Comments
Description
Transcript
P a g e 1
Page |1 International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next Dear Member, When an American is quite tired, he is very tired. But if a Brit tells you a restaurant is quite good, he means it is not very good, so you’d be wise to keep looking for a better one. When a Brit (Mervyn King, former governor of the Bank of England) explained what has happened during the financial crisis, he said: “I think the real problem was there was a shared intellectual view that things were going well.” “Now there were obvious imbalances, we knew the position was unsustainable, but it wasn't entirely obvious where it would come unstuck." When an American (Timothy F. Geithner, 75th United States Secretary of the Treasury, under President Barack Obama, from 2009 to 2013) explained what has happened during the financial crisis, he said: “You cannot enjoy the light without enduring the heat”, or _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |2 “Most Americans still believe we threw away billions or even trillions of their hard-earned dollars to bail out greedy banks. In fact, the financial system repaid all our assistance, and U.S. taxpayers have turned a profit from our crisis response, including our investments in all five of those financial bombs”. To enjoy the British way, you may listen to Mervyn King at BBC (http://www.bbc.co.uk/programmes/p02g27yx). To enjoy the American way, you must read the book from Timothy F. Geithner, “Stress Test: Reflections on Financial Crises”. Today we have a really interesting Regulatory Consistency Assessment Programme (RCAP), the Assessment of Basel III regulations in the United States of America. Overall, and given the planned adoption and implementation of some amendments described in this report that the US regulatory agencies agreed to take and proposed publically, the assessment team finds the risk-based capital requirements in the US to be largely compliant with the minimum standards agreed under the Basel framework. Two of the 13 Basel components are assessed as materially non-compliant: the securitisation framework and the Standardised Approach for market risk. Regarding the Standardised Approach for market risk, the assessment team found that “the US rules implement on a permanent basis a transitional rule in the Basel framework for securitisations in the trading book. This deviation has a material impact on the capital ratio of a few US core banks.” Oh, Basel Committee, do not worry, nothing is permanent! Heraclitus has said “there is nothing permanent except change”. So, the US rules implementing on a permanent basis a transitional rule, in fact implement on a transitional basis a transitional rule. It was a joke, wasn’t it? Of the available approaches for operational risk in the Basel framework (Basic Indicator Approach, Standardised Approach; Advanced _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |3 Measurement Approaches) the US agencies have implemented only the Advanced Measurement Approaches (AMA). For core banks that are in parallel run and report Basel I capital ratios, no explicit capital requirements for operational risk apply. In the view of the assessment team, this implementation differs from that in most other Basel Committee jurisdictions and may hamper the comparability of risk-based capital ratios across internationally active banks during the parallel run period. Read more at Number 1 below. Welcome to the Top 10 list. Best Regards, George Lekatis President of the IARCP General Manager, Compliance LLC 1200 G Street NW Suite 800, Washington DC 20005, USA Tel: (202) 449-9750 Email: [email protected] Web: www.risk-compliance-association.com HQ: 1220 N. Market Street Suite 804, Wilmington DE 19801, USA Tel: (302) 342-8828 _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |4 Basel Committee on Banking Supervision Regulatory Consistency Assessment Programme (RCAP), Assessment of Basel III regulations – United States of America The Basel Committee on Banking Supervision sets a high priority on the implementation of regulatory standards underpinning the Basel III framework. The prudential benefits of the agreed global reforms can fully accrue only if the Basel minimum requirements are incorporated into member jurisdictions’ regulatory frameworks and implemented appropriately and consistently. Non-financial corporations from emerging market economies and capital flows Stefan Avdjiev, Michael Chui and Hyun Song Shin Non-financial corporations from emerging market economies (EMEs) have increased their external borrowing significantly through the offshore issuance of debt securities. Having obtained funds abroad, the foreign affiliate of a non-financial corporation could transfer funds to its home country via three channels: it could lend directly to its headquarters (within-company flows), extend credit to unrelated companies (between-company flows) or make a cross-border deposit in a bank (corporate deposit flows). [Exposure Draft] Japan’s Corporate Governance Code Seeking Sustainable Corporate _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |5 Growth and Increased Corporate Value over the Mid- to Long-Term In this Corporate Governance Code, “corporate governance” means a structure for transparent, fair, timely and decisive decision-making by companies, with due attention to the needs and perspectives of shareholders and also customers, employees and local communities. This Corporate Governance Code establishes fundamental principles for effective corporate governance at listed companies in Japan. Public Service: An Obligation and Opportunity for Lawyers Chair Mary Jo White Association of American Law Schools Annual Meeting, Showcase Speaker Program, Washington D.C. “And the theme of this year’s annual meeting – “Legal Education at the Crossroads” – is an apt description of the critical juncture we are facing in 2015.” Cybersecurity: Enhancing Coordination to Protect the Financial Sector Written testimony of NPPD Deputy Under Secretary for Cybersecurity Dr. Phyllis Schneck for a Senate Committee on Banking, Housing, and Urban Affairs hearing “Chairman Johnson, Ranking member Crapo, and distinguished Members of the Committee, I am pleased to appear today to discuss the work of the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) to address persistent and emerging cyber threats to the U.S. homeland.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |6 Five Things to Know: The Administration's Priorities on Cybersecurity “America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.” - President Obama FINMA publishes revised circular on auditing The Swiss Financial Market Supervisory Authority FINMA has published its partially revised circular on auditing (FINMA-Circ. 2013/3). Following the transfer of supervision of audit firms from FINMA to the Federal Audit Oversight Authority (FAOA), adjustment of the legal basis was necessary. After the consultation in the third quarter, FINMA’s circular, “Auditing”, has thus been partially revised. It enters into force on 1 January 2015. Two years ago, both authorities decided to pool supervisory competences and to transfer the supervision of audit firms from FINMA to the FAOA. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |7 Bank business models Rungporn Roengpitya, Nikola Tarashev and Kostas Tsatsaronis “We identify three business models using balance sheet characteristics of 222 international banks and a data-driven procedure. We find that institutions engaging mainly in commercial banking activities have lower costs and more stable profits than those more heavily involved in capital market activities, mainly trading. We also find that retail banking has gained ground post-crisis, reversing a pre-crisis trend.” Monetary Policy Report, December 2014 “Deterioration of external conditions in September – early December 2014 presented a new challenge for the monetary policy. Decline in oil price continued against the backdrop of its excess demand in the world market and US dollar appreciation. Under the existing financial sanctions imposed on Russian companies the domestic foreign exchange market demonstrated growing demand for foreign currency.” This brought about a considerable depreciation of the ruble against major world currencies, the ruble’s volatility grew, depreciation and inflation expectations increased, and there was a significant rise in inflation risks and risks to financial stability. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |8 Financial Stability Report, December 2014 Opening Remarks by the Governor “Over the past 18 months, the FPC has been working systematically to address the most important risks to UK financial stability. These risks have principally been domestic. In 2013 we reinforced the capital position of major banks, encouraging them to raise £27bn of new capital. Alongside this, the FPC has developed the capital framework for UK banks. This year we have taken action to mitigate the biggest domestic risks, those related to housing. First, in June, we took steps to insure against a significant increase in the number of highly indebted households.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) Page |9 Basel Committee on Banking Supervision Regulatory Consistency Assessment Programme (RCAP), Assessment of Basel III regulations – United States of America Preface The Basel Committee on Banking Supervision sets a high priority on the implementation of regulatory standards underpinning the Basel III framework. The prudential benefits of the agreed global reforms can fully accrue only if the Basel minimum requirements are incorporated into member jurisdictions’ regulatory frameworks and implemented appropriately and consistently. In 2011, the Basel Committee established the Regulatory Consistency Assessment Programme (RCAP) to monitor, assess and evaluate its members’ implementation of the Basel framework. This report presents the findings of the RCAP assessment team on the domestic adoption of the Basel risk-based capital standards in the United States and those standards’ consistency with the Basel III framework. The assessment focuses on the adoption of Basel standards applied to the large internationally active US banks, ie the “core banks” of the US banking system. As a sequel to the 2007–08 global financial crisis, US regulatory agencies have undertaken several noteworthy initiatives designed to strengthen the prudential framework relating to bank capital. The agencies issued the final rule on Basel III risk-based capital in July 2013 and brought it into force on 1 January 2014. A significant number of new rules and policies have also been put in place as a result of the Dodd-Frank Wall Street Reform and Consumer Protection Act. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 10 Given the structural features of the US banking system, including the presence of several large globally and systemically important banks, these are important steps towards ensuring financial stability. The RCAP assessment team was led by Mark Branson, CEO of the Swiss Financial Market Supervisory Authority (FINMA). Michael Schoch, Head of Banking Supervision Department of FINMA, acted as deputy team leader. The assessment team consisted of seven technical experts drawn from China, the European Commission, Germany, Italy, Japan, Sweden and the United Kingdom. The main US counterpart for the assessment was the Federal Reserve Board (FRB). The Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) were also engaged in the assessment process. The overall work was coordinated by the Basel Committee Secretariat with support from FINMA staff. The assessment relied upon the data, information and materiality computations provided by the US agencies. The report’s findings are based primarily on an understanding of the current processes in the United States as explained by the counterpart staff and the expert view of the assessment team on the documents and data reviewed. The assessment began in January 2014 and used data available up to 11 July 2014. It consisted of three phases: (i) completion of an RCAP questionnaire (a self-assessment) by the US agencies (September 2013 to January 2014); (ii) an off- and on-site assessment phase (February to June 2014); and (iii) a post-assessment review phase (June to mid-November 2014). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 11 The off-and on-site phases included two on-site visits for discussions with the US counterparts and representatives of two US global systemically important banks (G-SIBs). These exchanges gave the assessment team a deeper understanding of the implementation of the Basel risk-based capital standards in the United States. The third phase consisted of a two-stage technical review of the assessment findings: first by a separate RCAP review team and feedback from the Basel Committee’s Supervision and Implementation Group; and secondly, by the RCAP Peer Review Board and the Basel Committee. This two-step review is a key instrument of the RCAP process to provide quality control and ensure integrity of the assessment findings. The focus of the assessment was limited to the consistency and completeness of the domestic regulations in the United States with the Basel minimum requirements. Issues relating to the integrity of prudential outcomes, capital levels of individual banks, the adequacy of loan classification practices or the US authorities’ supervisory effectiveness were not in the scope of this RCAP assessment exercise. Where domestic regulations and provisions were identified as not conforming with the Basel framework, those deviations were evaluated for their current and potential impact (or negligible impact) on the reported capital ratios for a sample of internationally active US banks. The assessment also identified some areas where follow-up actions could be taken. This report has three sections and a set of annexes: (i) an executive summary with the statement from the US agencies on the material findings; (ii) the context, scope and methodology, and the main set of assessment findings; and (iii) details of the deviations and their materiality along with other assessment-related observations. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 12 The RCAP assessment team is grateful for the professional cooperation it received from all the US counterparts throughout the assessment process. In particular, the team sincerely thanks Michael Gibson, Art Lindo and the staff of the FRB for playing an instrumental role in coordinating the RCAP exercise. The assessment team would also like to thank the staff of the FDIC and the OCC involved with the RCAP assessment work. The series of comprehensive briefings and clarifications provided by the US counterparts helped the RCAP experts to arrive at their opinions. The team hopes that this RCAP assessment exercise will add to the good initiatives that have already been undertaken by the US agencies and help to further strengthen the prudential effectiveness and full implementation of the various post-crisis reform measures in the US. Executive summary The US agencies’ new framework for bank risk-based capital requirements came into force on 1 January 2014 via the US final rule. This marked a significant post-crisis strengthening of the US capital regime. Many other initiatives are being developed or are in the early stages of implementation. While the US has implemented a single comprehensive capital framework, different elements of the US risk-based final rule on capital apply to different banking organisations based on their size and international activity. As a general principle, the Basel standards designed for “internationally active” banks have been adopted in the US using the concept of “core banks”, which are required to adopt the advanced Basel approaches. Overall, and given the planned adoption and implementation of some amendments described in this report that the US regulatory agencies agreed to take and proposed publically, the assessment team finds the risk-based capital requirements in the US to be largely compliant with the minimum standards agreed under the Basel framework. