On Monday 12 December, the European Central Bank (ECB) released their update of the supervisory priorities for 2023–2025, which was based on a thorough assessment of the main risks and vulnerabilities faced by the significant institutions under its direct supervision, as well as considering the progress made on the 2022 priorities and 2022 SREP. In a turbulent year both geopolitically and economically, the ECB has understandably updated its three-year horizon to consider these new circumstances, which have “materially changed compared to last year”. Though they emphatically state that the previous year’s supervisory priorities and corresponding activities that were set out in 2022 still remain suitable, they acknowledged the need for “some adjustments” to tackle emerging risks from the conflict in Ukraine and high inflation.
With these new risks in mind, the ECB has incorporated the above points and finalised its risks and priorities exercise to again coordinate its activity over a medium-term time horizon i.e.: three years. Given the fast-changing geopolitical environment, we could assume that further tweaks will continue over the medium-term time horizon.
The ECB priorities for 2023–2025 are threefold; each priority is of equal importance and associated with an underlying high-level work programme to address identified vulnerabilities, which is outlined within the priority along with an overview of its planned supervisory activities. We have summarised the three priorities below, along with the details for each of the identified vulnerabilities:
Figure 1: SSM priorities 2023–2025
Aside from expected priorities such as credit risk, in comparison to last year we see two new key areas of focus, namely on funding risks and risk data aggregation. The ECB notes that many banks have a material reliance on TLTRO III funding and are subsequently more vulnerable to increases in market funding costs. The ECB will focus on these banks as well as on a broader analysis of banks’ liquidity and fundings plans aimed at identifying weak practices. The second new key area of focus is on risk data aggregation and reporting. It seems the ECB will refine and communicate supervisory expectations related to the implementation of these principles and will perform a horizonal analysis across banks with persistent shortcomings.
Other than this, banks can look forward to the announced publication of two further supervisory expectations on the topics of digital transformation strategies and banks’ governance arrangements and risk management.
What do the priorities mean for banks and what do KPMG professionals recommend?
In alignment with the above, the ECB has outlined its key supervisory activity that it intends to undergo for each vulnerability. Banks have been requested to do the following – and KPMG banking and financial services professionals have included some key recommendations on what they can do now:
- Priority one: Strengthen their resilience to immediate macro-financial and geopolitical shocks
- Continue to closely follow remedial action plans to address gaps identified in the 2020 “Dear CEO” exercise, in particular regarding forbearance, unlikeliness-to-pay (UTP) and provisioning practices
- Prepare for several additional targeted reviews1, deep-dives and on-site inspections (OSIs) named by the ECB on the following: loan origination (focused on real estate); IFRS 9 (large corporates, small and medium-sized enterprises and retail portfolios, and commercial real estate); forbearance and UTP policies; energy and commodity traders
- Be prepared for additional scrutiny on areas highlighted in the 2022 SREP, namely institutions’ risk controls, classification of distressed borrowers and provisioning frameworks
- Assess adequacy of the internal ratings-based (IRB) models, accounting models and credit risk management frameworks for material portfolios in vulnerable sectors.
- Look to close outstanding gaps relative to expectations for leveraged loans
- Evaluate how interest rate and credit spread assessment in both the trading and banking books is monitored and managed, especially in preparation for observing further episodes of high volatility and repricing in the financial markets
- For banks with material reliance on TLTRO III financing, and would therefore be more vulnerable to increases in market fundings costs, prepare for targeted reviews on this topic
- Get ready to review and, if needed, redevelop liquidity and fundings plans, identify weaknesses in advance of targeted OSIs on this topic and pro-actively discuss with JSTs
- Priority two: Address digitalisation challenges and strengthen management bodies’ steering capabilities
- Prepare for the publication of supervisory expectations on digital transformation strategies as well as the outcome of the benchmarking in 2022
- Be ready to discuss directly with the JST any weaknesses identified, and pro-actively manage resourcing to develop and carry out remedial actions based on these discussions and benchmarking
- Further prepare for targeted OSIs on digital transformation which will combine both IT and business model aspects, as well as on outsourcing and cyber security management
- Collect evidence for upcoming data collection of outsourcing registers, and analyse in particular significant concentrations in any third-party providers
- Prepare documentation and review policies around management bodies’ collective suitability and diversity in advance of the publication of supervisory expectations regarding banks’ governance arrangements and risk management
- Assess progress with respect to persistent risk data aggregation and reporting deficiencies, and expect the refinement and communication of supervisory expectations related to the implementation of risk data aggregation and risk reporting principles
- Priority three: Step-up their efforts in addressing climate change
- Expect targeted deep-dives to follow up on remediation plans following the 2022 climate risk stress tests and thematic review
- Keep-in mind new ITS reporting and Pillar 3 disclosure requirements related to climate risk and get prepared for benchmarking of these practices
- For selected banks, prepare for deep-dives on reputational and litigation risks associated with climate-related and environmental strategies
- Be aware that OSIs on climate-related aspects may now be stand-alone or within reviews of individual risks (e.g.: credit, governance, business model)
In short, at a minimum we would advise banks to analyse the priorities, identify the most challenging areas and the ones most likely to be implemented in their supervisory examination plans and develop action plans to prepare themselves in advance. With the publication of new supervisory expectations for digitalisation, governance and risk data aggregation, and clear focus on persistent legacy issues at banks, the ECB is expecting banks to develop a more strategic and pre-emptive approach to many topics.