Banking – Q4 2023

Expect to see the focus turn to Basel 3.1 final rules for credit risk, Strong & Simple final rules for capital, Solvent Exit and Model Risk Management as we head towards the middle half of this year.

PRA Priorities Letter 2024

PRA Priorities Letters for 2024 covering domestic and international banks respectively were published in January. Common themes across both included financial resilience, operational resilience and data risk.

Financial resilience: Acknowledging the ongoing weakness of the UK economy and wider uncertainties associated with the global macroeconomic picture the PRA gives increased focus to financial resilience in this set of 2024 regulatory priorities letter. The PRA flags the fact that recent market events including the failure of Credit Suisse have brought the importance of managing credit and counterparty risk into focus for the regulatory authority. Both will be subject to increased scrutiny from the PRA in 2024. In addition to this, the failure of Silicon Valley Bank is also alluded to when highlighting the PRA’s requirement that firms ensure approaches to treasury management are robust and the interlinkages between capital and liquidity risk are sufficiently understood.

Operational resilience: The PRA reminds firms that March 2025 is the rapidly approaching date for firms to meet new operational resilience expectations relating to ‘impact tolerance’ and set out in Supervisory Statement 1/21. The PRA appears to be especially focused on firms undertaking major technology transformation programs or those that increasingly leverage third-party providers to provide them with back-office capabilities such as cloud computing.

Data risk: The PRA once again has reiterated the fact that firms must invest in their data management capabilities. The PRA has been vociferous about firms’ weaknesses in data management since their Dear CEO letter in 2021, and according to the PRA, these weaknesses continue to exist. Firms must establish clear data lineage and ensure that there is a functional control framework to preserve data integrity.

PS17/23 – Basel 3.1 Near-final rules part 1 policy statement

PS17/23 contains Basel 3.1 near-final policy materials for market risk, credit valuation adjustment (CVA) risk, counterparty credit risk and operational risk. Below we outline the key amendments, based on the relevant responses to CP16/22. The PRA has also released a comparison document detailing all changes between the draft rules set out in CP16/22 and near-final rules.

For further information on PS17/23 and all other aspects of Basel 3.1, please visit the our Basel 3.1 hub page.

PRA CP18/23 – Diversity and Inclusion (D&I)

CP18/23 promotes D&I in PRA-regulated firms in three ways: improvement of D&I for the board and senior management; increase in individuals’ ability to raise issues concerning firms’ business and risk profile; and increase in accountability at the firm and individual levels.

The proposals in this CP have different scopes of application, depending on firms’ business models, as follows:

• All Capital Requirements Regulation (CRR) and Solvency II firms to their establishment in the UK, including third-country branches.
  • Firm-wide D&I strategies: Requirement to produce and publish a firm-wide D&I strategy, including expectations on the role of risk and control functions to support it. The comprehensiveness of the policy should be commensurate with the size and complexity of the firm.
  • Individual accountability: Allocation of D&I responsibilities to the relevant SMF functions and detailing of responsibilities on their Statement of Responsibilities. SMFs would not be held accountable for failing to meet D&I targets but should be able to communicate their firm’s D&I strategy to the PRA.
  • Monitoring diversity and inclusion: Monitoring D&I internally to take the appropriate action as needed.
• All CRR and Solvency II firms concerning their establishment in the UK, excluding third-country branches.
  • Board governance: Requirement for firms to have a strategy promoting D&I on the board and publish this on their website. The PRA also highlights the importance of D&I considerations in board succession planning.
• Only those CRR and Solvency II firms (including third country branches) with 251 or more employees who are predominantly conducting activities from an establishment in the UK.
  • Targets: The requirement to set their own D&I targets across the board, senior leadership, and staff, at minimum for women and ethnicity if firms identify underrepresentation.
  • Regulatory reporting: The requirement to report D&I data alongside information on targets. The PRA and FCA will use this data for industry-wide benchmarking in relation to regulated firms.
  • Disclosure: Requirements for largest firms to disclose information on their targets, demographic diversity of the organisation and outcomes of their D&I surveys. 

PS16/23 – Remuneration: Enhancing Proportionality for Small Firms

PS16/23 was published in December 2023. It contains amendments to the PRA rulebook and the Remuneration supervisory statement. Several key changes have been implemented as part of this policy statement including the following:

• Amendments to the PRA rules that set out the definition of a ‘small CRR firm’ and ‘small third country CRR firm’ to bring these in line with the proposed Small Domestic Deposit Takers regime size threshold.
• PRA rules and references in SS2/17 to remove the application of the rules on malus, clawback, and buyouts to small firms.
• Introduction of the expectation that small firms report material changes in their remuneration structures to supervisors.
• References to proportionality on remuneration disclosures are now set out in the CRR.

The consultation proposals include amending the definition of a small firm in line with the PRA’s simpler regime size threshold and other selected criteria. Consequently, the revised small CRR firm threshold contains two conditions:

1. Average total assets at or under £4bn.
2. Average total assets over £bn and at or under £20bn (up from £13bn) and which meet certain other specified Simpler-regime criteria.

Firms also cannot be part of a group containing another firm that is subject to the remuneration rules and has average total assets exceeding £20bn (up from £13bn).

Firms which meet the amended definition of a small firm will no longer be required to comply with malus and clawback rules (which set out approaches to remuneration adjustment). In addition to the removal of Malus and Clawback smaller firms no longer have to comply with the rules about deferred bonus award buyouts when recruiting new employees.

CP26/23 – Operational Resilience: Critical Third Parties to the UK Financial Sector

In December 2023, the PRA, FCA and BoE published CP26/23 on ‘Operational Resilience and Critical Third Parties (CTPs)’. This consultation paper outlines the proposed requirements and expectations for CTPs. The BoE has performed ongoing monitoring of the potential systemic risks posed by CTPs and identified a growing concentration in the provision of third-party services to firms and FMIs as a key risk driver in the UK Financial System.

CP26/23 will be of particular interest to financial services entities that may gain CTP designation: The intended scope of the CTP regime will designate firms as CTPs where:

• They provide third-party services to authorised persons, relevant service providers and/or financial market infrastructure entities (‘FMIs’).
• The regulators assess that the failure in or disruption to the provision of their services to firms and FMIs could threaten the stability of or confidence in, the UK financial system.