Banking regulatory developments | KPMG | IE
Share with your friends

Banking regulatory developments

Banking regulatory developments

Developments and issues facing the banking industry.


Contact us


KPMG in Ireland


Also on

Basel 3 monitoring exercises

The Basel Committee and the EBA have published their latest monitoring of how banks are performing against the fully phased-in Basel 3 (or CRR/CRD4 in Europe) capital, leverage and liquidity standards, using data at end-June 2016:

All major banks now meet the minimum CET1 capital and leverage ratios, and the current minimum LCR. Disclosures by the main Irish banks confirm this trend. However, some banks still need to make further progress if they are to meet the forthcoming 100% minimum LCR (by 2019 under the Basel standard and by 2018 under EU rules) and NSFR requirements (by 2018). See table below.

The Basel Committee samples show very little change overall in the aggregate capital, leverage and liquidity ratios since end-December 2015. The EBA sample shows some further improvement since end-2015, but major European banks remain well behind major banks elsewhere in the world on the leverage ratio and the NSFR.

Major European banks have improved their capital and leverage ratios by both increasing their capital resources and reducing their RWAs, whereas major banks elsewhere have maintained or even increased their RWAs. Balance sheet shrinkage has been a feature for Irish banks for several years now.

Basel 4 may in due course reveal significant shortfalls that are not covered in the Basel and EBA exercises. Although, the impact on Irish banks is less as trading books do not feature as prominently as elsewhere. The monitoring exercises relate only to Basel 3. The minimum CET1 capital ratio covers only the 4.5% absolute minimum, the capital conservation buffer of 2.5%, and any G-SIB capital surcharge. It does not cover any D-SIB capital surcharge, other systemic risk buffer, macro-prudential buffer, or Pillar 2 or stress-testing add-ons. Nor does it cover the impact of RWA inflation (from the revised market risk framework and from the Basel Committee proposals on credit and operational risk and any “capital floor”). Similarly, the minimum leverage ratio is set at 3% (against tier 1 capital) and does not reflect any national super-equivalence (as in the US, UK, Netherlands and Switzerland).

The Basel Committee also reports on the progress made by G-SIBs in meeting the requirements for total loss absorbing capacity (TLAC). This shows that nine of the 25 G-SIBs would fail to meet the minimum requirements that will apply in 2019, with a combined shortfall of €131 billion. The largest individual shortfall is equivalent to 7.2% of the bank’s RWAs. 18 G-SIBs would not meet the higher requirements that will apply from 2022, with a combined shortfall of €318 billion (and a largest individual shortfall of 9.9% of RWAs).

Table: Main results of the Basel 3 monitoring exercises

  Basel Group 1 Of which Basel G-SIBs Shortfalls EBA Group 1 Shortfalls
Sample 100 large internationally active banks     44 internationally active banks with tier 1 capital in excess of EUR 3 billion  
CET1 capital ratio (%) 11.9 11.8 None. Lowest Group 1 bank at 8.1%; lowest G-SIB at 9.4%. 12.7 None

Leverage ratio (%)

5.6 5.6 None 4.6 None
LCR (%) 126 125

All banks in the sample meet the current minimum LCR requirement of 70% in 2016 (increasing to 100% in 2019).

Most (88%) banks already above 100% LCR.

Lowest Group 1 bank at 74%; lowest G-SIB at 107%


All banks meet LCR minimum of 70% in 2016 (increasing to 100% in 2018).

Two do not meet 100%.

Lowest at 94%

NSFR (%)

114 116

Most (84%) banks at or above the minimum NSFR of 100% (applicable from January 2018).

Lowest Group 1 bank at 84%; lowest G-SIB at 98%.


67% of banks at or above the minimum NSFR of 100% (applicable from January 2018).

Lowest at 79%.

Basel Group 1 Of which Basel G-SIBs Shortfalls EBA Group 1 Shortfalls
Sample 100 large internationally active banks     44 internationally active banks with tier 1 capital in excess of EUR 3 billion  
CET1 capital ratio (%) 11.9 11.8 None. Lowest Group 1 bank at 8.1%; lowest G-SIB at 9.4%. 12.7 None
Leverage ratio (%) 5.6 5.6 None 4.6 None
LCR (%) 126 125

All banks in the sample meet the current minimum LCR requirement of 70% in 2016 (increasing to 100% in 2019).

Most (88%) banks already above 100% LCR.

Lowest Group 1 bank at 74%; lowest G-SIB at 107%


All banks meet LCR minimum of 70% in 2016 (increasing to 100% in 2018).

Two do not meet 100%.

Lowest at 94%

NSFR (%) 114 116

Most (84%) banks at or above the minimum NSFR of 100% (applicable from January 2018).

Lowest Group 1 bank at 84%; lowest G-SIB at 98%.


67% of banks at or above the minimum NSFR of 100% (applicable from January 2018).

Lowest at 79%.

EBA review of banks’ recovery plans

The European Banking Authority (EBA) has published the results of a review of the recovery plans of 23 European banking groups, with the parent banks located in 12 EU countries.

