanish mortgage book for example, is better than the German, Dutch and Belgian ones since in these last three countries a large proportion comes via brokers and in Spain it is only from our own savings clients; we know them. You have to keep your eyes peeled to find the hidden gems. While searching for those gems, we, as a sector, got ahead of ourselves and put too much faith in credit rating agencies such as Standard & Poor’s. But where we do succeed, it’s disappointing to see that the regulators don’t take that into account.”

But ESMA makes it compulsory to work with Moody’s, S&P and Fitch.

“As input it’s fine, but the last step in deciding on a credit rating has to come from the bank itself. Hedge fund critics often overlook the fact that a significant factor in their right to exist comes from being able to give their own independent judgement on a loan, and by doing so can come to other conclusions and other market behavior than the large regulated banks, who find deviating from the norm more difficult. Too much of the same spells danger.”

Although I am a risk manager, I am also a bit of an optimist

Wilfred Nagel, ING Group’s Chief Risk Officer (CRO)

What do you think about the Financial Stability Committee’s proposal for a gradual decrease in the LTV limit (LTV stands for loan-to-value and shows the relationship between the loan and the home value) for mortgages up to 90%?

“I imagine that this is a problem – in this phase of the housing market’s moderate recovery and all the political sensitivity regarding affordable housing for starters. But if you look at it from a normal banker’s perspective, then a prepayment of around 80% on a house is not so strange. The question is whether or not people themselves should take more responsibility for the financial choices they make and their consequences. To save for a number of years and then pay a deposit of 15-20% of the purchase price is not so strange, is it?”

Considering the current low interest levels, is a steep increase in interest not inconceivable at some point? What do you think the consequences will be?

“Banks’ interest margins are under pressure with the current low interest rates. Every time we reinvest the return is less. Up till now banks have been able to compensate in several ways, for example, by lowering savings rates and becoming more efficient. We are also seeing a somewhat increased interest margin by shifting new production to segments with higher spreads, such as project financing and trade financing of certain transfers. At the same time risk costs are showing a gradual improvement in line with economic recovery. The results show that we have been able to manage but decline in the reinvestment returns continues, while there is a limit to what you can do on the savings side. Added to this, the new regulations demand we do relatively more long-term funding. We don’t need this anymore for cash purposes, but we do pay liquidity premiums for it. What is strange is that the traditional balance sheet pattern, where liabilities are a little shorter than assets – the classic gap – is very limited. You see the balance sheet moving more naturally again, but relatively speaking our gap is still much smaller than in a normal interest climate.”

How has ING’s risk management developed since 2008?

"We have focused on mitigating remaining risks that had caused problems during the crisis. Where we ran up against problems was in a couple of large areas, like the Alt-A-portfolio in America, and the project development side of our property company. Our financial markets business also faced hard times, but finally showed a loss for one year only. As far as capital was concerned it has always been self-financing even though the ROI was not very strong. Even so we have radically reduced our trading activities in the financial markets business. An important deciding factor was our expectation that capital demands for this segment would gradually increase. We also looked closely at the global markets in which our position was strong enough to play a significant sustainable role. But the most important exercise since 2008 is that we have rigorously plowed through all large concentrations in the books. When Spain was hit by the euro crisis in 2012, we had EUR 54 billion-worth of assets against about EUR 14 billion-worth of savings. Now we have EUR 28 billion assets and EUR 22 billion savings.”

What impact will the possible introduction of the interest rate risk in the banking book (IRRBB) regulation from Pillar 2 to Pillar 1 have on ING?

“As I said, it will lead to a number of issues for liquidity management and for investment of our capital, which is the longest equity component a bank has. It is not something we are unduly worried about, but it is annoying that it costs capital and work again. Operational costs to comply with the regulations are considerable. The timing is also unfavorable. All banks are busy implementing an integrated finance and risk database. At the same time new regulations have to be implemented which can’t make use of that same database. So all sorts of parallel processes are being run that don’t link in to each other. What we learnt in our AQR (asset quality review) is that it’s not just an adequate database that’s important, but also the ‘query blanket’ on top of it, with which you can define search actions. We have upgraded it for the AQR and are trying to link it to the underlying data stream. We hope to complete the whole process, which was started in 2013, in 2018.”

And what are the priorities for ING for the future?

“The system that collects and invests savings, and another one that produces loans and tries to find funding are going to be more synchronized. We call this strategy ‘one bank’. Collecting franchise money country by country is fine, but if it is at all possible we will have to generate assets ourselves. We want to see a diversified balance sheet per country and are looking more critically at the impact of accounting treatment. If you study our own-generated loan books during the crisis, then they have done well. Of course there is extra pressure on the accounts in a crisis, but that is typical for banking. During the good years you have almost no provisions and a ROI of 20 and in a bad year you have considerably more provision and a ROI of 7. On average you make 13 and everyone is happy. What we have to avoid are large investment portfolios and asset concentrations.”