FRTB: independent validation of the new “Advanced Standardised Approach”

In a previous publication, we noted the ongoing challenges firms face with the new Advanced Standardised Approach (ASA). Many of our observations are still relevant and this paper will focus on a topical theme: the expanded role and responsibilities of Internal Audit (“IA”) functions and qualified third parties to independently validate the completeness and accuracy of the FRTB measurements under the ASA.

The elephant in the room: annual validation of the ASA

Whilst the specific approach between different regulators may vary, the direction of travel is clear - the new standardised approach for market risk will be subject to heightened regulatory scrutiny. Broadly, we note two separates approaches being considered:

• Some jurisdictions are proposing to mandate an annual independent validation of the ASA (either by an IA function or a third party) with a specific scope enshrined in the regulation. This is the case in the US¹ and the EU² based on current proposals. This means that the regulatory overheads to run and maintain the ASA will be much higher than in the legacy framework, with additional responsibilities for the third line of defence. Additionally, the outcome of such IA reviews may be made available to the national competent authority (upon request), including further supporting information which the regulator deems relevant; and
• Other jurisdictions (such as the UK) are not proposing to follow this formal approach. However, some may choose to use their existing supervisory powers to ensure firms’ compliance with the new requirements, rather than formally including additional validation requirements. For example, in the UK specifically, the PRA may choose to use a combination of Skilled Persons’ Reviews and attestations by Senior Management Functions (SMF)³ (previously limited to the internal model approaches) to assess the level of compliance across the industry. Additionally, we believe that the planned round of benchmarking for the ASA next year could be used to further inform the appropriate FRTB oversight regime.

The annual independent validation mandate (as set out in the EU and the US) significantly expands the scope of work typically carried out by IA functions or independent third parties with specialist knowledge and subject matter expertise in FRTB.

What does it mean for firms?

We envisage the following immediate priorities for firms:

1. Firms need to make a decision as to whether they will ask their IA function or an independent third party to perform the independent validation of the ASA. Further, we note the following:
   1. The use of an IA function will require a clear assessment of the impact of the ASA validation on IA’s resourcing (including the need to hire FRTB SMEs and other risk specialists) and the cost implications on IA budgets (given the expanded scope of work, and the relative premium that the FRTB specialism typically requires).
   2. The use of an independent third party could alleviate the above internal resourcing constraints and the market’s limited supply of FRTB SMEs. Additionally, such third parties could deploy their own calculators to independently validate and challenge the work of the first and second lines of defence.
2. Readiness for an ongoing annual validation starting 2025. In some jurisdictions, the scope of the IA reviews is prescribed in the proposed regulation and goes beyond that which was historically performed by firms (for example, the review of the accuracy of sensitivity computations underpinning the ASA calculations under the proposed EU regulation). Readiness plans should include a ‘year 0’ validation ahead of go-live to ensure prompt remediation of higher priority findings by 2025.
3. Ensuring compliance across all jurisdictions. As noted above, those jurisdictions that have not put forward formal IA reviews may choose to use their broader supervisory powers to ensure compliance with the FRTB requirements. In the UK, firms may undertake voluntary assurance procedures, asking third parties to provide management with an independent view ahead of possible regulatory reviews post go-live (e.g. Skilled Persons’ Reviews).

A proactive validation strategy, in parallel with the ongoing implementation of FRTB, will not only enhance firms’ readiness but also help firms navigate regulatory risks appropriately to ensure that any areas of non-compliance are adequately remediated or mitigated (as appropriate) before FRTB requirements come into force across key jurisdictions in 2025.

^{[1] See also the preamble (section C) and rule reference 203(e)(3) of the US Notice of Proposed Rulemaking.
[2] See also the proposed amendments to EU CRR Art. 325c as part of the EU’s Basel 3.1 implementation.
[3] For example, we noted that the PRA is proposing an annual SMF attestation as a requirement for the new standardised approach for CVA capital (SA-CVA) as set out in their draft amendments to their supervisory statement on counterparty credit risk (SS12/13) as part of CP16/22.}