The EBA findings provide a valuable checklist of good practice against which banks can assess their own recovery options. European banks are required to produce recovery plans under the Bank Recovery and Resolution Directive (BRRD). The EBA has been undertaking a series of reviews of aspects of these plans – the latest review focuses on recovery options. The BRRD requires recovery plans to contain sufficient plausible and viable recovery options which make it reasonably likely that the bank would be able to counter different scenarios of financial distress quickly and effectively.

The EBA found that all the recovery plans reviewed provided a reasonably good overview of recovery options, with the number of recovery options ranging from 8 to 52 across the sample of banks. The most frequently included recovery options were (i) disposal of subsidiaries, (ii) sale of assets/loan portfolios, (iii) liquidity improvement measures and (iv) capital raising. Based on this sample of recovery plans, the EBA’s main concerns on recovery options were:

Lack of detail

  • Recovery options were not sufficiently specific to allow a review of the feasibility of the options;
  • The governance, decision making and implementation procedures for each option were too general, so again the feasibility of each option was not clear; and
  • Many plans lacked sufficient detail to enable the feasibility of the option under each stress scenario to be assessed; and
  • Where recovery options were identified for subsidiaries they usually relied on a general assumption of parental capital or liquidity support.

Limited impact assessments

  • Although all the plans provided at least an estimation of the financial impact of the options with regard to capital and liquidity, only half estimated the impact on profitability and funding positions;
  • Valuation assumptions could be further improved;
  • The impact of the implementation of specific recovery options on critical functions, core business lines and IT systems was not always fully considered. For example, more than half of the recovery plans did not provide a comprehensive assessment of the likelihood of continued access to financial market infrastructure upon execution of recovery options; however
  • More than half of the recovery plans did take account of the combined effects of executing different recovery plan options in response to the same stress scenario.

Uncertain feasibility

  • Many banks referred to their past experiences of executing similar recovery options, although it was not always clear how banks had used these experiences to estimate execution timelines and valuation assumptions in their recovery plans;
  • All banks estimated timeframes for executing recovery options, but many did not provide sufficient explanation to enable an assessment of whether such timelines were realistic and conservative; and
  • The majority of banks identified potential risks and impediments to the execution of options and, to a lesser extent, outlined potential mitigating actions to remedy them. But many plans contained only a limited suite of preparatory measures and mitigating actions to facilitate the implementation of options.

Impact of revised market risk framework

The Basel Committee agreed a revised market risk framework in January 2016. This is due to be implemented from January 2019 (possibly later in the EU). The latest Basel Committee monitoring report (PDF 1.57 MB) on meeting Basel 3 requirements includes an analysis of the potential impact on banks of this framework.

The analysis shows that had the revised market risk framework been applied at end-June 2016 then G-SIBs would have faced a 76% (weighted average) increase in their minimum capital requirements for market risk. The positions of individual banks are widely dispersed, with the largest increase for a G-SIB being a 387% increase in market risk capital requirements, and the largest reduction for a G-SIB being 40%. The largest impacts arise from the revisions to the standardised approach to market risk.

Because, for most banks, the share of market risk within total risk-weighted exposures is relatively small (less than 10 percent), increases in market risk capital requirements have a relatively small impact on banks' overall capital requirements. This is the case for Irish institutions.The weighted average for G-SIBs is a 3.4% increase in total minimum capital requirements (percent, not percentage points, is equivalent to a 30 basis point reduction in CET1 capital ratios). The largest impact on any individual G-SIB is a 21.5% increase in total minimum capital requirements (equivalent to a 2 percentage point reduction in this bank’s CET1 capital ratio).

A different way of considering this overall impact on G-SIBs is that, before the (potential) impact of the revised market risk framework G-SIBs had (et end-June 2016) roughly €21 trillion of total risk-weighted exposures, €2.5 trillion of CET1 capital and a CET1 capital ratio of 11.8%. Market risk-weighted exposures accounted for around €1 trillion, so 5% of total risk-weighted exposures. A 76% increase in market risk exposure equates to an increase of around €0.76 trillion in market (and total) risk-weighted exposures, and a reduction in the G-SIBs average CET1 capital ratio from 11.8% to 11.5%.

The note suggests that the end-result may be a smaller increase in capital requirements, as (a) banks may be reporting on the basis of the standardised approach until they receive supervisory approval to use internal models for specific trading desks, and (b) banks are likely to change their overall trading book positions in response to the revised market risk framework (however, many banks have already scaled back their trading activity, so in that sense the impact has been greater than measured here).

The analysis also includes data for Group 1 (large internationally active banks, including G-SIBs) and Group 2 (smaller) banks. The results are broadly similar to those for G-SIBs. Not surprisingly, the impact on market risk capital requirements is larger for Group 2 banks (because they are more likely to be on the standardised approach) but this then translates into a smaller impact on overall capital requirements (because these banks tend to have less market risk relative to their overall risk exposures).

