PRA’s 2022 priorities for banks operating in the UK

2022 priorities in a nutshell:

• Regulatory reporting: The PRA has reinforced the focus that firms should have on regulatory reporting. Adding on from the September 2021 Dear CEO letter, the PRA has emphasized that firms must take steps to ensure the quality of their controls, governance, and data. Specifically, for deposit takers, the PRA continues to remain disappointed with the quality of firms’ returns; and has reiterated that correcting this issue should be a priority for firms.
• Climate change: The PRA has noted that some firms have a long way to go in terms of implementing the provisions of SS3/19; and firms must be in a position to demonstrate compliance with it – especially deposit takers. The overarching message for branches and subsidiaries of international banks is to apply the SS3/19 requirements proportionately, to ensure a sound risk management framework.
• Operational risk and resilience: The PRA has warned that firms should be mindful of operational risks crystallising as staff return to work after the pandemic; and that firms should adopt the Prevent, Learn, Adapt and Respond framework to cope with such disruptions.
• Risk-free rate transition: Whilst the end-of-2021 transition was successful, both the PRA and FCA are set to closely monitor firms’ progress on the ongoing transition of LIBOR contracts.
• Financial resilience: PRA hinted at the need for firms to focus on their risk management frameworks – specifically on the impact of the withdrawal of government support; digitalisation; and lessons learned from the default of Archegos Capital Management.
• Diversity and inclusion: In perhaps the clearest message on this matter from the PRA thus far, the regulator has stated that firms must challenge themselves on how they can improve diversity across all levels of the organisation.
• Credit risk and model risk (for deposit takers only): Thematic reviews on lending by SME banks are imminent; and the PRA has reinstated that firms should focus on remediating weaknesses in the development, testing, validation, change management and governance of their internal models.

2022 priorities in a little more detail:

Regulatory reporting

The PRA is investing in world-class reg tech and data strategy to ensure that data is managed effectively and provides accurate information. Whilst firms have been improving the processes and production of regulatory returns, there must be a continued focus on data quality, flexibility, and information security in regulatory reporting production.

As always, the PRA expects complete, timely and accurate production of regulatory returns.

It is the responsibility of each firm to ensure this remains integral to their processes and that this is given high priority on a continual basis. The PRA will expand its skilled person's reviews (under Section 166 of the Financial Services and Markets Act) in 2022 with a key focus on the accuracy of data and the framework for the production of the regulatory returns.

Specifically, for deposit takers, the PRA remains overall disappointed at the processes around preventing and detecting potential inaccuracies and incompleteness in regulatory returns. The regulator has reiterated that it is the responsibility of each firm to ensure that regulatory reporting is prioritised, and the accuracy and integrity of data are at the same standard as firms’ financial reporting. The PRA expects firms in 2022 to review their governance, controls, and data related regulatory reporting and, analogous to their approach for international banks, the regulator will extend using skilled person reviews to ensure firms are on top of the production of these returns.

Financial risks arising from climate change

The SS3/19[1] details the PRA’s expectations in relation to the management of financial risks from climate change. This is a priority for firms to start acting now. Whilst the PRA note some firms have made good progress, other firms still have further work to be done.

This will be a key priority for the PRA in 2022. Firms need to ensure that they are assessing the climate risks to their business model and how they plan to manage these going forward. Subsequently, bringing climate risk to the forefront of business decisions and ensuring quantitative and qualitative assessments are necessary to ensure the opportunities and the risks are recognised and treated appropriately by the business.

The PRA’s Climate Change Adaptation Report provides further guidance for firms to assess their internal management for climate-related financial risks. Whilst the SS3/19 applies to UK firms, the PRA’s expectation is that branches of international firms should incorporate this approach as best practice to ensure a sound risk management framework.