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 13 The significance of the reforms undertaken in the US in recent years – some of which are still under way – is evidenced by the assessment team’s view that 11 out of 13 components of the US capital framework comply or largely comply with the Basel framework. These components include scope of application and transitional arrangements, definition of capital, credit risk, operational risk, and Pillar 2 and 3 requirements relevant for consistent implementation. The assessment team notes the US authorities’ continuing efforts to further strengthen and align the capital rules to the Basel III framework. Likewise, in several areas, the team noted a super-equivalent implementation of the Basel framework. These are detailed in the report but, in accordance with the RCAP assessment methodology approved by the Basel Committee, aspects where US requirements are stricter than the Basel standards were not taken into account in evaluating consistency and in assigning assessment grades. While the team regards the US rules to be largely compliant overall, material deviations were identified in a number of areas. Two of the 13 Basel components are assessed as materially non-compliant: the securitisation framework and the Standardised Approach for market risk. Regarding the securitisation framework, a number of divergences were identified that for some US core banks lead to materially lower securitisation RWA outcomes than the Basel standard. These differences are mainly related to the prohibition on the use of ratings in the US rules. Pursuant to the Dodd-Frank Act, the US rules cannot include provisions related to the Basel framework’s Ratings-Based Approach (RBA) for securitisations, so the rules provide alternative treatments. The US agencies note that their alternative approaches are, on average, more conservative than the Basel standards, and are consistent with the G20 objectives of reducing mechanistic reliance on external credit ratings. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 14 The assessment team notes that while the securitisation framework represents a deviation at present, the Basel Committee is reviewing it and is likely to approve a framework that should potentially mitigate this deviation. The team acknowledges the US agencies’ agreement to expeditiously consider an amendment to the US securitisation rules once the Basel Committee issues the revised securitisation framework. The assessment team welcomes this agreement and recommends a follow-up assessment once the US rules have been updated. Regarding the Standardised Approach for market risk, the assessment team found that the US rules implement on a permanent basis a transitional rule in the Basel framework for securitisations in the trading book. This deviation has a material impact on the capital ratio of a few US core banks. The US agencies indicated that the rule was kept beyond the expiry date, because of the Basel Committee’s fundamental review of the trading book regime. The US agencies agreed to consider changes to the US market risk framework as expeditiously as possible once the BCBS’s fundamental review of the trading book is complete. For other Basel components, a number of potentially material deviations have been identified, including for the US implementation of the Internal Ratings-Based (IRB) approach for credit risk. This is due in part to reliance on measurement concepts of US GAAP beyond what is consistent with Basel standards. Also, the US regulatory approach relies substantially on US supervisory processes rather than explicitly incorporating all of the detailed Basel minimum requirements in the formal corpus of regulatory instruments. As a consequence, in several cases the US rules do not incorporate the specific Basel minimum requirements, in particular for the IRB approach, where the Basel framework explicitly requires demonstration that these minimum requirements have been met. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 15 After the assessment was completed, the US agencies publically proposed amendments to the final rule which address a number of missing minimum requirements for the IRB framework. The amendments to the final rule are likely to be finalised in the second quarter of 2015. The US agencies also plan to publish complementary supervisory examination “work programmes” for banks that detail additional clarifications that are not included in the final rule. These additional regulatory initiatives considerably improved the level of compliance with the Basel IRB minimum standards. In their absence, the assessment of the IRB component would have led to a more conservative result. The assessment also pointed out some deviations across other aspects of the Basel framework. Most notably, a number of US core banks, including one G-SIB, are still in so-called “parallel run” and therefore report capital ratios that do not include a separate capital charge for operational risk and credit valuation adjustment (CVA). The parallel run is a period during which a bank must show to the satisfaction of its supervisor that it can comply with the relevant standards of the advanced approaches, while the advanced approaches are not yet the basis for determining the capital requirements. While the assessment team acknowledges that the Basel framework does not explicitly prescribe the parallel run approach and that approval to report under an advanced approach following the parallel run should not be given lightly, it considers that the US approach leads to a protracted period of time during which the capital ratio of some large internationally active US banks is not comparable with those of banks in other jurisdictions. The team listed a few issues for further guidance from the Basel Committee, including with regard to the definition of capital and the treatment of instruments issued under foreign law. Also, with regard to credit risk, a difference of views emerged on the Basel treatment of fair value assets under the IRB approach. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 16 The team would like to ask the Basel Committee to clarify its interpretation of these issues. Looking ahead, the assessment team recommends that the Basel Committee reassess the grading of the US securitisation approach and – to the extent impacted – the overall assessment grading once the US agencies have revised their requirements to meet the new securitisation framework that the Basel Committee adopts. The team also suggests that the US agencies periodically review the impact of some of the deviations pointed out in the report as part of the Basel Committee’s post-RCAP annual follow-up. Such a follow-up process would review progress made and steps taken to further improve consistency in the implementation of the Basel framework in the US and to ensure that deviations that are currently not material and not rectified do not grow in prudential significance. Further, the assessment team suggests that the IRB requirements be followed up through the post-RCAP follow-up or when another RCAP assessment is undertaken to ensure that they do not assume materiality. Further, the assessment team suggests that the IRB requirements are followed up through the post RCAP follow–up – or when another RCAP assessment is undertaken – to ensure that they do not assume materiality. Response from United States The US banking agencies welcome the opportunity to respond to the Basel Committee on the report’s findings concerning the US implementation of the Basel framework as well as to express our sincere thanks to Mr Mark Branson, Mr Michael Schoch and the Assessment Team for their professionalism and integrity throughout this process. We strongly support the implementation of a globally consistent Basel framework in which member jurisdictions adhere to standards as strong, or stronger than the agreed minimum requirements. In an effort to further promote the Basel framework’s international implementation as well as to clarify existing US standards, the US agencies have published on 18 November 2014 a proposed rule that would revise elements of the US IRB approach. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 17 In addition, the US agencies plan to publish supervisory examination work programmes for banks that clarify supervisory expectations with regard to the implementation of the US IRB approach. The US agencies concur with the report’s overall rating of largely compliant as well as each of the subcomponent ratings of compliant and largely compliant. These findings indicate that, in the view of the Basel Committee, all provisions of the Basel framework have been satisfied with regard to compliant ratings, or only minor provisions have not been satisfied with regard to the largely compliant ratings. The overall largely compliant rating also confirms that there are no differences that could materially impact financial stability or the international level playing field. The US agencies accept, but do not fully agree with, the report’s finding concerning the US securitisation framework, which is primarily the result of a US statutory prohibition against any reliance on external ratings in US banking regulations. While this prohibition results in a deviation from the Basel framework, the agencies note that, on average, the US Simplified Supervisory Formula Approach (SSFA) results in a higher capital requirement for US firms than under the Basel RBA. The assessment team noted the: (1) Basel securitisation treatment is currently being revised to implement an approach similar to the US SSFA and (2) US SSFA is consistent with the Financial Stability Board’s (FSB) stated directive of eliminating mechanistic reliance on credit ratings. However, these factors were not taken into account in the subcomponent rating. Similarly, the US agencies do not fully agree with the finding regarding the US market risk framework. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 18 The Basel Committee has been working to significantly revise the market risk framework and the work was expected to be completed prior to the US assessment. The US agencies relied on the Basel Committee to complete its review and revise the framework in a timely manner, which was the primary basis for the US agencies retention of the transitional provisions. Overall, the US agencies believe assessments of this type promote the level playing field among Basel member jurisdictions and improve transparency. Moreover, they can reveal areas where there are opportunities for improvement in national regulations. We recognise that Basel member jurisdictions are sometimes unable to implement Basel Committee standards to the letter, but we believe it is, nonetheless, important for all member jurisdictions to strive to achieve outcomes that are consistent with, or super-equivalent to, the substance of the Basel framework. The assessment shows that the US agencies have achieved a robust application of the Basel framework in the United States. 1 Context, scope and main assessment findings 1.1 Context Status of implementation In July 2013, the Federal Reserve System (Federal Reserve) and the Office of the Comptroller of the Currency (OCC) issued final rules to implement in the United States the Basel III risk-based capital regulatory reforms and certain changes required by the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). The Federal Deposit Insurance Corporation (FDIC) issued a comparable interim final rule in July 2013 and finalised that rule in April 2014. The US agencies have generally chosen to implement the advanced approaches of the Basel framework only for their “core banks”. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 19 Currently, there are 15 core banks, ie banks that exceed the threshold of USD 250 billion in total assets or USD 10 billion in on-balance sheet foreign exposures. Eight of the 15 core banks have been designated as global systemically important banks (G-SIBs). The core banks account for approximately 75% of US banking assets and nearly all of US banks’ foreign exposures. These banks are required to implement the Basel advanced approaches. Non-core banks can “opt in” to adopt the Basel advanced approaches. The core banks are required to work towards implementation of the Basel advanced approaches and become subject to them after they receive approval from the US agencies. On 21 February 2014, eight core banks received permission to use the advanced Basel approaches in the calculation of their capital requirements. Until 1 January 2015, the remaining seven core banks continue to base their capital requirements on the Basel I approach while they await approval. Basel I uses a small number of prescribed risk weights to compute risk-weighted assets. All US banks adopting the advanced approaches are subject to a permanent capital floor using 100% of risk-weighted assets. The floor is currently based on the US general risk-based capital rules, which are based on Basel I standards (including the Basel III definition of capital). From 1 January 2015, the floor will be 100% of risk-weighted assets based on the new US standardised approach for credit risk, which is more in line with the Basel standardised approach. However, the US standardised approach excludes a capital charge for operational risk and CVA. