The UK and EU regulators have recently released new guidelines and reforms aimed at advancing prudential standards.
The Prudential Regulatory Authority released guidelines for Basel 3.1 and policy statements on Model Risk Management – as well as accompanying dear CEO letters - all focused on making capital reporting more consistent, aligned and risk sensitive. On the continent, the European Banking Authority, has introduced reforms to ensure European Banks comply with stricter prudential norms. These changes will require banks to make their capital reporting more consistent, aligned, and risk sensitive.
The implementation of these changes is complex, especially around model monitoring and associated governance. However, firms must start formulating an implementation plan now, as the deadline for Basel 3.1 submission is approaching in 2025.
To support firms with this, we have summarised the three most crucial areas firms should ensure to get their implementation right from the start. We have based these recommendations on our experience in implementing Internal Ratings Based (IRB) reforms with leading banks.
Model Monitoring and Data Management
First and foremost, firms must ensure that they have a robust model monitoring and data management framework in place.
- Model monitoring reforms will require firms to rebuild Probability of Default (PD), Exposure at Default (EAD), Loss Given Default (LGD) models. They will also need to align these models with the new default definition and updated application scores. Given the large volume of changes needed across various models, and the mandate to address several regulatory requirements, this is often a key challenge for firms to do consistently across the model estate. In our experience this can be best achieved by regular assessments of changes made throughout the implementation process and gradually build up, incorporating changes. In the UK, banks must be able to clearly evidence in each assessment that the developed models are consistent with SS11/.13 (PRA Expectations - IRB Approach), whilst also adhering the rules as laid out in [OJ(2] PS6/23 (Model Risk Management Principles for Banks).
- For data management the critical piece is Data lineage. The regulators have specified new requirements on data storage and the granularity of history requirements – something which firms have not captured previously. While there are many ways to put in place these requirements, the key challenge is doing so in the most robust way that meets the regulatory expectations from the outside. We recommend using CP6/22 (Model Risk Management Principles – Section 2) as the starting point when addressing these requirements rather than try to retro-fit the regulatory requirements onto another solution, where possible.
Governance Framework
Secondly, firms will need to ensure they have a sound governance framework as part of a successful IRB upgrade. With regulators increasing their emphasis on having an efficient governance system in place, it is often a challenge for firms to have a control framework that is fully synchronised with model outputs. A good starting point is for firms to focus on a simple committee structure and robust validation processes to ensure a consistent review of the models. This will enable they effectively check the impacts of the model rebuild and associated impacts on the stress testing outputs. The committee should also be led by the Chief Risk Officer or Chief Financial Officer, in alignment with PRA’s recent publication of SS 1/23 emphasising the role of Senior Management Function (SMF) holder.
Resource and Capacity Constraints
Thirdly, these regulatory changes are taking place against a backdrop of continuous resource and capacity constraints magnified by Brexit and the current market conditions. Firms are facing the continuous challenge of balancing cost against benefits in their regulatory implementations, knowing that saving costs now often comes back to bite in increased remediation costs. This is why many firms choose to seek utilise external support in their implementations, but even this faces the challenge of finding the right expertise at the right price and time. Nonetheless, our experience has often shown that taking a more robust approach at implementation tends to pay off with minimised remediation costs and/or regulatory challenge.
There are many challenges to the IRB upgrade, and it is clear there is no ‘One Size fits All’ solution. However, by introducing a thorough implementation plan that is consistent in its approach, and ensuring key stakeholders are fully aligned on the overall strategy will put firms in good stead to meet the deadlines from 2025 onwards.
