ECB publishes supervisory priorities 2022-24
25 February 2022
In line with the current challenges, the three new supervisory priorities (the Priorities) concern the impact of the Covid-1 pandemic, structural weaknesses and emerging and evolving risks. The ECB has identified the corresponding key vulnerabilities of credit institutions in these areas and developed strategic objectives and associated work programmes that target significant banks under its direct supervision.
The report seeks to support the SSM-wide effort to coordinate supervisory activity over the medium term. It thus allows institutions to identify and prepare for the future key supervision activities of the ECB. It is most relevant to significant institutions but the Priorities also provide guidance to national competent authorities (NCAs) to set their own priorities for less significant institutions. The Priorities provide guidance to the Joint Supervisory Teams (JSTs) and are input for the Supervisory Review and Evaluation Process (SREP).
While the publication of the Priorities seeks to enhance transparency and clarify the medium-term supervisory expectations, the strategic priorities are reviewed on a yearly basis and are subject to ongoing monitoring and assessment. The Priorities are therefore not set in stone but are part of an ongoing review process that gives the ECB the possibility to flexibly modify or change its priorities and corresponding activities at short notice.
Priority 1: Banks emerge from the pandemic healthy
As the first supervisory priority, the ECB identifies the adverse impacts of the Covid19-pandemic, in particular asset quality deterioration linked to the progressive withdrawal of governmental and monetary policy support. In this area, the ECB has set out four key vulnerabilities:
Deficiencies in credit risk management frameworks
The ECB’s strategic objective is the improvement of banks’ credit risk management practices, leading to timely identification, forward-looking measurement and mitigation of credit risks. This is designed as a countermeasure to the blurred creditworthiness of borrowers due to the political actions taken to support the real economy during the pandemic, which has challenged banks’ ability to proactively manage credit risk.
The planned key supervisory activities are:
- Follow-up by the JSTs on credit risk management deficiencies identified in the “Dear CEO letter” on credit risk in December 2020, and targeted on-site inspections. In December 2020, the ECB insisted on adequate risk assessment to be balanced with the need to avoid pro-cyclical reticence in bank lending during the pandemic;
- Targeted reviews in the area of credit risk identification, monitoring and assessment, as well as the relevant dimensions of the IFRS 9 provisioning framework; and
- Follow-up by JSTs with affected banks, and targeted internal model investigations into model changes related to the implementation of the EBA IRB repair programme or triggered by the impact of the pandemic.
Exposures to Covid-19 vulnerable sectors
The main strategic objective of the ECB here is to strengthen the supervisory focus on supervised banks’ exposures towards such vulnerable sectors, especially commercial real estate. The phasing out of state support measures is particularly difficult for highly indebted firms in sectors that have been hit hard by the pandemic. While the outlook is generally positive, banks’ exposures to such companies remain susceptible to potential asset quality deterioration and thus need to be monitored and managed accordingly.
Here, the ECB plans the following key supervisory activities:
Regular monitoring of banks’ exposures towards vulnerable sectors, and
Targeted reviews and on-site inspections of banks’ exposures to commercial real estate
Exposures to leveraged finance
Unlike the previous vulnerabilities, the exposure to leverage finance is a credit risk not directly caused by the Covid-19 pandemic. Rather, the ECB has been beating this drum for at least the past five years. In line with its previous stance, the ECB seeks to prevent the build-up of unmitigated risks and to foster banks’ adherence to the supervisory expectations laid down in its 2017 guidance on leverage finance.
The renewed focus on leverage finance exposure likely comes as unwelcome news to many institutions that should assess the extent of their compliance with the guidance. The ECB has previously hinted that it may be prepared to act with the full force of its supervisory measures, including minimum capital requirements, where its expectations are not met.
Generally, the following activities are planned:
- JSTs will continue to assess leveraged finance risks and follow up on significant institutions’ efforts to implement the supervisory expectations outlined in the related ECB guidance; and
- Targeted on-site inspections with particular focus on underwriting standards, management of syndication risk, risk appetite and capital requirements.
Sensitivities to shocks in interest rates and credit spreads
The ECB expects supervised institutions to have sound arrangements in place to manage the impact of medium-term interest rate and credit spread shocks and to adjust their risk assessment, mitigation and monitoring frameworks accordingly. The reason for this step is exaggerated ratings due to current economic conditions, which increase the likelihood of repricing risk in government and corporate bonds or on the equity markets.