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 20 Regulatory system and model of supervision The United States operates under a dual banking system in which a bank may choose to be chartered by the federal government or by a state. Banks chartered at the state level are subject to supervision by both federal and state supervisors. Every US bank is subject to regulation, supervision and examination by a primary federal banking supervisor: • for national banks and federal savings banks: the OCC • for state banks that choose to be members of the Federal Reserve System (state member banks) and bank holding companies: the Federal Reserve • for state banks that choose not to become members of the Federal Reserve System (non-member banks): the FDIC 1.2 Structure, enforceability and binding nature of prudential regulations The US federal banking agencies have the authority to regulate and supervise banks and bank holding companies subject to their jurisdiction. The hierarchy of prudential regulation in the United States is as follows: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 21 (i) Federal statutes and legislative mandates, authorising the federal banking agencies to establish minimum capital requirements, capital adequacy standards (both for risk-based and leverage capital requirements), and safety and soundness standards. (ii) Regulations and reporting requirements that set out the capital adequacy rules and safety and soundness requirements issued by the federal banking agencies. (iii) Policy statements, interpretations, supervisory guidance and manuals that address significant prudential policy and procedural matters. The agencies also use supervisory examination work programmes to help ensure that examiner assessments are consistently developed. These programmes provide more specific direction on how the standards and principles set forth in regulations, regulatory preambles or public guidance should be implemented. Certain Basel principles and requirements are therefore articulated in these work programmes because they are considered more appropriately reviewed and enforced during the examination process by the federal banking agencies. These documents are generally not public, but are often shared with banking organisations in order to make firms aware of supervisory expectations and to assist them in complying with the minimum regulatory requirements. The assessment team examined the binding nature of the various regulatory documents issued by US agencies using the criteria applied in RCAP assessments. As a general principle, RCAP assessments only take into consideration documents that implement the Basel framework and set the Basel standards out in a manner that provides a formal basis for regulators, banks and associated third parties to ensure compliance with the minimum requirements. This also helps promote a level playing field and a consistent approach across Basel Committee members. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 22 Based on the assessment of these criteria, the assessment team concluded that the regulatory documents mentioned above, other than the work programmes, are eligible for the purpose of this assessment. 1.3 Scope of the assessment Scope The assessment team has considered all documents that effectively implement the risk-based Basel capital framework in the United States as of end-November 2014. This includes the notice of proposed rulemaking rectifying some of the assessment findings issued by US agencies on 18 November 2014. The assessment focused on two dimensions: • a comparison of domestic regulations with the capital standards under the Basel framework to ascertain that all the required provisions have been adopted (completeness of the US domestic regulation); and • differences in substance between the domestic regulations and the capital standards under the Basel framework and their significance (consistency of the US regulation). Importantly, the assessment did not evaluate the adequacy of capital or resilience of the banking system in the United States, or the US agencies’ supervisory effectiveness. Identified deviations were assessed for their materiality (current and potential, or having an insignificant impact) using both quantitative and qualitative information. For potential materiality, in addition to the available data, the assessment used expert judgement on whether the domestic regulations met the Basel framework in letter and spirit. Bank coverage For the assessment of materiality of identified deviations, the US agencies provided data and materiality computations covering the 15 US core banks on a best efforts basis, and focusing on those banks for which the identified deviations are most relevant. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 23 The team assessed that these banks cover more than 95% of total foreign exposures and deposits held by US banks (Annex 8). Assessment grading and methodology As per the RCAP methodology approved by the Basel Committee, the outcome of the assessment was summarised using a four-grade scale, both at the level of each of the 14 key components of the Basel framework and as an overall assessment of compliance: compliant, largely compliant, materially non-compliant or non-compliant. The materiality of the deviations was assessed in terms of their current or, where applicable, potential future impact (or negligible impact) on the banks’ capital ratios. The quantification was, however, limited to the agreed population of internationally active banks. Wherever relevant and feasible, the assessment team, together with the US authorities, attempted to quantify the impact based on data collected from US banks in the agreed sample of banks. The non-quantifiable aspects of identified deviations were discussed and reviewed in the context of the prevailing regulatory practices and processes with the US authorities. Ultimately, the assignment of the assessment grades was guided by the assessment team’s collective expert judgement. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 24 In assigning grades, the assessment team relied on the general principle that the burden of proof rests with the assessed jurisdiction to show that a finding is not material or not potentially material. In a number of areas, the US rules go beyond the minimum Basel standards. Although these elements provide for a more rigorous implementation of the Basel framework in some respects, they have not been taken into account for the assessment of compliance under the RCAP methodology as per the agreed assessment methodology. 1.4 Main findings The US agencies have made – and continue to make – significant progress in introducing strengthened requirements that apply to their large, internationally active banks. Overall, the US requirements largely meet the Basel minimum standards. That said, the assessment team identified some material departures from the Basel framework as well as many other deviations that are minor in terms of materiality. Of the 13 components assessed, two are graded as materially non-compliant, namely the securitisation framework and the Standardised Approach for market risk. Four components are graded as largely compliant, and seven components as compliant. One component was not applicable to the US (see details and other assessment observations in Section 2). In determining the overall grade, the assessment team also took account of the follow-up actions and agreements made by the US agencies to further harmonise the US rules with the Basel standards. In particular, the US agencies have undertaken a comprehensive response that will help increase consistency of implementation with the Basel IRB standards. The clarification of a number of IRB minimum requirements in the US rules text will help make explicit several aspects that are being implemented through non-public supervisory work programmes. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 25 The publication of two key supervisory work programmes in the first half of 2015 will be another meaningful step towards improving the transparency and predictability of US IRB requirements. The proposed rules text amendments – which are public – have the agreement of the US agencies and are expected to become effective shortly after the agencies complete their due process requirements in 2015. Based on these – and given the nature of the deviations – the team has taken a view that the US IRB framework is “largely compliant.” In the absence of the steps taken by the US agencies which will come on stream during 2015, the assessment team would have taken a more conservative position. The team has identified the IRB requirements for follow-up by the RCAP. Further, the agencies agreed to consider changes as soon as possible to the US securitisation framework upon finalisation of the new standard by the Basel Committee. The assessment team used both quantitative impact data and expert judgement to derive the assessment grades. Based on data received from US regulatory agencies, material deviations were identified regarding the securitisation framework and market risk Standardised Approach. The impact is mainly driven by findings related to the approaches US agencies have introduced as alternatives to the use of external credit ratings (see below) and the permanent use of a transitional arrangement for securitisation positions in the trading book. In addition, a number of potentially material deviations have been identified with regard to the definition of capital and the US agencies’ adoption of the IRB standards. A considerable number of non-quantifiable deviations have also been identified which, taken together, are considered to render a potentially material impact on the calculation of capital ratios by US core banks. The main findings are summarised below. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 26 These should be read along with the list of detailed findings and observations in Section 2. The gaps rectified during the assessment process are listed in Annex 6. 14 Regulatory Consistency Assessment Programme – United States Main findings by component Scope of application The Basel standards have been designed for “internationally active” banks. However, the term “internationally active” is not specifically defined in the Basel text, leaving its implementation to the discretion of national authorities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 27 In the United States, the agencies require “core banks” (as described above) to adopt the advanced Basel standards. Other banks may request to adopt the Basel advanced approaches (such banks are referred to as “opt-in banks”). All banks in the United States remain subject to the general US risk-based capital rules. The definition of core banks includes: First, any depository institution (DI) meeting either of the following two criteria: (i) consolidated total assets of USD 250 billion or more; or (ii) consolidated total on-balance sheet foreign exposure of USD 10 billion or more. Second, any US-chartered bank holding company (BHC) meeting any of the following three criteria: (i) consolidated total assets (excluding assets held by an insurance underwriting subsidiary) of USD 250 billion or more; (ii) consolidated total on-balance sheet foreign exposure of USD 10 billion or more; or (iii) having a subsidiary DI that is a core bank or opt-in bank. Finally, any DI that is a subsidiary of a core or opt-in bank holding company is also considered a core bank. According to information provided by the US regulatory agencies, the banking organisations subject to Basel standards account for nearly all of the international exposures held by US banking organisations. This holds for foreign exposures, foreign deposits, foreign liabilities, number of foreign offices and assets under management held in foreign offices. Therefore, the team considers the US scope of application of Basel standards to be compliant with the Basel Committee’s intended scope of application. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 28 Transitional arrangements The Basel framework prescribes a capital floor based on 80% of the Basel I approach for banks that apply the advanced approaches for calculating capital requirements for credit risk (IRB) and operational risk (AMA). The US core banks that have exited parallel run are required to calculate a floor based on 100% of the new US standardised approach. The US agencies have explained that for a typical US bank the US floor will be at least as conservative as the Basel I floor. While it cannot be excluded that under extraordinary circumstances the US floor may be less conservative than the Basel floor, taking into account the enhanced quality and volume of regulatory capital of Basel III relative to Basel I as well as the improved general conservatism of the calculation of RWA, the assessment team agrees with the US regulatory agencies that this is unlikely to happen in practice. The team also notes that Basel II paragraph 49 states that “supervisors should have the flexibility to develop appropriate bank-by-bank floors that are consistent with the principles outlined in this paragraph.” The US rules are assessed as compliant with the overall Basel III transitional arrangements. Definition of capital A key element of Basel III was the set of changes made to the standards that define the eligible components of regulatory capital. While a number of deviations are identified in the context of definition of capital, the data provided by US agencies suggest a relatively limited impact on the capital ratios. Overall, the US rules on the definition of capital are assessed as largely compliant with the Basel framework. (i) Treatment of defined benefit pension fund assets The Basel framework allows banks to risk-weight defined benefit pension fund assets when banks have unrestricted and unfettered access to these assets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 29 Otherwise, the assets need to be deducted from Common Equity Tier 1 (CET1) capital. The US rule implements this requirement consistently, with one exception. The US rule allows FDIC-insured banks to risk-weight these assets and not deduct them from CET1 capital, without the condition of unrestricted and unfettered access. The US agencies explained that the FDIC has unrestricted and unfettered access to such assets in the event of a resolution of an insured depository institution, and that this ensures that the assets are available for the protection of depositors and other creditors of a bank (as per Basel III para 77). The team considers that the US treatment does not necessarily prevent FDIC-insured banks from including defined benefit pension fund assets in CET1 capital to which the bank would not have unrestricted and unfettered access. The US agencies clarified that bank holding companies are not FDIC-insured entities and therefore cannot make use of this exemption. The US agencies further explained that all internationally active core banks are part of bank holding companies, and that the vast majority of the pension fund assets are held at the holding company level and are fully deducted. As bank holding companies represent the highest level of consolidation for US core banks, the team considers the impact of the finding to be limited. The assessment team therefore considers the deviation as not material at present, but listed the finding for future follow-up assessments (Annex 12). (ii) Treatment of deferred tax assets The Basel standards require deduction of deferred tax assets (DTAs) that rely on the future profitability of banks. However, DTAs that result from temporary differences may be subject to threshold deductions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 30 The US rules do not explicitly require the deduction of DTAs that rely on future profitability, but allow risk weighting (100%) of DTAs that result from temporary differences and that could be realised through net operating loss carrybacks. The US agencies explained that these DTAs do not rely on the future profitability of banks but rather on past profitability. The US agencies further clarified that the amount of these DTAs does not exceed the amount of taxes previously paid that could be recovered through net operating loss carrybacks. The assessment team agrees that such DTAs do not depend on future profitability. The assessment team notes that the Basel standards do not explicitly describe the treatment of DTAs arising from timing differences that the bank could realise through net operating loss carrybacks. The team also notes that the Basel Committee is considering further clarification on this point, which it agrees is needed to avoid the risk of inconsistent treatment across jurisdictions of the term “rely on the future profitability of the bank to be realised”. (iii) Definition of general provisions Basel III carries forward the Basel II treatment that permits the inclusion of “general provisions/general loan-loss reserves” in Tier 2 (up to a limit) for banks on the standardised approach for credit risk. However, it clarifies that they should not be included where they have been created “in respect of an identified deterioration in the value of any asset or group of subsets of assets” (Basel II para 49(vii)), noting that in such cases “they are not freely available to meet unidentified losses which may subsequently arise elsewhere in the portfolio and do not possess an essential characteristic of capital.” Under the US standardised approach, banks are permitted to include allowances for loan and lease losses (ALLL) in Tier 2 (subject to limits that are consistent with Basel standards). