SREP – Consistent procedure of banking supervision in the banking union
The Single Supervisory Mechanism (SSM) establishes a new system of banking supervision with the aim to guarantee the security and stability of the European banking system. A component of the new system is the harmonization of banking supervision. The EBA proposed a standardized approach with the draft of the “Guidelines for common procedures and methodologies for the supervisory review and evaluation process” (SREP guidelines) of July 7, 2014 (fulfillment of article 107 Para. 3 CRD IV) that is to be applied by the ECB as well as the national supervisory authorities of the EU when assessing and evaluating the institutions. According to article 97 and 98 CRD IV, the focus is, amongst others, on:
- credit, market price and operational risks,
- interest rate risks of the banking book,
- risk of excessive indebtedness,
- concentration risks and their management,
- liquidity risks and their management,
- results of stress tests
- consequences of diversification effects and their consideration in models,
- assessment of the system risk,
- the business model of the institutions,
- regulations on corporate management and control of institutions, their corporate culture as well as
- the capacity of the members of the management body to fulfill their obligations
The consultation stage of the draft ends on October 7, 2014. The guidelines are to be applied from January 1, 2016 on, whereas interim arrangements are planned for implementing regulatory measures.
SREP: elements and content
The EBA defines a framework for the supervisory review and evaluation process (SREP) in Europe in the SREP guideline with the following nine elements illustrated in figure 1.
1. Classification of institutions
The national supervisory authorities assign all institutions within the EU depending on their size, structure, internal organization and alignment as well as the complexity of their activities to one of four categories.
- Category 1: Global systemically important institutions
- Category 2: Large to medium-sized institutions mainly operating domestically and with sizable cross-border activities
- Category 3: Medium- to small-sized institutions exclusively operating domestically and in a limited number of business lines.
- Category 4: Small institutions which don’t fall under Categories 1 to 3.
The classification reflects the assessment of systemic risk of the respective institution and determines the frequency, depth and width, in which the supervisory review procedure is carried out (principle of proportionality). The categorization of the institutions is reviewed on a regular as well as cause-related basis. The frequency of implementing the SREP as well as the intensity of the respective review are determined depending on the categorization of an institution.
2. Monitoring of key indicators
The national supervisory authorities are obliged to carry out a quarterly monitoring of financial and non-financial key indicators in order to identify changes of the financial situation or in the risk profile of an institution early on. The competent authorities are to develop a system for quickly realizing deteriorations or abnormalities in the nature of individual indicators. If required, limit values can be defined for individual indicators.
The indicators and limit values defined of the competent authorities should consider the size, complexity, business model as well as the risk profile of the institution. Comparisons with other institutions and/or peer groups can be referred to as well. Additionally, the competent authority can use macroeconomic data for monitoring, if available.
If abnormalities arise within monitoring, the competent authority is to find out the reason for this change as well as to define the materiality for the respective institution. Here, the competent authority can induce a comprehensive review of the institution or focus reviews.
3. Analysis of business model
The competent authorities assess by analyzing the business model of the institution to what extent the capacity of achieving short-term profit is fulfilled and whether the sustainability of the strategic alignment is at hand.
The focus of the analysis is defined within a preliminary assessment of the most important countries, branches, business lines and products. The competent authority gets a comprehensive idea of the macroeconomic market development as well as the strategic intention of the peer group of the institution by assessing the business environment of the institution. Both qualitative and quantitative factors are considered for the assessment of the current business model. The quantitative factors aim at estimating the financial performance as well as the risk appetite of the institution compared to the peer group. The success factors as well as the relevant dependencies of the institution are identified according to the qualitative factors. Apart from estimating the current situation, the strategic alignment as well as the financial planning of the institution are assessed. The competent authorities assess the viability and sustainability of the business model based on previous analyses and identify the relevant weaknesses.
4. Assessment of internal governance as well as internal control system (ICS)
The assessment of the comprehensive internal governance framework encompasses an assessment of the organizational structure of the institution as well as the suitability of the management body. The corporate and risk culture of the institution are assessed with a view to its adequacy while considering the size and complexity. It is also assessed whether the management body assumes its overarching responsibility for the institution and fulfills the requirements towards the strategic alignment and whether the corporate culture creates an environment ensuring effective decision-making processes within the institution. Furthermore, the competent authorities assess the adequacy of the remuneration guidelines and policy of the institution. The evaluation of the risk management framework comprises the assessment of the risk strategy, the adequacy of the ICAAP (Internal Capital Adequacy Assessment Process) and ILAAP (Internal Liquidity Adequacy Assessment Process) framework as well as the adequacy of methods and processes for conducting stress tests. The functionality of the internal control system is assessed whether the implemented controls have been implemented independently and in all business segments as well as by means of the implemented processes for risk detection and monitoring. The implemented information and communication systems of the institution are assessed with regard to their suitability. At the end of assessing the internal governance and control system, the competent authorities assess the adequacy of the recovery plan developed by the institution.
5. Capital risks and adequacy
Capital risks and the capacity of the institution to bear these risks (ICAAP) are assessed within this step. The credit, counterparty, market and operational risk as well as the interest rate risk of the banking book are to be assessed.