Here, the planned supervisory activities are:
- Targeted review of banks’ interest rate and credit spread assessment, monitoring and management, in both trading and banking books; and
- Follow-up by JSTs on banks’ remedial action plans whenever material deficiencies are identified, and targeted on-site inspections.
Priority 2: Structural weaknesses
As the second Priority, the ECB lists structural weaknesses that should be addressed via effective digitalisation strategies and enhanced governance.
Deficiencies in banks’ digital transformation strategies
The ECB views the digital transformation process, accelerated by the pandemic, as a lever to booster efficiency and revenue growth. It thus expects banks to have sound digital transformation strategies and make their business models sustainable in the long term.
The planned key supervisory actions here are:
- Survey on banks’ digitalisation strategies;
- Benchmarking analysis and JST follow-up with banks where material deficiencies in their digital transformation strategies are identified; and
- Targeted on-site inspections in areas where the main deficiencies are identified.
Deficiencies in management bodies’ steering capabilities
As the ECB and NCAs keep reporting high numbers of findings pointing towards structural deficiencies in internal control functions, management bodies’ functioning or risk data aggregation and reporting capabilities, banks are being asked to implement effective action plans to address these deficiencies in management bodies’ functioning and composition. In 2020 most administrative penalties by competent authorities in the SSM related to governance.
The following supervisory actions are planned:
- Targeted reviews of bank management bodies’ effectiveness and targeted on-site inspections; and
- Development and implementation of a policy on diversity and a risk-based approach to fit and proper assessments. The ECB attaches great importance to the "challenging capacity of management bodies" which is also part of the recently updated Fit and Proper Guide.
Priority 3: Emerging risks
The ECB has pinned down three emerging and evolving risks which it expects banks' to address: (1) climate-related and environmental risk, (2) increasing counterparty credit risk towards riskier and less transparent non-bank financial institutions, and (3) operational and IT resilience.
Climate-related and environmental risk
The ECB’s objective is to have supervised institutions proactively incorporate climate-related and environmental risks into their business strategies and their governance and risk management frameworks, in order to mitigate and disclose such risks and comply with the corresponding regulatory requirements. Currently, the majority of supervised banks falls far short of supervisory expectations in this area and institutions should brace themselves for consequential vigorous supervisory activities over the coming years.
In particular, the following activities are envisaged:
- Bottom-up climate risk stress test and development of best practices on climate stress testing;
- Thematic review of banks’ strategies and governance and risk management frameworks;
- On-site inspections; and
- Follow-up by JSTs on banks’ disclosure practices and adherence to supervisory expectations laid down in the 2020 ECB Guide on climate-related and environmental risks. This guidance to banks across the Eurozone contains a range of specific supervisory expectations in relation to, notably, climate risk that banks are to take on board in their strategies, risk management and governance.
Exposures to counterparty credit risk, especially towards non-bank financial institutions
Unsurprisingly given the recent fallout from the Archegos bankruptcy, the ECB’s seeks to enhance banks’ governance and risk management frameworks to cope with increased counterparty credit risk (CCR) stemming from increased exposures to more risky and less transparent counterparties, which often are non-bank financial institutions.
Here, the ECB plans the following supervision activities:
- Targeted reviews and on-site inspections for CCR governance and management;
- Finalisation of prime brokerage reviews to clarify supervisory expectations in terms of the management of non-bank financial institutions’ exposures;
- Follow-up by JSTs with banks that show material deficiencies in these areas.
Deficiencies in IT outsourcing and cyber resilience
As a kind of mirror image to the regulatory demand to embrace digital transformation, the ECB has renewed its focus on digital resilience. It plans to progressively intensify supervisory activities in this area to nudge banks to improve their risk management practices as regards IT outsourcing and cyber threats. This is a reaction to the increasing number of third-party IT outsourcings and relevant IT incidents since 2020 which goes hand in hand with the increased reliance on digital technologies during the pandemic.
Key planned supervisory activities are:
- Data collection on banks’ outsourcing registers;
- Targeted reviews and on-site inspections on cyber resilience and IT outsourcing arrangements; and
- Follow-up by JSTs with banks that show material deficiencies in these areas.
Overall, the Priorities should come as no surprise since they build upon the known priorities for 2021 and address issues that have been repeatedly mentioned by members of the ECB Supervisory Board during the past year. The publication of a medium-term set of priorities is welcome as it will enable institutions to better foresee supervisory expectations over a longer timeframe and engage in constructive dialogue.