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 31 According to the preamble of the US rules, ALLL are intended to cover “estimated, incurred losses as of the balance sheet date, rather than unexpected losses”. The US agencies have further clarified that loans that are determined to be impaired (ie where it is probable that the creditor will be unable to collect all amounts due) are required to be charged off (ie deducted from the allowance). In most cases, the lag between the recognition of impairment and the associated charge-off will not be more than 90 days. The US agencies also indicated that the entire ALLL are freely available to cover charge-offs on loans and leases regardless of where they fall in banks’ portfolios. Although the ALLL are intended to cover charge-offs of losses that were estimated to have been incurred as of the balance sheet date, the ALLL are available to cover charge-offs of credit losses on loan and lease losses that were previously unidentified (ie unexpected); however, if charge-offs of previously unidentified losses result in an inappropriately low ALLL level, banks are expected to replenish their ALLL to appropriate levels through provisioning. The team considers that the US rules do not explicitly prohibit inclusion of allowances in Tier 2 capital where they cover an identified deterioration of particular assets or known liabilities, whether individual or grouped. While data suggest that for a number of US core banks ALLL form a substantial part of Tier 2 capital, the assessment team considers that under the US rules, loans that are considered impaired are required to be charged off without a significant lag, which ensures that ALLL are substantially available to cover unexpected losses. While a timing difference between impairment and charge-off could potentially have a material effect on Tier 2 and the total capital ratio for banks that are in parallel run (which is based on the US standardised approach), as well as on the capital floor for US banks that have exited parallel run, the team judges the deviation as unlikely to be material. (iv) Treatment of insurance subsidiaries _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 32 The Basel standards permit banks to consolidate significant investments in insurance entities as an alternative to the deduction approach on the condition that the method of consolidation results in a minimum capital standard that is at least as conservative as that which would apply under the deduction approach. The consolidation is for regulatory, and not for accounting, purposes. This treatment has been specified in the Basel III definition of capital FAQs. The US agencies’ capital treatment of significant investments in unconsolidated insurance subsidiaries of bank holding companies is consistent with the Basel approach, as these investments are required to be deducted. However, for insurance subsidiaries that are consolidated for accounting purposes the US approach is to risk weight the insurance entity’s assets and liabilities and deduct its minimum capital requirement. The US agencies’ treatment does not require that the outcome be at least as conservative as the Basel deduction approach. The US agencies take the view that the Basel treatment for insurance subsidiaries does not apply in the case where an insurance subsidiary is consolidated for accounting purposes. However, the assessment team holds the view that the Basel treatment applies to “fully owned insurance subsidiaries that are consolidated for regulatory capital purposes”. The data provided by the US agencies show that investments in insurance subsidiaries are generally not material for the 10 largest US bank holding companies (eg the weighted average of the net assets of insurance subsidiaries accounted for less than 0.3% of the parents’ RWA). The team considers that the deviation could become potentially material were a US core bank to acquire a large insurance company, as has happened in the past. (v) Implementation of point of non-viability criterion _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 33 The Basel standards require a contractual principal loss absorption mechanism for all non-common Tier 1 (AT1) and Tier 2 instruments, unless the governing jurisdiction of the bank has in place laws that (i) require such Tier 1 and Tier 2 instruments to be written off upon such event; or (ii) otherwise require such instruments to fully absorb losses before taxpayers are exposed to loss. In addition, the Basel Committee has clarified that the relevant authority must have the power to trigger writedown/conversion of the instrument issued by a foreign subsidiary in addition to the relevant authority in the foreign jurisdiction. The US rules do not include this latter specification because the US is implementing the statutory approach, and the US agencies believe this requirement does not apply to jurisdictions that adopt that approach. The assessment team understands that one of the purposes of the point of non-viability (PON) press release is to ensure loss-absorbing capacity of the foreign subsidiary under the gone-concern scenario in cases where capital instruments issued by the subsidiary are included in the consolidated capital of the banking group. The team also notes that the PON press release states that the Committee’s objective could only be met through a statutory approach “if it produces equivalent outcomes to the contractual approach”. The team considers that capital instruments issued by US banks under foreign law (either directly or via foreign branches or subsidiaries) may not necessarily allow the US authorities to trigger these instruments without contractual arrangements. The legal enforceability of the statutory approach outside the home jurisdiction is uncertain and has not been demonstrated. AT1 and Tier 2 instruments issued under foreign law would therefore, in the assessment team’s view, not qualify as regulatory capital at the group’s consolidated level, unless PON loss absorbency is implemented contractually in compliance with the Basel PON standards, or the authorities demonstrate they have the statutory powers to trigger these instruments. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 34 Data suggest that the amount of AT1 and Tier 2 instruments issued by non-US subsidiaries is currently very small. Therefore, since the funding by US core banks is principally conducted in the United States, the assessment team considers the finding as not material at present, but listed it as an item for future follow-up assessments. Capital buffers (conservation and countercyclical) Basel III established a capital conservation buffer above the minimum capital requirements. When a bank’s CET1 ratio falls into the buffer range, that bank becomes subject to a restriction on the distribution of future earnings. The US rule includes requirements for the capital conservation buffer and countercyclical buffer, and associated restrictions on distributions, consistent with the Basel III requirements. The US framework is therefore assessed to be compliant with the Basel buffer requirements. The countercyclical buffer regime of Basel III works by extending the size of the capital conservation buffer when excess aggregate credit growth is judged to be associated with a build-up of system-wide risk. Here too, the US framework is consistent with the Basel expectations for the countercyclical buffer. Credit risk: Standardised Approach In the US rule, all banking organisations are required to apply the Standardised Approach starting from 1 January 2015. For advanced approaches core banks that have exited parallel run, the Standardised Approach will be used as a floor for calculating minimum capital ratios. As indicated above, in accordance with the Dodd-Frank Act the US rules do not reference external credit ratings. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 35 The team does not consider this to be a deviation per se from the Basel framework, but the assessment team’s focus has been on the potential for differences in regulatory outcome in comparison to the Basel standards. All of the findings mentioned below relate to this issue. First, for claims on sovereigns, public sector entities (PSEs) and banks according to the OECD’s country risk classification (CRC), the US rule assigns risk weights instead of external credit ratings. For domestic exposures the information and data received suggest that virtually all US public debt held by US banks is denominated in US dollars, and that a US downgrade (particularly below AA–) is highly unlikely over the assessment horizon (three to five years). For non-US exposures, based on a comparison of the US rule with those under a ratings-based approach, the assessment team judges that the deviations are unlikely to become material. Second, for credit risk mitigation (CRM) the Basel standards use minimum external credit ratings to determine the eligibility of financial collateral. In contrast, the US rules accept “investment grade” securities, defined as having “adequate capacity to meet financial commitments for the projected life of the asset or exposure” and “adequate capacity to meet financial commitments if the risk of its default is low and the full and timely repayment of principal and interest is expected”. As this is without reference to credit ratings, the possibility remains that US banks could use certain financial collateral that does not meet the Basel standards, such as unrated securities issued by non-bank firms or non-eligible unrated bank securities. In addition, it is possible that the “investment grade” criterion may expand the scope of eligible guarantors beyond the Basel approach. While the US rule does not refer to external ratings when defining “investment grade” collateral, the team’s dialogue with the industry suggests that in practice US banks often use external ratings, among other market factors and internal analysis, to determine whether collateral is of “investment grade” quality. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 36 Although under the US rule an “investment grade” credit rating for a particular debt security does not necessarily mean that the bank can recognise the security as collateral for CRM purposes, the extent to which US banks use “investment grade” collateral that would not qualify under the Basel standards is not clear. Finally, the US rule assigns supervisory haircuts for collateral based on the OECD’s CRC instead of on external credit ratings under the Basel standards. While in some cases the standard supervisory haircuts in the US rule are more conservative than those contained in the Basel text, for sovereign issuers the US haircut on collateral may be different from the Basel approach, as high-income OECD members and other high-income euro zone countries that no longer receive CRC scores are risk-weighted 0% irrespective of their external credit ratings, as long as they remain non-default. Differences may also exist in the resulting haircuts for non-sovereign issuers. Based on information and data provided by the US agencies, the assessment team finds that the US approach does not materially deviate from the Basel standards at present. However, if external credit ratings were to deteriorate, the team considers that a difference in outcomes with the Basel approach could result in less conservative CRM treatment and potentially become material. Overall, the US agencies’ implementation of the credit risk standardised approach framework is therefore considered to be largely compliant. Credit risk: Internal Ratings-Based approach The US rules are assessed as largely compliant with the Basel framework. The assessment team identified four areas of non-conformance with the Basel requirements: (i) reliance on accounting valuation; (ii) specific IRB minimum requirements; (iii) capital requirements for certain types of exposures; and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 37 (iv) recourse to standardised approach parameters. An overview is provided below; for details, see Section 2.3.4 of the detailed assessment findings. (i). Reliance on accounting valuation The Basel IRB framework determines capital charges both for unexpected (UL) and expected losses (EL) independent of accounting standards, to ensure consistency between and comparability of resulting capital adequacy measures across jurisdictions. UL and EL are based on risk parameter estimates for probability of default (PD), loss-given-default (LGD) and, in particular, exposure at default (EAD) determined according to the IRB minimum requirements. Accordingly, the Basel LGD estimates are based on an economic loss concept relative to EAD, and EAD is measured gross of specific provisions, partial write-offs and discounts. The Basel definition of default is broader than the accounting impairment concept (as it considers the likeliness of timely payment by the obligor without considering potential recoveries, which are instead reflected by the LGD). However, there is recognition of (eligible) accounting-based general and specific provisions against the IRB-based expected loss estimate EL = PD* LGD* EAD. That is, the Basel IRB framework recognises the extent to which expected losses are covered by accounting standards-based CET1 capital reductions for credit risk, and allows limited recognition of excess reductions as Tier 2 capital. The US rules rely on accounting valuation beyond what is allowed under Basel standards. The assessment team has identified that this can lead to the following: (a) Delayed recognition or potential non-recognition of default events for retail exposures resulting in lower total EL and RWA where a default event is not (yet) recognised. