At a time when the European Banking Authority’s stress tests have provided valuable insights into the solvency levels of European banks, these banks are continuing their efforts to formalise the conceptual and operational framework of risk management.
While changes in capital requirements (the Basel Pillar 1 quantitative requirements) still command the attention of bankers and investors, there is an increasing focus on individual prudential supervision (the qualitative requirements associated with Pillar 2). As the ACPR (Autorité de contrôle prudentiel et de résolution) noted in January 2016: “The additional capital requirement must not be regarded as the sole adequate measure for addressing banking risks. It is also vital to strengthen internal controls and improve the quality of risk management, the definition of internal limits and their actual application […]. Capital is no substitute for resolving the problems inherent in internal controls or risk management.”
From this perspective, the publication by the EBA and the European Central Bank of a joint European methodology for risk assessment is a major advance. This methodology (SREP – Supervisory Review & Evaluation Process) harmonises the approach to analysing and assessing banking risks in Europe. It provides the anchor for the whole supervisory system. The methodology is based on four criteria: the business model, governance, risks to capital and risks to liquidity.
Assessment of these last two criteria relies on two processes introduced by the second pillar of Basel II: the ICAAP (internal capital adequacy assessment process) and the ILAAP (internal liquidity adequacy assessment process). They form an integral part of the strategy of each financial institution: they set out and organise the procedures, governance and methodologies that ensure the capital adequacy and liquidity capacity of each bank in the light of its risks.
Every institution must demonstrate and formalise its procedures with full and detailed documentation, prepared under the supervision of its governance organs and submitted to the supervisory authorities at least once a year.
To achieve this aim, each institution must have:
– measured and analysed all the risk categories to which it is exposed;
– defined its appetite for these risks, in line with its strategy;
– planned and articulated this risk appetite operationally in internal budgetary and operating processes;
– conducted continuous monitoring of the risks in question in order to manage them.
Depending on the extent to which they exist, their actual deployment and their formal structures, the ICAAP and the ILAAP provide the supervisor with criteria for assessing and evaluating the reliability of risk management systems. All this information can be used to fine-tune supervision and any capital surcharges.
Hitherto the banks have developed their own approaches, arising from their histories, activities and strategies. But the introduction of harmonised Europe-wide principles will lead in future to a requirement for formalism, documentation and common practices.
Improved comparability and standardised procedures should encourage the banks to review their existing arrangements and organisation, to:
– identify the material risks and measure them in a long-term perspective;
– simplify procedures to bring more clarity and operational efficiency, together with better risk management;
– develop indicators providing a relevant understanding of risks for strategic management.
To conclude, the essence of the ICAAP and ILAAP is that they enable entities to get a better idea of the risks and their management, and to identify profitable banking business guaranteeing long term growth.
 Credit, market, operational, liquidity, structural risk and rate risk
 The level of risk that the bank is willing to accept (or risk tolerance) for each identified risk category, given the nature of its business.
Article published in L’AGEFI Hebdo on 01/09/2016