Risk Culture – a regulator’s view

A key to unlocking why things go wrong in financial institutions similar to all organisations is to understand the norms and the expectations within organisations as to what is normal. Over the past year, the Central Bank, along with other supervisory agencies worldwide, has been focusing on cultural awareness as part of its normal supervisory activity, including a consideration of an institution’s risk culture through continuous assessment meetings, risk management and governance reviews and inspections. Indeed, the Central Bank has recently conducted themed inspections examining “behaviour and culture” at local banks, along with actively inspecting banks’ compliance with the internal governance guidelines set out by the European Banking Authority in its GL44 paper.

“Culture” within an organization relates to its people, its performance, individual beliefs within the organization and its leadership. It encompasses risk culture which addresses the articulation, communication, measurement and management of risk. But it also separately takes into account conduct risk which seeks to identify and address risk in product design, sales practices and behaviour which may have an impact on customers.

There is a recognition now that culture is integral to everything. The financial crisis of recent years highlighted poor risk management practices and clear weaknesses in internal control structures, but it also highlighted deficiencies in many financial institutions’ attitudes towards risk. An assessment of risk culture is thus a core component of the cultural awareness agenda.

How do regulators assess risk culture?

Financial Stability Board (FSB)

The global regulatory body, FSB, was the first agency to draw attention to this topic. It defines risk culture as “an institution’s norms, attitudes and behaviours related to risk awareness, risk taking and risk management, or the institution’s risk culture.” The FSB articulate the view thatb risk culture shapes the values and beliefs which govern how individuals within an institution behave, how they perform their roles, how they take decisions, how they assess risk and do the ethical thing to ensure they operate in a safe and sound manner, and as such is bespoke to each organization.

From a supervisory perspective, the FSB’s Guidance on Supervisory Interaction with Financial Institutions on Risk Culture - A Framework for Assessing Risk Culture published in April 2014 is the main reference document. The FSB states that a sound risk culture will support appropriate risk awareness, behaviour and judgments about risk taking. The FSB does not define a target risk culture but rather gives regulators guidance on how to identify the risk culture within an institution.

The FSB indicates that a sound risk culture is one that:

  • has an appropriate risk/reward balance consistent with risk appetite when taking decisions
  • has an effective control environment
  • allows the quality of the risk models, data accuracy etc to be challenged
  • ensures all risk breaches are followed up with proportionate disciplinary actions

European Central Bank (ECB)

The idea of an appropriate risk culture in banks is also a theme with the ECB and its approach to this topic is hugely informed by the FSB’s framework paper. Risk culture features prominently in its document ‘SSM supervisory statement on governance and risk appetite’ published in June 2016, which states that expectations are that a strong risk appetite framework will help build a sound risk culture.

The ECB focuses on four main areas:

  • Board and senior management: acting with integrity should be promoted from the very top level of management, core values should be defined and the organisation should develop an openness to challenge as well as a consistent tone throughout the bank
  • Staff accountability: the bank must ensure staff are capable and it is clear who is individually accountable for their actions with respect to the bank’s risk profile. There must be clear delineation of roles and responsibilities for the control functions versus the business lines;
  • Communication: is the bank encouraging open communication and adequate challenge? This should be evidenced in board minutes. Is there evidence of adequate horizontal and vertical sharing of information? Do appropriate whistleblowing procedures exist without unfair reprisals on employees?
  • Remuneration and incentives: do annual performance reviews, remuneration and career paths reflect an appreciation and active promotion of the bank’s core values and risk culture?

Central Bank of Ireland

In June 2016, the Central Bank’s Head of Credit Institutions Supervision, Ed Sibley, referred to the cutting edge techniques of the Dutch regulator in assessing culture and indicated that the Central Bank , in its behaviour and culture inspections’ of banks, would be seeking answers in relation to;

  • What influence, positive or negative, do individual actions and group dynamics have on the financial performance, integrity and reputation of an institution? 
  • Which facilitating or restraining role does the institution’s prevailing culture play? 
  • Which measures are necessary to mitigate the risks related to human behaviour as much as possible?

In essence the risk culture allows regulators to assess the soft side of the risk management framework while the risk appetite framework provides the metrics and more quantitative evidence of the firm’s approach to risk taking. Regulators are trying to ensure that risk culture is a driver of the strategy and not the other way round.

What do financial institutions need to consider?

The problem facing financial institutions across the various sectors is that “culture” is a nebulous concept, not to mention a subjective one, far removed from concrete regulatory issues such as solvency, credit risk modeling and risk weightings.

Any culture is a mixture of formal and informal practices so the question arises, how can a financial institution embed a risk culture and how can it assure itself that its risk culture is adequate? Ultimately boards will need to embrace this concept and ensure that the correct tone from the top is set. Understanding supervisory expectations and turning this into concrete metrics or deliverables is the challenge. Risk and compliance functions, along with senior and middle management, will need to drive this agenda to ensure that it meets supervisory expectations and that the risk culture is deemed adequate and supportive with internal audit playing a role in continuous assessment.

Connect with us


Request for proposal