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 38 (b) Lower EAD for exposures with credit risk-related CET1 reductions (including fair value reductions) or discounts. The lower EAD reduces both RWA and EL amounts for non-defaulted and defaulted exposures, and also allows recognition of accounting-based CET1 reductions for credit risk where these exceed total EL amounts. The US rules do fully recognise such excess accounting reductions via an EAD that is net of all accounting reductions to CET1 capital. This effectively treats excess accounting reductions as if they covered a portion of the RWA, ie the US rules treat excess accounting reductions as if they were added back into CET1 capital. This allows full recognition of excess accounting reductions for all three capital ratios, whereas the Basel standards limit recognition of such reductions to 0.6% of RWA as Tier 2 capital and do not allow any recognition for the CET1 and Tier 1 capital ratio. (c) Lower EL amounts for non-defaulted fair-valued exposures where total fair value reductions do not exceed total EL amounts (PD*LGD*EAD) for fair-valued exposures. For non-defaulted exposures, the US rules determine IRB risk weights for unexpected loss correctly by subtracting the PD*LGD*EAD figure for expected loss as in the Basel risk weight function. However, unlike the Basel framework, US rules do not consistently determine EL for fair-valued exposures by this PD*LGD*EAD figure. EL for non-defaulted fair-valued exposures is set to zero for the comparison of total eligible provisions with total EL amounts. As a consequence, coverage of expected loss is limited to the extent of fair value reductions under US GAAP. Where total fair value reductions are less than total EL amounts determined by PD*LGD*EAD for fair-valued exposures, the US implementation creates a gap in coverage of credit risk compared to Basel standards. This gap is equal to the difference between the sum of EL amounts (PD*LGD*EAD) for fair-valued exposures and total fair value reductions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 39 Data provided suggest that, currently, the fair value reductions of most US banks significantly exceed EL amounts for fair-valued exposures. Five US banks report significantly more conservative capital ratios than those that would be calculated under the Basel standards. For eight US banks, the approach appears less conservative than the Basel standards, but currently does not result in materially lower capital ratios. The assessment team concludes that the potential overestimation of capital ratios by the US treatment of fair-valued exposures is currently not material because of relatively high fair value reductions, but the situation could change if these fair value reductions were to decrease in the future. Also, fair value adjustments consider factors other than changes in creditworthiness, such as changes in interest rates and liquidity. Given the number of variables that contribute to the difference between fair value and amortised cost, including changes in the composition of fair value exposures that a bank holds which are subject to change for various reasons, the assessment team considers the deviation potentially material. (d) The EL will also be lower for defaulted exposures where accounting-based loss assumptions do not consider all economic loss contributions. Further, the US approach may result in higher recognition of general allowances as eligible provisions as it does not exclude the portion related to Standardised Approach risk weights. The US approach can thus result in lower CET1 capital deductions for EL or excessive recognition of accounting-based CET1 reductions as Tier 2 capital. The overall effect is that CET1 and Tier 1 capital ratios of US banks may be higher than when Basel standards are applied. The same is true for total capital ratios, except in those specific cases where total fair value reductions together with total other eligible provisions exceed total EL amounts (determined by the Basel standards) to an extent that the effect of not increasing Tier 2 capital in the numerator of the US ratio by excess fair value reductions is stronger than the effect of reducing EAD in the denominator of the US ratio. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 40 The limited data available suggest that the impact on capital ratios of US banks is, on average, not material at present. However, since the extended reliance on accounting valuation can result in lower capital requirements for expected and unexpected losses related to credit risk and in lower deductions from CET1 capital, this deviation is considered potentially material. The US agencies have raised concerns that the Basel approach can create disincentives to using fair value accounting compared to holding assets at amortised cost. The assessment team believes these disincentives are limited since fair value reductions are treated as partial write-offs and therefore qualify as eligible provisions. Given the potential material impact on bank capital ratios, the assessment team requests that the Basel Committee confirm this interpretation. (ii) Non-inclusion of certain IRB minimum requirements The US regulations set targets for rating systems, rating assignments and risk parameter estimates that are consistent with the overarching principle behind the IRB minimum requirements in the Basel framework. This includes being accurate, reliable, consistent and appropriately conservative. Further, data must be relevant, processes and systems must be consistent with internal use, etc. These targets are supplemented by more specific requirements in the US rules text itself, in the preambles to the final rule and the 2007 rules, and in other published documents such as supervisory letters that implement many of the specific IRB minimum requirements in a binding manner. However, the US regulations do not specify certain of these targets in the full depth required by the Basel standards. The US authorities have taken the position that while these detailed requirements are not explicitly articulated in the US rule text, implementation of the specific provisions of the Basel framework is _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 41 achieved through robust supervisory oversight, and note that US supervisors ask for much more than what is reflected in the rule text alone. As evidence of the sufficiency of their enforcement of these requirements and to highlight the robustness of their supervisory process, the US agencies have referred to studies by the Basel Committee which suggest that RWA for low-default portfolios are more conservative than in other jurisdictions. Following completion of the assessment, the US agencies issued a proposed rule that would incorporate and clarify a number of minimum requirements into the final rule. The amendment is likely to be finalised in the second quarter of 2015. In addition, the US agencies committed to issue the supervisory examination work programmes that also clarify a further number of IRB minimum requirements. The amendment of the final rule addresses those missing minimum requirements that the US agencies identified as most relevant to US markets and banks. In particular, the requirements provide more clarity regarding the information, data and systems that must be used by banking organisations to estimate IRB risk parameters. The assessment team welcomes the rectifications, which further align the US final rule with the Basel standards. A number of missing IRB minimum requirements remain that may assume significance in the future. The assessment team recommends reviewing these missing minimum requirements through the post-RCAP follow-up assessment or when another RCAP assessment is undertaken to ensure that they do not assume materiality. (iii) Capital requirements for certain types of exposures For certain exposures, the US agencies’ implementation of IRB minimum capital requirements deviates in the following aspects from the Basel standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 42 This may result in lower IRB capital requirements. Deviations relate to: • extended scopes for (i) a waiver for 0.03% PD floor; (ii) double default recognition; (iii) treatment as retail; and (iv) risk weights for qualifying revolving retail; • a narrower definition of equity exposures; • missing recognition of high-volatility commercial real estate in other jurisdictions; • missing prohibition of reflecting double default effects in PD/LGD for guaranteed retail exposures; • potentially lower RWA for corporate leases where these expose the bank to residual value risk; • potentially insufficient capital requirements for purchased receivables (zero for material dilution risk / potentially lower for credit risk); and • a deviating approach to EAD for retail foreign exchange and interest rate commitments. The US authorities have provided data indicating that for some types of exposures the deviations are currently not material. Further, the US authorities have confirmed in writing that based on their knowledge and available data the overall impact at present is not material. In the view of the assessment team, while lower capital requirements under specific circumstances have not represented a material deviation to date for a typical internationally active bank with a diversified portfolio and an average risk profile, the deviation may become material if a bank increases its exposure to such products. Comparably lower capital requirements can create incentives for shifts in banks’ portfolios towards these products. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 43 The assessment team considers these deviations taken together as potentially material because of the broad range of products to which they relate. (iv) Recourse to Standardised Approach parameters The US rules take recourse to Standardised Approach parameters beyond the limits set by the Basel standards for: (a) equity exposures where 0%, 20% and 100% risk weights may be applied beyond the limits of 10% capital and additional 10% capital for eligible legislated programmes; (b) cash items in the process of collection to which fixed 20% risk weights are applied instead of risk-sensitive IRB risk weights for exposures to banks or central banks; and (c) fixed risk weights of 100% for defaulted assets applied solely to the portion of the exposure not yet written off where the Basel standards require assigning an LGD that reflects unexpected losses during the recovery period on a risk-sensitive basis to the full EAD. The deviation for equity exposures is assessed as potentially material. While data provided by the US agencies show that the current volume of 20% and 100% risk-weighted equity exposures is still within the 10% capital limit for legislative programmes, the assessment team notes that this limit is nearly exhausted for the most affected bank. The missing limit has thus not represented a material deviation to date, but could become relevant in the future. In the view of the assessment team, the large difference in risk weights compared to the 300% or 400% under the simple risk weight method of the Basel standards can further incentivise US banks to increase the share of such equity exposures. In addition, the team finds that – in contrast to the Basel standards – debt exposures with the economic substance of equity holdings might not always be required to be classified as equity under US regulations. This deviation is therefore considered potentially material. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 44 The deviation for cash items in the process of collection is not currently material, but could assume significance if US banks were to substantially increase the share of these exposures, in particular with high-risk counterparts. The assessment team therefore recommends listing this finding for a follow-up RCAP assessment. Regarding defaulted assets, data provided by the US agencies show that the finding is, on average, not material at present for the capital ratio of US banks. For most banks, the impact is limited and for some banks the result is even considerably more conservative than under the Basel standards. However, there is also a bank that reports a benefit of approximately 19 bps on the normalised capital ratio. The impact of using a fixed risk weight may increase if unexpected losses increase. This deviation is therefore considered potentially material. Securitisation framework The US agencies have implemented a securitisation framework that is, on average, more conservative than the Basel standards. Nevertheless, the assessment team has identified a number of divergences between the US rules and the Basel standards that for some US banks lead to materially lower securitisation RWA outcomes than the Basel standards, both for securitisations held in the banking book and those held in the trading book. Overall, based on the materiality of the deviations identified by the assessment team, the US implementation of the securitisation framework is considered to be materially non-compliant. These differences are mainly related to the prohibition on the use of ratings in the US rules. Pursuant to the Dodd-Frank Act, the US rules cannot include provisions related to the Basel RBA, and accordingly provide alternative treatments _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 45 (such as the SSFA under both the credit risk and market risk aspects of the US rules) and a hierarchy of approaches that differs from the Basel provisions. Although the assessment team understands that the US agencies calibrated the SSFA to produce risk weights largely comparable on a portfolio basis to those under the Basel RBA, estimates and analysis provided by the agencies show that the SSFA has a material impact on the securitisation RWA of several US banks. With regard to the credit risk framework, on average, the SSFA is more conservative than the RBA and relative to the RBA results in a weighted average (i) decrease in the normalised capital ratios of 6 bps and (ii) increase of 14.5% in securitisation RWA for the nine sample banks. However, for three banks the alternative approaches result in more than a 30% reduction in securitisation RWA (up to 52% for one bank). With regard to the market risk framework, for the sample of US banks, the deviation results in a maximum reduction in market risk RWA of 24.5%, and an average reduction of 9.1%. In capital ratio terms, the deviation results in a maximum change of 78.9 bps and an average change of 14 bps across banks in the sample. Overall, the US approach produces a material impact for a limited number of banks. Historical data provided by the US agencies for securitisation issuances from 2005 and 2006 show that the SSFA typically results in a more conservative RWA than the RBA for all asset classes except for senior residential mortgage-backed securities (RMBS). For three of the banks in the sample, RMBS represent more than 1% of total assets. Data provided by US agencies suggest that the differences in risk weights of senior RMBS may be attributed to external rating downgrades of AAA securities observed after 2009. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 46 Based on a paper provided by the US agencies, the average regulatory capital requirement under the SSFA is more conservative than the RBA for mezzanine RMBS positions, while it is significantly less conservative for senior RMBS exposures. The potential future impact on capital ratios and the international level playing field of the deviations identified depends on several factors, including the asset class mix of individual bank portfolios, the risk of the underlying securitised exposures and the seniority of the securitisation exposure. As the analysis provided by the US agencies was based on a very specific pre-crisis vintage, and given the fact that the conservatism of the SSFA is directly connected to the delinquency rate, it is not clear whether the SSFA would deliver similar (conservative) results for more recent, post-crisis vintages. This aspect could be verified once a longer and more robust time series on securitisation asset classes is available. The assessment team has also noted that the regulatory approach for securitisation is currently under revision by the Basel Committee, and that future amendment to the Basel securitisation framework will probably include a version of the SSFA derived from the one currently applied by the US agencies. The agencies note that these alternative approaches are consistent with the FSB and BCBS objectives of reducing mechanistic reliance on external credit ratings. Further, the agencies agreed to consider amendments to the US securitisation rules once the Basel Committee issues the revised securitisation framework (Annex 6). The assessment team welcomes this agreement and recommends a follow-up assessment once the US rules have been updated (Annex 12). Counterparty credit risk framework In general, the US implementation of the counterparty credit risk (CCR) requirements is broadly in line with the Basel framework. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 47 However, the assessment team identified a number of deviations, one of which has a material impact on the capital ratio of at least one US bank. The main deviation from the Basel framework is in the determination of counterparty weights applied in the standardised approach for CVA. In the Basel framework, credit ratings are used for this purpose, whereas the US requirements replace the direct references to credit ratings with probabilities of default due to the prohibition on the use of external credit ratings in the US regulations. Based on data received from the US authorities, although on average the impact on CCR RWA of this approach compared to the Basel standard is low, the impact is material for at least one US core bank. For that bank, the US approach results in CCR RWA that are 12.3% lower than would be the case under the Basel approach. Further, as noted in Section 1.1, the US agencies have not incorporated the CVA capital charge in the new US standardised approach. US core banks that remain in parallel run will therefore not be subject to a separate CVA capital charge. The assessment team acknowledges that the Basel framework does not explicitly prescribe the implementation of the parallel run, and understands the view of the US regulatory agencies that the internal model approval process cannot be compromised. The team also considers that the issue will disappear once the remaining core banks have received approval to exit parallel run. At the same time, the team finds that the US approach results in a number of core banks not being subject to a separate capital charge for CVA risk for a protracted amount of time, which is considered not in line with the spirit of the Basel standards. With respect to CCP-related requirements, no material deviations were identified. The most significant (but still not material) deviation identified was that the US rules allow banks which are clients (ie that clear their transactions through a clearing member) to apply the 2% risk weight to trade exposures in cases where client collateral is held in omnibus accounts. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 48 The Basel framework allows this application of a 2% risk weight in cases where certain conditions relating to segregation and portability of collateral are met. In the case of US omnibus accounts, the condition is not fully met; however, based on data from the US agencies on the size of exposures to which this deviation relates, the deviation is considered to be currently not material. The assessment team also considers that the deviation is unlikely to become material in the future. Overall, based on the deviations identified by the assessment team, and their materiality, the US implementation of the CCR framework is considered to be largely compliant. Market risk: Standardised Measurement Method The US market risk rule implements only certain provisions of the standardised market risk measurement method of the Basel framework: the equity- and interest rate-specific risk provisions and the securitisation provisions. The Standardised Measurement Method for general risk has not been implemented as US rules instead require general risk to be measured using the Internal Models Approach (IMA). Given that the scope of application of the US rule is large banks, which the Basel framework envisages would use the IMA, this is not considered by the assessment team to be a deviation. The assessment team identified one deviation from the Basel framework with a material impact in regard to the treatment of non-modelled securitisation positions. Specifically, the US rules implement on a permanent basis a transitional rule in the Basel framework for securitisations in the trading book that permitted capital requirements to be based on the maximum of the capital requirement that would be held against either the sum of the bank’s net long or net short non-modelled securitisation positions (rather than the capital requirement being the sum of the long and short requirements). The US agencies indicated that the provision was adopted in this manner in anticipation of the Basel Committee’s completion of the fundamental _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 49 review of the trading book, which, though still in development, aims to improve risk sensitivity in part by allowing for increased recognition of hedging under the Standardised Approach. Notwithstanding the status of the fundamental review, this provision represents a material deviation from the Basel requirements. For the most affected banks, this deviation resulted in an 11% decrease in market risk RWA and a 23 bp increase in the capital ratio (relative to application of the Basel standards). On average, across the sample of US banks the deviations result in a 6% decrease in market risk RWA and a 6 bp increase in capital ratios. The assessment team is concerned that the impact may increase further over time. Overall, taking into account the above deviation, the assessment team considers the US implementation of the market risk standardised approach to be materially non-compliant. Market risk: Internal Models Approach The US agencies have implemented all elements of the Basel standard related to the market risk IMA. In a number of areas, some of the detailed specifications set out in the standard are not fully incorporated (eg specification of the risk factors to be included in VaR, or details of stress testing requirements); however, where this is the case there is always an overarching requirement which substantively addresses these details. Therefore, overall the US requirements for the IMA for market risk are considered to be compliant with the Basel framework. Operational risk: Basic Indicator Approach, Standardised Approach and Advanced Measurement Approaches Of the available approaches for operational risk in the Basel framework (Basic Indicator Approach, Standardised Approach; Advanced Measurement Approaches) the US agencies have implemented only the Advanced Measurement Approaches (AMA). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 50 As already highlighted under the transitional arrangements, for core banks that are in parallel run and report Basel I capital ratios, no explicit capital requirements for operational risk apply. In the view of the assessment team, this implementation differs from that in most other Basel Committee jurisdictions and may hamper the comparability of risk-based capital ratios across internationally active banks during the parallel run period. The US rules implementing the AMA are considered compliant with the Basel framework. While the US rules in general implement the requirements for operational risk in a manner consistent with the Basel framework, there are a few findings (mostly concerning some detailed technical criteria/requirements) which are not likely to have a material impact on the capital ratios. In particular, the US rules do not explicitly include some qualitative and quantitative requirements for the use of the AMA. To a certain extent, this reflects the fact that in a number of instances the US rules contain only the broad principles, while the details are left to supervisory guidance and practice. The assessment team considered these deviations as to be not material. In addition to the above-mentioned findings concerning technical criteria/requirements, two deviations concerning the recognition of risk mitigants in the context of the AMA were found. The first concerns one of the eligibility criteria for using insurance: since US rules cannot refer to credit ratings, the Basel criterion that the insurance provider must have a credit rating of at least A (or equivalent) was changed to a criterion stipulating that the probability of default of the insurance provider cannot exceed 10 bps. While this deviation is currently not material (no bank using the AMA is using insurance for risk mitigation purposes at present), the assessment team considers that it could become material in the future. The second deviation concerns the possibility for supervisors to allow banks to use risk mitigants other than insurance under the AMA. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 51 Under the Basel framework, only insurance is currently allowed. However, so far US banks have not been allowed to use this type of additional risk mitigant, which makes this deviation not material at present. The assessment team also considers that it is unlikely that it will become material in the future. Supervisory review process US adoption of the Pillar 2 framework is considered to be compliant with the Basel standards. Rules, Supervision and Regulation Letters, and guidance issued by the US agencies cover a wide range of supervisory review issues. For example, the US rule does not explicitly require banks to have in place and regularly review their CRM policies to control residual credit risk and to take immediate remedial action when needed. However, the assessment team finds high-level principles and requirements in certain related guidance that substantially cover this requirement, and therefore considers the finding as not material. Disclosure requirements The US requirements for disclosure requirements are considered to be compliant with the Basel framework. The disclosure requirements for advanced approaches banks that completed the parallel run are mostly consistent with the Basel Pillar 3 requirements, albeit with a few exceptions. First, the disclosure rules do not require banks to disclose quantitative information on investments in insurance entities where banks apply the “alternative approach” instead of the deduction approach. Due to the limited importance of insurance entities for US banks (see also the section on the definition of capital), this deviation has been judged as not material at present. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 52 Second, US agencies decided not to adopt certain disclosure templates for capital instruments (ie the main features template and the transitional template), since this information is already available in other public and regulatory filings (eg 10-K, 10-Q) on banks’ websites. This deviation has also been judged as not material. Further, the team notes that certain disclosure requirements are not applied to core banks that are in parallel run. For example, there is no disclosure of operational risk by core banks in parallel run that report capital ratios based on Basel I until year-end 2014 and based on the new US standardised approach from 1 January 2015. Only those US core banks that have exited parallel run are fully subject to Pillar 3 requirements for advanced approaches banks. The US agencies did not implement the Pillar 3 disclosure requirements for remuneration, although the US agencies have confirmed that rules are being prepared. The agencies also noted that a number of disclosures relating to remuneration have to be made under SEC rules, specifically Regulation S-K. Since all the banks in the sample are publicly listed companies, they are subject to those disclosures. However, while Regulation S-K mandates a number of requirements that match those mandated by the Basel framework in terms of substance, it has a more limited scope, as it covers remuneration of senior management but does not explicitly include remuneration of other material risk-takers. Nevertheless, the assessment team considered this deviation as unlikely to be material. Annex : Details of the RCAP assessment process A. Off-site evaluation (i) Completion of a self-assessment questionnaire by US authorities (ii) Evaluation of the self-assessment by the RCAP assessment team _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 53 (iii) Independent comparison and evaluation of the domestic regulations issued by US authorities with corresponding Basel III standards issued by the BCBS (iv) Identification of observations (v) Refinement of the list of observations based on clarifications provided by US authorities (vi) Assessment of materiality of deviations for all quantifiable deviations based on data and non-quantifiable deviations based on expert judgement (vii) Forwarding of the list of observations to US authorities B. On-site assessment (viii) Discussion of individual observations with US authorities (ix) Meeting with selected US banks, accounting firms and a credit rating agency (x) Discussion with US authorities and revision of findings to reflect additional information received (xi) Assignment of component grades and overall grade (xii) Submission of the detailed findings to US authorities with grades (xiii) Receipt of comments on the detailed findings from US authorities C. Review and finalisation of the RCAP report (xiv) Review of comments by the RCAP assessment team, finalisation of the draft report and forwarding to US authorities for comments (xv) Review of US authorities’ comments by the RCAP assessment team (xvi) Review of the draft report by the RCAP review team (xvii) Review of the draft report by the Peer Review Board (xviii) Reporting of findings to SIG by the team leader _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 54 RCAP sample of banks The following 15 US core banks were selected for the RCAP sample for the quantitative materiality testing. These banks cover approximately 75% of total banking assets in the United States and nearly all of the relevant international exposures of the US banking sector. • JPMorgan Chase (G-SIB) • Bank of America (G-SIB) • Citigroup (G-SIB) • Wells Fargo (G-SIB) • Goldman Sachs (G-SIB) • Morgan Stanley (G-SIB) • Bank of New York Mellon (G-SIB) • US Bancorp • HSBC North America • Capital One • PNC Financial Services Group • State Street (G-SIB) • TD Bank US • American Express • Northern Trust Annex: Areas where US requirements are regarded to be higher than the Basel standards In several places, the US authorities have adopted a stricter approach than the minimum standards prescribed by Basel or have simplified or generalised an approach in a way that does not necessarily result in stricter requirements under all circumstances but never results in less rigorous requirements than the Basel standards. The following list provides an overview of these areas. The information in this annex has been provided by US regulatory agencies and has not been cross-checked or assessed by the RCAP assessment team. It should be noted that these areas have not been taken into account as mitigants for the overall assessment of compliance. