On 11 January 2024 the PRA published Dear CEO letters to UK Deposit Takers (UKDTs) and International banks and designated investment firms, setting out its supervisory priorities for the year ahead.
The PRA’s supervisory agenda includes a continued focus on ensuring firms have robust governance, risk management and controls, given the macroeconomic backdrop and changing environment firms are operating within.
Specific priorities include financial resilience, operational resilience, financial risks arising from climate change, data and regulatory reporting, and credit risk. For UKDTs, the PRA also highlights model risk and recovery and resolution.
Many of the PRA’s supervisory priorities remain consistent with previous years and should be read alongside any firm-specific supervisory communications. The PRA highlights a number of overarching themes however, including the need to consider novel risks that may arise from the use of new technologies. The PRA also notes that the changing and challenging external environment means that firms should view previously improbable events as possible going forward.
For international banks and designated investment firms in particular, the PRA notes its finding that firms still consider risk management in siloes without considering read-across to other businesses. The PRA will conduct cross-firm thematic reviews on a range of topics, and will coordinate with international regulatory authorities.
The following specific topics are identified as priorities for 2024:
Risk management and controls: Driving improvements in risk management capabilities in firms remains a key priority for the PRA. The regulator stresses the importance of Senior Manager Functions taking responsibility for embedding the right risk culture throughout organisations. Management of counterparty risk will remain a key focus for the PRA. More broadly the PRA will also seek assurance that risk management capabilities in firms are keeping pace with technological changes and that firms are considering the implications of issues such as artificial intelligence and distributed ledger technology.
Credit risk: The PRA underlines the importance of having robust credit risk management practices in place which are adaptable to changing conditions, and realising expected losses in a timely manner. The PRA will focus on higher-risk and vulnerable market segments, counterparty credit risk, and assessing how firms’ credit risk management practices have evolved.
Financial Resilience: Given the banking sector turmoil in 2023, the PRA states firms should reflect on their risk profiles, anticipate changes to depositor behaviour, and take into consideration forthcoming changes in bank funding and liquidity conditions.
The PRA will continue to assess firms’ individual capital and liquidity positions and expects firms to tailor their stress testing to their individual risks. The PRA reminds firms to plan for the upcoming implementation of the Basel 3.1 standards.
Operational resilience: With the deadline for full compliance with the PRA’s Operational Resilience requirements just over a year away, the PRA reminds firms to identify and remediate any vulnerabilities which could impact their ability to remain within impact tolerances for their important business services (IBS).
Any IT infrastructure transformations that are implemented in support of the provision of IBS need to be well managed. Changes arising from the renewal in 2024 of the Real-Time Gross Settlement (RTGS) service also need to be managed appropriately.
Model risk: The PRA’s model risk management principles come into effect in May 2024. For UKDTs, the PRA expects in-scope firms to prepare for implementation, including putting in place remediation plans where required. The PRA will engage with firms on this, as well as their existing internal model applications.
Data risk: In line with the PRA’s 2023 supervisory priority letter, data and regulatory reporting remains an area of concern. The PRA will continue to use Skilled Persons reports where appropriate, and reminds firms of the importance of data accuracy across all data types. The PRA is also continuing its reviews into the data it collects, and how it is collected.
Climate change risk: The PRA expects firms to make further progress in the development of their climate-related financial risk management capabilities. The PRA will begin work to update its expectations as set out in Supervisory Statement 3/19.
Resolution: For UKDTs, the PRA notes it will work with both the largest firms that are subject to the Resolvability Assessment Framework, and small and medium-sized firms, on their resolvability and recovery planning.
Prepare for scrutiny of risk management and governance controls.
Manage and implement change programmes effectively.
Invest in technology solutions to drive efficiencies in risk management and compliance capabilities.
The PRA’s supervisory agenda remains extremely busy, reflecting the range of risks the banking sector currently faces. Macroeconomic conditions and heightened geopolitical tensions mean the PRA is focused on firms’ capital and liquidity positions, risk management practices, and governance controls. Firms should be prepared for scrutiny in these areas, including via data and other information requests. The consistency between the PRA’s supervisory priorities in 2022, 2023 and 2024 means it will expect firms to be able to demonstrate progress in the priority areas, and be able to show that they have taken action to implement any previous feedback and PRA findings. In particular the PRA is likely to expect to see progress in developing further risk management capabilities across business and product lines. With the forthcoming implementation of the Basel 3.1 standards, and the closing deadline for full compliance with the Operational Resilience requirements, the PRA will expect firms to manage and implement any change programmes effectively. Continuing to invest in technology solutions will help firms to meet the PRA’s expectations around data and reporting, risk management including counterparty credit risk, and climate-related financial risks, among other things. |
“The events of 2023 show that firms can experience a sudden loss of customer, counterparty or market confidence, with damaging implications that can require regulatory intervention. Firms must remain vigilant ensuring they operate with an appropriate risk culture to promote safety and soundness.”
Firms should expect ongoing engagement from supervisory teams on the areas covered in the letter as well as specific feedback, including through the periodic summary meeting process.
Peter El Khoury
Head of Banking Prudential Regulation & FS Digital Partner, PwC United Kingdom
+44 (0)7872 005506