Banking – Q1 2024

There was a slight lull in banking specific publications from the Bank of England and FCA in Q1. The former's new digital strategy and amendments to the Recovery & Resolution Regime dominated the agenda.

Expect this to change in Q2 when the Bank of England will publish the Basel 3.1 final rules for credit risk (possibly the most consequential item of regulatory change since Covid-19) and Strong & Simple final rules for capital. Both of these should already be occupying a significant amount of senior management's time and will continue to do so in the months ahead.

The proposed UK regime for critical third parties: speech by Gareth Truran

In March, Gareth Truran, the director of Prudential Policy at the Bank of England, delivered a speech at the UK Tech Summit on Operational Resilience for Critical Third Parties (CTPs).  His speech focused on the main objectives and priorities for the PRA’s regime for CTP’s.

In his speech Truran outlined that the new regime enables HMT to designate third parties as CTPs, if they meet the criteria, and gives the Financial Services (FS) regulators new powers to oversee the resilience of the services these CTPs provide to the UK financial sector.

The scope of the CTP regime largely falls to who is likely to be designated as a CTP. Ultimately, this is decided by the HMT who will consider recommendations from the regulatory authorities. A third party will only be considered a CTP if a failure, or disruption to a service it provides, could have systemic consequences.

A key focus area of Truran’s speech was around recognition that situations exist where compliance with previous regulatory guidance might be insufficient to deliver an appropriate level of operational resilience. In some cases, a failure of a third party or its services could create a single point of failure for multiple firms, and a single FS firm may struggle to mitigate this risk. This is one of the main things the new CTP regime is looking to address.

Key features of the proposed CTP regime are:

  • Complementing rather than replacing firms’ existing obligations. Firms must continue to carry out appropriate due diligence and develop contingency plans in case of a disruption.
  • Focusing on the particular services CTPs provide to financial services firms. Regulators’ powers and proposed rules are targeted to the services CTPs provide to the UK financial sector.
  • CTPs will need to develop their understanding of their role in supporting the financial services sector, addressing how the new CTP regime and their future actions under it can manage financial stability risks.

The requirements and expectations of CTPs once designated can be split into ‘Fundamental Rules’ and other ‘Operational Risk and Resilience Requirements’. The latter is more granular and applies only to the material services the CTP offers. These requirements cover areas such as governance, risk management, technology and cyber resilience.

What management should consider

Management at banks and building societies needs to aware the new regime does not detract from fulfilling existing regulatory obligations on operational resilience and third-party risk management. In addition to this, firms should also ensure that they incorporate the impact tolerance framework for Important Business Services into any response to the CTP regime. This should include an awareness of the fact that firms will need to continue meeting impact tolerances even if they rely on third parties under the CTP regime to support service delivery.

Solvent Exit Plan SS2/24

A solvent exit is the process by which firms discontinue PRA regulated activities (deposit taking) while remaining solvent. Firms will be required to transfer or repay (or both) all deposits as part of its solvent exit which will end with the removal of the firm’s Part 4A PRA permission. The supervisory statement becomes effective from October 1, 2025 and applies to non-systemic UK banks or building societies. For reference, the PRA defines such firms as:

  • Not subject to the Operational Continuity Part of the PRA Rulebook.
  • Not part of a global systemically important institution (G-SII) or other systemically important institution (OSII).

Other firms that are not in scope of this SS may also find the expectations helpful in preparing themselves for the cessation of PRA-regulated activities.

Some expectations for Firms include:

  • Prepare for a solvent exit as a part of BAU activities and produce a ‘solvent exit analysis’ document.
  • Produce a ‘solvent exit execution plan’ when solvent exit becomes a reasonable prospect.
  • Develop robust frameworks for managing solvent exit.

This still fits in with existing regulations as:

  • Solvent exit sits alongside recovery and resolution as a possible route for non-systemic firms facing stress or wishing to exit from PRA-regulated activity for any reason.
  • Both ‘Solvent Exit’ and ‘Trading Wind Down’ are concerned with the orderly discontinuation of an operating activity, with minimal disruption to the financial system. However, a key difference is the component of the business which would be discontinued (i.e., trading book activities vs banking book activities), and the definition of the ‘in-scope’ firms.
  • Conceptually, the trigger for solvent exit should align with the results of firms’ reverse stress testing.

What management should consider

Management at in scope firms may consider previous implementations done under their exiting recovery planning regime to meet the expectations of the PRA per this CP. Firms may also consider the following:

  • Review of existing triggers and key dependencies to identify uncertainties and cost drivers associated with solvent exit.
  • Enhancing the existing capabilities (for continuing operations), frameworks (including communication and governance), scenario analysis and stress testing regime.
  • Identify potential areas where the solvent exit plans may be integrated with the recovery plan and ensure that its solvent exit preparations are consistent with and viewed as complementary to its work in other areas such as recovery and resolution planning.

The Bank of England’s James Benford outlines the new data strategy

In March, James Benford, the Bank of England’s Executive Director for Data and Analytics Transformation and Chief Data Officer, outlined the Bank’s new strategy on data and analytics. Regular readers of the Newsletter will be aware that this is not the first time in recent years the Bank of England has flagged its intention to improve its data capabilities. For example, many readers will have already been involved in discussions with the regulator over its ongoing Banking Data Review, where the focus is on modernising the PRA’s approach to receiving regulatory returns.

In order for the Bank to make the best use of its current datasets and data capabilities a review was commissioned last year to be undertaken by the internal Independent Evaluation Office (IEO). This strategy refresh comprised seven steps:

  1. Independent review: this provided three main recommendations, agreeing upon a clear vision for data and analytics, ensuring that the Bank’s practices keep up with technological advances, and upskilling Bank staff.
  2. Establishing a governance structure: including the formation of a new Data and Analytics Board, alongside a federated system of local data boards, a Technology and Data Advisory Panel, and new data business partners. 
  3. Defining strategic goals: these have been grouped into four key areas, stronger data governance, improved national and international collaboration, a new cloud platform, and harnessing AI solutions.
  4. Agreeing on principles and data architecture: these include a Bank-wide approach, prioritising business outcomes and data management that is consistent, secure, transparent, and ethical.
  5. Prioritising investment portfolios: three priorities including moving the Bank’s systems to the Cloud, improved management of macroeconomic and financial market data, and a new approach to regulatory data collections.
  6. Reworking operating models: most notably through the Transforming Data Collection, jointly with the Financial Conduct Authority (FCA) (see below).
  7. Publishing and executing the plan: a 3-year plan detailing the data & analytics strategy will be published together with the Bank’s annual report and accounts over the summer.

Benford emphasised the importance of creating a data-driven culture at the Bank, including broadening existing skills and formalising data roles into the Professions model used in the Civil Service. One particular area of focus is the Transforming Data Collection initiative, which seeks to streamline the cost of data collection by banks. In the 2019 Future of Finance report such obligations were estimated to be in the region of £2-4.5bn, which demonstrates both the complexity of such an undertaking and the value of a new, simplified approach.

What management should consider

Management will need to be aware of Bank of England initiatives which have a direct impact on the way that they are regulated and/or supervised by the PRA, and therefore might require a response from a compliance perspective. For example, the ongoing Banking Data Review may result in material changes to expectation the PRA has on firm’s provision of regulatory returns. Prudential Compliance teams will also need to ensure they are aware of instances where a shift in supervisory data strategy by the PRA results in more, or less, focus on different risk drivers at their organisation.

Get in touch

If you would like to speak with a member of our team, please click the button below.

Contact us today