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 55 Transitional arrangements • The US rules removed the transitional floors and adopted a permanent floor based on the US standardised approach, as imposed by US statute, which represents an additional requirement that is not currently included in the Basel standards. The floor imposed in the United States will generally be more conservative than the Basel approach, as the US floor is 100% of the US standardised approach while the Basel floor is 80% of the Basel I approach. Additional stringency is provided by the calibration of the US standardised approach, which was designed to be more conservative on a framework to framework basis than the general risk-based capital requirements that were based on the Basel I standards. Definition of capital • The US rules are more conservative than Basel III with respect to the definition of additional tier 1 capital – Basel III allows the inclusion of liabilities in additional tier 1 capital while the US rules only allow accounting equity instruments in additional tier 1 capital. Credit risk: Standardised Approach • The Basel text allows PSEs to be risk-weighted at the same level as the PSE’s sovereign. Under the Basel Standardised Approach, the US agencies could justify a 0% risk weight for these exposures, but apply a more conservative risk weight of 20%. • The US rules did not adopt the 75% risk weight for retail exposures. Such exposures are risk-weighted at 100%. • The Basel text allows claims secured by residential property to be risk-weighted at 35%. The US rule sets a 50% (rather than 35%) risk weight floor on residential mortgages or a risk weight of 100% for those mortgage that do not qualify for a 50% risk weight. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 56 • The Basel standardised text does not provide a specific treatment for HVCRE exposures, meaning such exposures receive a 100% risk weight. The US standardised approach sets 150% risk weight for HVCRE exposures. • The Basel standardised text does not provide a specific treatment for equity exposures, meaning such exposures receive a 100% risk weight. Under the US standardised approach, most equity exposures are subject to risk weights ranging from 100% to 600%. Equity exposures to investment funds can receive a 1250% risk weight. • While the US rules are prohibited by statute from referring to external ratings, the US agencies apply a definition of investment grade that requires firms to consider a variety of factors, including: available external credit ratings, market data such as credit default swap spreads, financial information published by the issuer of the debt instrument, external credit assessments other than credit ratings, and internal analysis. Firms, therefore, have a greater burden to support their determination that a debt security is investment grade if one factor is contradicted by another factor. Hence, an investment grade credit rating for a particular debt security does not necessarily mean the security qualifies as investment grade per the US rules. Credit risk: Internal Ratings-Based approach • The US rules do not recognise SMEs, therefore, are super-equivalent to the Basel text because they do not lower capital requirements via the correlation adjustment for SMEs. • The US advanced approaches rules do not allow for partial use because of concern with cherry picking and because the US agencies believe that full use of the advanced approaches is consistent with risk management expectations for large, internationally active banks, and that their implementation of Basel II is super-equivalent to the Accord. • The US agencies did not implement the slotting criteria. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 57 For A-IRB banks, US rules are super-equivalent because they require full implementation of PD/LGD. • The capital requirement for defaulted exposures is EAD times 8%, rather than the difference between LGD and the bank’s best estimate of expected loss. Under Basel paragraph 272, the capital requirement on a defaulted retail exposure may be zero where all of the economic loss is already captured by the best estimate of expected loss under current economic conditions (eg where unexpected losses cannot further increase under more adverse economic conditions) and therefore is instead deducted from CET1 capital rather than being included in RWA. The agencies believe this is imprudent, and instead require a fixed 100% risk weight or a 20% risk weight where covered by an eligible guarantee from the US government. This is more rigorous in those cases where unexpected losses are lower than 8% (or 1.6% if guaranteed by the U.S. government) of that percentage of the exposure that is not yet written off. • Under Basel II, the capital requirement for a defaulted exposure is the difference between LGD and best estimate of expected loss. The US rule applies a capital requirement of EAD times 0.08. Given the US agencies’ charge-off policy for defaulted retail loans, the capital requirement on a defaulted retail exposure may be zero and often would be zero or near zero for US banks if the US agencies adopted Basel paragraph 328. In particular, as described in the Uniform Retail Credit Classification Guidance, a bank must charge off defaulted retail exposures to their expected recoverable value less the cost to sell, so the loss-given-default after charge-off should be zero. The agencies believe this is imprudent, and instead require a more conservative 100% risk weight. The US rule is more conservative than Basel II with respect to those hedged equity exposures where the remaining maturity is longer than one year by requiring a 100% risk weight on the matched portion of a hedged _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 58 transaction (as opposed to full offset) and has requirements on the effectiveness of the hedge. Also note the word “offset” in paragraph 345. That implies a zero capital charge on the matched portion of a hedged equity position. The US treatment is more conservative because the agencies require USD 8 of capital for every USD 100 of the matched portion of a hedged equity position. In contrast to Basel II, the US agencies also require an ex ante and ex post statistical demonstration of the effectiveness of the hedge and describe alternative metrics that a bank must use. Basel II requires no such test of the effectiveness (ie correlation between the two sides of the two-part transaction). The measures of association specified in the US rule are conventional measures used by practitioners. Thus, the US treatment, in that it requires a 100% risk weight on a perfectly matched transaction, is much more conservative than the Basel II treatment, which will assign a zero charge to many hedged equity positions where fully matched. Market risk • The US rules provide for a surcharge of 8% on modelled correlation positions taking into account the fact that many banking organisations continue to have a limited ability to perform robust validation of their comprehensive risk model using standard backtesting methods. This provision exceeds the Basel framework requirements, and the inclusion of a surcharge is appropriate as a prudential measure for banking organisations to adequately validate comprehensive risk models and also incentivises banking organisations to improve models on an ongoing basis. Leverage Ratio • The US rules incorporate a pillar 1 leverage requirement for all banking organisations. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 59 • The US rule applies a pillar 1 supplementary leverage requirement to advanced approaches banking organisations beginning in 2018. In addition, the largest, most systemic banking organisations will be required to meet a supplementary leverage ratio well above the 3% minimum standard. Covered bank holding companies will be required to hold a 2% leverage buffer, for a total of a 5% supplementary leverage ratio requirement. Insured depository institutions of covered bank holding companies will be required to meet a 6% supplementary leverage ratio requirement in order to be considered well-capitalised under the US prompt correction action framework. Currently, this enhanced supplementary leverage ratio requirement applies to eight US banking organisations designated as globally systemically important banks. Annex: List of Basel approaches not allowed by US regulatory framework The following list provides an overview of approaches that the US authorities have not made available to banks through the US regulatory framework. Where the Basel standards explicitly request certain approaches to be implemented under specific circumstances, the missing approaches have been taken into account in the assessment. However, where the Basel standards do not require jurisdictions to implement these approaches, they have been implicitly treated as “not applicable” for the assessment. Operational risk • Basic Indicator Approach and Standardised Approach Counterparty credit risk • Standardised Method Annex: List of issues for post-RCAP assessment follow-up _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 60 The assessment team identified the following issues for post-RCAP assessment follow-up and for future RCAP assessments of the United States: 1. Treatment of defined benefit pension fund assets held by FDIC-insured banks. 2. Treatment of insurance entities in the definition of capital. 3. Additional Tier 1 and Tier 2 capital instruments issued by US banks and their subsidiaries under foreign law and their treatment under the US statutory approach. 4. For the IRB approach: A broader quantification of differences stemming from reliance on accounting valuation for EAD, EL and retail definition of default; and the volume and difference in capital requirements for those exposures where capital requirements under US rules are lower than Basel standards or where fixed risk weights as in the Standardised Approach are used beyond the limits allowed by the Basel standards for partial use, including for cash items in the process of collection; a follow-up assessment of the impact of missing minimum requirements not covered by the draft amendment issued by the US agencies. 5. Follow-up assessment of the US securitisation framework. Annex: Areas for further guidance from the Basel Committee The assessment team listed the following issues for further guidance from the Basel Committee. Additional detail is provided in Section 1.4 of the report. • Definition of capital: the treatment of DTAs that could be recovered through operation loss carrybacks. • Credit risk: the calculation of EAD and the application of the EL excess/shortfall mechanism for fair value exposures under the IRB approach. Annex: US agencies’ summary of their Pillar 2 supervisory review process _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 61 1. Understanding of Pillar 2 and relevance for the overall supervisory activity In the United States, Pillar 2 is the process for the supervisory review under the advanced approaches rule. These reviews are intended to help ensure a firm’s overall capital adequacy by: • confirming a banking organisation’s compliance with regulatory capital requirements; • addressing the limitations of minimum risk-based capital requirements as a measure of a firm’s full risk profile – including risks not covered or not adequately addressed or quantified in the Pillar 1 capital charges; • ensuring that each banking organisation is able to assess its own capital adequacy (beyond minimum risk-based capital requirements) based on its risk profile and business model; and • encouraging banking organisations to develop and use better techniques to identify and measure risk. Pillar 2 work is part of the overall US supervisory review process. The US agencies use a risk-based supervisory philosophy focused on evaluating risk, identifying material and emerging problems, and ensuring that individual banking organisations take corrective action before problems compromise their safety and soundness. An integral part of the supervisory process is determining a banking organisation’s composite rating under the Uniform Financial Institutions Rating System (UFIRS) or “CAMELS” ratings from six component areas: Capital adequacy, Asset quality, Management, Earnings, Liquidity and Sensitivity to market risk. 2. Requirements for banking organisations In the United States, the requirements for advanced approaches banking organisations have been established by the prior and revised regulatory capital rules and supplemented by the public document: Supervisory Guidance: Supervisory Review Process of Capital Adequacy (Pillar 2) _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 62 Related to the Implementation of the Basel II Advanced Capital Framework. The guidance covers three main areas: (i) comprehensive supervisory review of capital adequacy; (ii) compliance with regulatory capital requirements; and (iii) internal capital adequacy assessment process. 3. Supervisory assessment Examiners work full-time at large and complex financial institutions, including advanced approaches banking organisations. This enables the US agencies to maintain an ongoing programme of risk assessment, monitoring and communications with firm management and directors. Objectives are designed to: • Determine the condition of the banking organisation and the risks associated with current and planned activities, including relevant risks originating in subsidiaries and affiliates. • Evaluate the overall integrity and effectiveness of risk management systems, using periodic validation through transaction testing. • Determine compliance with laws and regulations. • Communicate findings, recommendations and requirements to firm management and directors in a clear and timely manner, and obtain informal or formal commitments to correct significant deficiencies. • Verify the effectiveness of corrective actions, or, if actions have not been undertaken or accomplished, pursue timely resolution through more aggressive supervision or enforcement actions. 