The ECB priorities are set after a holistic assessment of banks’ main risks and vulnerabilities and can be broken down into three main priorities:
Priority 1
Strengthen resilience to immediate macro-financial and geopolitical shocks.
To address a potential vulnerability regarding shortcomings in credit risk and counterparty credit risk management frameworks, the ECB has proposed:
- Conducting specialised reviews of portfolios susceptible to the current macro-financial conditions and vulnerable to refinancing risk.
- Continued focus on the international financial reporting standard 9 (IFRS 9) targeted review, monitoring progress on banks’ expected credit loss models and their ability to capture emerging risks, and IFRS 9 collective staging and provisioning for small and medium-sized enterprises (SMEs), retail portfolios and commercial real estate (CRE).
- Continued follow-ups on internal model investigations and the targeted review of CCR management from 2022.
- Specific on-site inspections (OSIs) related to counterparty credit risk (CCR) management.
To address shortcomings in asset and liability management frameworks, the ECB has proposed:
- Targeted reviews of funding plans, contingency planning and the adequacy of collateral optimisation capabilities
- Targeted OSIs on the robustness of funding and recovery plans as well as an OSI campaign on interest rate risk for banking book (IRRBB), specifically regarding asset and liability management (ALM) positioning and strategy, IRRBB behavioural models and hedging strategy.
Priority 2
Accelerate the effective remediation of shortcomings in governance and the management of climate-related and environmental risks.
To address deficiencies in management bodies’ functioning and steering capabilities, the ECB has proposed:
- An update to supervisory expectations on governance and risk management published by supervisors.
- Targeted reviews and OSIs relating to bank management bodies, particularly relating to gender imbalance and improvements to the collective suitability of boards.
To address deficiencies in risk data aggregation and reporting, the ECB has proposed:
- An update to supervisory expectations on the implementation of RDAR principles and a guide on effective risk data aggregation and risk reporting.
- Targeted reviews and OSIs on risk data aggregation and reporting (RDAR) and RDAR practices.
- Production of an annual questionnaire aimed at ensuring adequate accountability of banks’ management bodies in matters related to internal, financial, and supervisory reporting.
To address material exposures to physical and transition risk drivers of climate change, the ECB has proposed:
- A follow -up on the 2022 climate risk stress test and thematic review to achieve appropriate alignment by the end of 2024.
- A review of banks’ pillar 3 disclosure requirements and implementing technical standards on reporting.
- Investigating banks’ capabilities of addressing reputational and litigation risks associated with climate related and environmental (C&E) commitments.
- Targeted OSIs on climate related aspects.
Priority 3
Further progress in digital transformation and building robust operational resilience frameworks.
To address deficiencies in digital transformation strategies, the ECB has proposed:
- An update to supervisory expectations on digital transformation strategies.
- Targeted reviews focused on the impact of banks digital transformation, specifically focusing on their business model/strategy and governance and risk, complemented by follow ups when deficiencies are identified.
- Targeted OSIs on digital transformation, specifically combined with the IT aspect of their digital strategies.
To address deficiencies in operational resilience frameworks, namely IT outsourcing and IT security/cyber risks, the ECB has proposed:
- Data collection and horizontal analysis of outsourcing registers.
- Targeted reviews and OSIs of outsourcing and cyber security management.
- System-wide cyber resilience stress test in 2024 specifically focused on response, recovery capabilities and restoration time after a cyber security incident.
How can we help?
Our prudential risk experts recognise that regulations remain a pivotal driver for the strategic priorities of financial institutions. Our team excels at helping clients within the financial services sector to navigate the intricate web of regulations. We work in tandem with our clients to identify their regulatory responsibilities and develop strategies for full compliance.
This article is the third instalment in a four-part series outlining the strategic priorities of European Supervisory Authorities for the financial sector.
Read article one on The European Banking Authority's strategic priorities for 2024
Read article two on EIOPA strategic priorities for 2024
Read article four on the European Securities and Markets Authority’s strategic priorities for 2024