Supervision assesses capital adequacy by identifying the required capital requirement for covering unexpected risks and others (e.g. due to governance weaknesses) based on its risk assessments, ICAAP calculations and benchmarks (TSCR: Total SREP Capital Requirements). Afterwards, the overall capital requirements (OCR) are calculated while considering the capital buffer and, if needed, other buffers. The institution must comply with the OCR in the expected economic cycle with its set up capital plan and the TSCR in a stress case (institution’s own ICAAP stress test and/or anchor stress test of supervision) for 2 to 5 years.
6. Liquidity risks and adequacy
Focus of the analysis is the assessment of liquidity risks and the adequacy of liquidity sources to bear these risks (ILAAP). The liquidity risk, funding risk and management of these risks is hereby assessed. Whether the institution can bear these risks with the available liquidity, is assessed based on the ILAAP of the institution, the risk assessment generated by supervision, benchmarking calculations and other tools (e.g. stress testing). Additionally, supervision identifies whether other liquidity requirements are necessary while considering the business model and strategy as well as potential systemic liquidity risks. Supervision identifies the extent and/or nature of liquidity requirements with the help of supervisory benchmarks that are to be developed for different business models. For instance, data of LCR and NSFR institution reports and stress tests can be used as a basis for this. As a result, for example a higher LCR, the length of the minimum survival period or a minimum of liquid assets can be determined.
7. Summarizing total assessment
The result of the assessment of the business model (3), governance and ICS (4), capital risks (5) and liquidity risks (6) is in each case a 4-step score: 1 = no discernible risks to 4 = high risk
Afterwards, the SREP total assessment of the institution based on findings of the sub-assessments is made, in particular regarding the risks of the institution, its capacity to manage the weaknesses with the help of governance and control systems or with the help of the business model and the strategy to prevent them, whether own funds and the liquidity reserves sufficiently cover the risks and the positive and negative interaction of these sub-elements.
The result is additionally assessed of the materiality of the identified weaknesses of the sub-reviews and their impact, as far as they haven’t been eliminated. Furthermore, it is decisive for the total assessment, whether and which measures have been defined in the sub-reviews and how they interact with each other. The total SREP score is assigned based on these considerations—again a score from 1 to 4. In addition, the categorization of the institutions is complemented by a category in the total SREP: F = failing institution and/or likely to fail. Depending on the total SREP result, measures for eliminating the identified weaknesses, future supervisory activities as well as, if needed, early interventions according to BRRD (Bank Recovery and Resolutiong Directive) are to be defined.
8. Definition and communication of regulatory measures
Supervisory authorities can issue measures on capital, liquidity and other areas. Capital measures can, for example, be additional capital requirements, establishing capital surplus, prohibition of profit distribution or increased capital requirements for special assets. Apart from the increased liquidity requirements described under 6, supervisory authorities can for instance define restrictions regarding maturity differences between assets and liabilities.
Other measures are e.g. organizational adjustments in risk management, restrictions in the product portfolio and improvements in the governance and control systems.
9. Early intervention of supervision
In case of imminent timely breach of regulatory key figures or for example dramatic deterioration of the financial situation, supervisory authorities can impose measures according to Article 27 BRRD. These include:
- the obligation of the management body to present a detailed action program for overcoming the problems
- summoning an assembly of the shareholders for presenting specific decisions by the authorities in charge,
- firing or replacing members of the management board and/or the management body from their function,
- changing the business strategy of the institution
- changing the legal or operational structures of the institution
- conducting controls on the ground for collecting information for updating the settlement plan,
- preparing the settlement of the institution as well as
- assessing the assets and liabilities of the institution.
Conclusion: Consider SREP an opportunity!
The overhaul of the supervisory review process should be considered an opportunity by creating a level playing field of banking supervision in Europe. For the alleged increased requirements towards the supervisory review process contribute to a significant improvement of transparency on the requirements and review system of the competent authorities. We will have to wait to see to what extent these standards differ from the already established procedures in Germany in practice.
Cross-border operating institutions benefit from a harmonized review process through a supervisory authority. The institutions are enabled to take countermeasures prior to a failing thanks to the regular controls and the related tips as well as the requirement of effective measures of the authorities in charge. Regular contact with the supervisory authorities, the profound analysis of the institution-specific business models as well as the assessment of the strategic alignment will enhance the understanding of the features of an institution and on a medium- to long-term basis lead to an improved adequacy in the assessment as well as in the imposed measures.
Already now, it is obvious that the supervisory review process will be changed profoundly. Even if theses changes cannot yet be estimated completely, institutions can introduce first measures already today. Thus, it is recommendable to establish a “single point of contact” for the SREP within the institution, who can support the respective authority and consistently manage the review process institution-wide.
It has become apparent that it will become necessary within the SREP to merge information from different data warehouses and areas. This complies with the current objectives of supervision having been already formulated in the BCBS # 239—Risk Data Aggregation. Within a first institution-internal review (SREP check-up), relevant impediments can be identified already today, which can be eliminated by suitable measures early on.