Operational risk and resilience

The Covid-19 pandemic has made firms reassess the operational risk inherent to their firm and how they can remain resilient to these changes. As firms emerge from this pandemic, this will again change the landscape for firms’ operational risk and resilience. Firms should look at Prevent, Learn, Adapt and Respond frameworks when operational disruptions occur to ensure they can manage potential threats and have an effective operational risk and control framework:

There are the following Supervisory Statements (SS) that need to be highlighted to ensure firms comply with the PRA’s ongoing operational resilience assessment:

SS 1/21[2] provides operational resilience impact tolerances for important business services and reinforces the need to manage the increasing risk of cyber threats. This provides key information to management and the board on potential issues and potential escalation processes internally.

SS 2/21[3] where the PRA has detailed new expectations for third party and outsourcing management. The aim is for firms to increase resilience in this area. The increase in outsourcing and cloud-related services has an impact on the operational resilience of the firm and firms need to ensure that outsourcers and third-party providers remain within the impact tolerances that the firm has set.

Regulatory deadline

Risk-free rate transition

At the end of 2021, the transition of risk-free rates was successful. Firms must continue to look to transition all LIBOR-related contracts to relevant reference rates the firms. If firms decide to use credit-sensitive rates, this not only must be assessed with care, but firms must raise this with their supervisors before they do this.

The PRA and the Financial Conduct Authority (FCA) will continue to monitor this closely.

Financial resilience

As the Covid-19 pandemic is still impacting the financial markets and in light of the Russian invasion of Ukraine, firms must remain vigilant on the financial resilience of their business model, ensuring that the knock-on impact on financial markets including business and households are kept secure. Whilst firms have been able to utilise the government's support and some firms have been able to take advantage of the macro-environment during 2021, this must not result in any form of complacency. Firms must remain vigilant in the financial resilience of their business model. Specifically, for deposit takers, the Bank of England generally utilise their Annual Cyclical Scenario framework to conduct stress testing on major UK banks and building societies, the aim being to assess the financial resilience of firms.

The PRA require firms to assess their financial position at this moment and going forward considering the withdrawal of government support, potential impacts on the firm’s market share due to changes from the pandemic, and where the firm’s business model strength lies in terms of digitalisation as we see banks, namely FinTech’s, are increasingly automating processes and products to businesses and households.

In 2021, Archegos Capital Management defaulted on margin calls from several global investment firms, resulting in material financial losses. The PRA note that this scenario highlighted that firms were required to continuously work on a robust risk management framework. Firms need to continue to learn lessons from the global financial crisis, assess their risk culture, concentrated on leveraged exposures and significantly improve counterparty risk management practices.

Diversity & inclusion

‘Diversity helps bring a mix of views, perspectives and experiences within firms’[4]. The PRA is actively supporting diversity in firms. This has been set out in Discussion Paper 2/21[5]. Firms must look to how they will improve diversity in their firm and challenge themselves in how they as firms are looking to improve diversity.

Credit risk and model risk (For deposit takers only)

Credit risk management practices including monitoring credit risk, assessing the impact of provisioning and IFRS 9 Expected Credit Loss will be high on the agenda for the PRA in 2022. The PRA has stated that further progress is required to ensure consistent high-quality practices. The PRA are currently performing four thematic reviews, 1) Wholesale problem debt management 2) Unsecured personal loans 3) Buy-to-let 4) IFRS retail models. This will be followed by subsequent reviews on small and medium-sized enterprises.

The PRA will also continue its focus on firms’ implementation of model risk management. Recent reviews have identified weaknesses in development, testing, validation, change management and governance. The PRA will increase focus on the remediation action plan firms are taking.

References

[1] SS319 (bankofengland.co.uk)

[2] SS1/21 ‘Operational resilience: Impact tolerances for important business services’ (bankofengland.co.uk)

[3] SS2/21 'Outsourcing and third party risk management' (bankofengland.co.uk)

[4] Dear CEO letter 'UK Deposit Takers Supervision: 2022 priorities' (bankofengland.co.uk); and Dear CEO letter 'International banks active in the UK: 2022 priorities' (bankofengland.co.uk)

[5] July 2021: DP2/21 – Diversity and inclusion in the financial sector – working together to drive change; and July 2021: DP21/2: Diversity and inclusion in the financial sector - working together to drive change