4. Capital expectation Minimum capital requirements as set by the statutory prompt corrective action (PCA) framework, which requires the US agencies to define separate capital levels for well capitalised, adequately capitalised, undercapitalised, significantly undercapitalised and critically undercapitalised institutions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 63 Under the PCA framework, banking organisations face consequences and restrictions of increasing severity as their capital levels fall. The regulatory minimum capital ratios are standards that address only a subset of risks faced by firms. Therefore, a banking organisation should maintain capital well above regulatory minimum capital ratios, especially during expansionary periods when the economy may be growing robustly and earnings are strong but the inherent risks in a banking organisation’s operations and balance sheet may be increasing. Equally emphasised is that a banking organisation at the “well capitalised” level under the PCA rule should not automatically assume that it has sufficient capital to cover all of its risks. For advanced approaches banking organisations, the regulators’ assessment of a firm’s capital adequacy includes a review of the firm’s own capital assessment and planning process. Moreover, firm and supervisory stress testing have become key inputs to capital planning at the largest banking organisations and to supervisory assessments of firms’ capital adequacy. Examiners evaluate the banking organisation’s approach to identifying and measuring material risks, assessing capital adequacy, identifying capital sources, raising capital when necessary, and preparing for contingencies. Examiners also consider management’s capital assessment processes and oversight by the board of directors. Under the Federal Reserve Board’s (FRB) Comprehensive Capital Analysis and Review (CCAR) programme, the FRB approves a bank holding company’s capital actions (eg planned dividends, issuances and repurchases as provided in the firm’s baseline scenario) on an annual basis. These capital plan reviews are informed by stress tests conducted at large banks under requirements established by the US banking agencies as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as by the Dodd-Frank supervisory stress tests conducted by the FRB, the OCC and the FDIC. Additionally the OCC, FDIC and Federal Reserve recently published rules requiring financial companies with more than USD 10 billion in assets to _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 64 conduct annual company-run stress tests using scenarios provided by the agencies that reflect a minimum of three sets of economic and financial conditions, including baseline, adverse and severely adverse scenarios. 5. Supervisory intervention measures The US regulatory agencies use their supervisory and enforcement authorities to ensure that financial intuitions operate in a safe and sound manner and in compliance with the law. There is a broad range of supervisory and enforcement tools to achieve this purpose. When the normal supervisory process is insufficient or inappropriate to effect bank compliance with the law and the correction of unsafe or unsound practices, or circumstances otherwise warrant a heightened enforcement response, the agencies have a broad range of enforcement tools. Enforcement actions range from informal actions to formal actions. Where a banking organisation’s capital is impaired, the agencies may issue a Capital Directive or a PCA Directive, when authorised by law. Annex: US floor for banks using advanced Basel approaches The risk-based capital ratio floor calculation based on the US standardised approach is imposed by statute. The floor is 100% of the US standardised approach ratio, and is considered more stringent than the Basel framework capital floor, which is 80% of Basel I requirements. It may be noted that additional stringency is provided by the calibration of the US standardised approach, which was designed to be more conservative on a framework to framework basis than the preceding general risk-based capital requirements that were based on the Basel I standards. Such a comparison is necessary to comply with certain statutory requirements under section 171 of the Dodd-Frank Act. The floor is implemented as follows: under the US rule in order to determine its minimum risk-based capital requirements, an advanced approaches banking organisation that has completed the parallel run _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 65 process and that has received notification from its primary federal supervisor, must determine its minimum risk-based capital requirements by calculating the three risk-based capital ratios using total risk-weighted assets under the Standardised Approach and, separately, total risk-weighted assets under the advanced approaches. The lower ratio for each risk-based capital requirement is the ratio the banking organisation must use to determine its compliance with the minimum capital requirement. For both ratios the capital definition is the same for CET1 and Tier 1. For the Total Capital ratio, however, the advanced approach excludes the general provisions included in Tier 2 (up to limit of 1.25% of standardised credit RWA) and includes excess provisions over expected losses (up to limit of 0.6% of credit RWA). With respect to inclusion of risks in RWA, the differences between the US standardised and advanced approach capital ratios include: • CVA risk is not included in standardised RWA. • Operational risk is not included separately in standardised RWA. • Market risk RWA: the standardised and advanced approaches are substantially identical. However, under the standardised approach the bank must use SSFA to determine the specific risk add-on for securitisation positions, whereas under the advanced approach the bank may use SFA (if permitted by the federal regulator). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 66 Non-financial corporations from emerging market economies and capital flows Stefan Avdjiev, Michael Chui and Hyun Song Shin Non-financial corporations from emerging market economies (EMEs) have increased their external borrowing significantly through the offshore issuance of debt securities. Having obtained funds abroad, the foreign affiliate of a non-financial corporation could transfer funds to its home country via three channels: it could lend directly to its headquarters (within-company flows), extend credit to unrelated companies (between-company flows) or make a cross-border deposit in a bank (corporate deposit flows). Cross-border capital flows to EMEs associated with all three of the above channels have grown considerably over the past few years, as balance of payments data reveal. To the extent that these flows are driven by financial operations rather than real activities, they could give rise to financial stability concerns. __________________________________ The pattern of cross-border financial intermediation has undergone far-reaching changes in recent years, from one that relied overwhelmingly on bank-intermediated finance to one that places a greater weight on direct financing through the bond market. In the process, non-financial firms have taken on a prominent role in cross-border financial flows. They have increased their external borrowing significantly through the issuance of debt securities, with a significant part of the issuance taking place offshore. Between 2009 and 2013, emerging market non-bank private corporations issued $554 billion of international debt securities. Nearly half of that amount ($252 billion) was issued by their offshore affiliates (Chui et al (2014)). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 67 An important question is whether this increased corporate external borrowing can be a source of wider financial instability for emerging market economies and, if so, which channels of financing flows give rise to concerns. The large increase in issuance by their overseas affiliates shows that EME firms' financing activities straddle national borders. Hence, measurement of external debts based on the residence principle can be problematic. In particular, external debt based on the residence principle may understate the true economic exposures of a firm that has borrowed through its affiliates abroad. If the firm's headquarters has guaranteed the debt taken on by its affiliate, then the affiliate's debt should rightly be seen as part of the firm's overall debt exposure. Even in the absence of an explicit guarantee, the firm's consolidated balance sheet will be of relevance in understanding the firm's actions. While this point has been well recognised in the realm of international banking (Cecchetti et al (2010)), it had not received much attention in the context of non-financial corporates until recently (Gruić et al (2014a)). The practice of using overseas affiliates as financing vehicles has a long history. Borio et al (2014) describe how in the 1920s German industrial companies used their Swiss and Dutch subsidiaries as financing arms of the firm to borrow in local markets and then repatriate the funds to Germany. As old as such practices are, they have become the centre of attention again in recent years due to the increasingly common practice of EME non-financial corporates borrowing abroad through debt securities issued by their affiliates abroad. If the proceeds of the bond issuance are used for acquiring foreign assets, the money stays outside and there are no cross-border capital movements. However, we will be focusing on the case where the firm transfers the proceeds of the bond issuance back to its home country, either to finance a local (headquarters) project, or to be held as a financial claim on an _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 68 unrelated home resident - say, by being deposited in a bank or by being lent to another non-bank entity. If the overseas bond proceeds are repatriated onshore to invest in domestic projects with little foreign currency revenue, the firm will face currency risk. If the proceeds are first swapped into local currency, then the firm's activities are likely to have an impact on financial conditions (Box 1). In either case, the economic risks may be underestimated if external exposures are measured according to the conventional residence basis. Having obtained funds abroad (by issuing bonds offshore), the foreign affiliate of a non-financial corporation could act as a surrogate intermediary by repatriating funds (Chung et al (2014), Shin and Zhao (2013)). It can do that via thee main channels (Graph 1). First, it could lend directly to its headquarters (within -company flows). Second, it could extend credit to unrelated companies (between -company flows). Finally, it could make a cross-border deposit in a bank (corporate deposit flows). A practical question is how best to monitor these non-bank capital flows under the existing measurement framework organised according to the residence principle. The balance of payments (BoP) accounting framework lists broad categories such as foreign direct investment (FDI) and portfolio flows, but it does not separate out the flows associated with corporate activity from those of the financial sector. However, a little detective work can reveal a wealth of information. This article explores how the BoP data and some key items buried deep within the broad categories of direct investment and other investment can be used to shed light on cross-border capital flows through non-financial corporate activities (Table 1). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 69 Box 1 International bond issuance, cross-currency swaps and capital flows When an EME company issues a US dollar-denominated bond in overseas capital markets and then repatriates the proceeds, one would expect that to show up as capital inflows in US dollars. However, this need not always be the case. The company or its overseas subsidiary can issue the bond and swap the proceeds into domestic currency before transferring the funds back to the headquarters. Obviously, there will be a similar increase in the headquarters' liabilities, but only the company's consolidated balance sheet would show an increase in foreign currency liabilities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 70 For instance, Chinese firms have primarily issued US dollar-denominated bonds abroad, whereas non-Chinese companies account for a sizeable proportion of offshore renminbi bond (CNH) issuance (Graph A). Very often, these non-Chinese entities will swap their CNH proceeds into US dollars. In doing so, they are taking advantage of the cross-currency swap markets to obtain US dollar funding at lower costs than by issuing US dollar bonds (HKMA (2014)). Similarly, cross-currency swaps offer Chinese firms a channel to get around the tight liquidity conditions in China by swapping their US dollar proceeds from bond issuance into renminbi and remitting to their headquarters. In the rest of this article, we present evidence that capital flows to EMEs associated with non-financial corporations have indeed increased markedly over the past few years through three different channels. First, we demonstrate that transfers between firms' headquarters and their offshore affiliates have surged. Next, we show that "non-bank" trade credit flows to EMEs have increased significantly. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 71 Finally, we demonstrate that the amount of external loan and deposit financing to EMEs provided by non-banks has grown considerably. Within-company credit An accounting convention in the balance of payments deems borrowing and lending between affiliated entities of the same non-financial corporate to be "direct investment". Specifically, such transactions are classified under the "debt instruments" sub-item of direct investment. In contrast, borrowing and lending between unrelated parties are classified as either a portfolio investment or under the "other" category. The rationale behind treating within-firm transactions as direct investment is that the overall profitability of a multinational corporation depends on advantages gained by deploying available resources efficiently to each unit in the group. For example, tax considerations could drive the choice between equity and within-company debt, and behaviourally such debt can be, and often is, written down in adverse circumstances. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 72 Classifying the transfer onshore of funds obtained offshore as FDI raises questions about the traditional view that FDI is a stable or "good" form of capital flow (CGFS (2009)). This may be true for FDI in the form of large equity stakes associated with greenfield investment or foreign acquisitions. But within-company loans, especially if invested in the domestic financial sector, could turn out to be "hot money", which can be withdrawn at short notice. Thus, to the extent that within-company loans are financed through the offshore issuance of debt securities, they could be viewed as portfolio flows masked as FDI. Quantitatively, for most EMEs, within-company lending has been modest when compared with purchases of stakes in other companies (Graph 2, left-hand panel). However, there have been sizeable increases in within-company flows in Brazil, China and Russia, amounting to more than $20 billion per quarter for these three countries combined (Graph 2, right-hand panel), which was broadly similar to the size of total portfolio inflows to the three countries during this period. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 73 Between-company trade credit The second mode of capital flow generated by non-financial firms' activities is through trade credit. The term "trade credit" has a narrower meaning in the balance of payments than in everyday use. Instead of encompassing trade financing more broadly such as guarantees through banks and letters of credit, the trade credit category under the BoP accounts refers only to claims or liabilities arising from the direct extension of credit by suppliers for transactions in goods and services, under a residual item known as "other investment". Bank-provided trade financing, such as letters of credit, is recorded separately under "loans". Typically, trade credit flows between companies are small and account for a small proportion of total other investment flows in most instances. Direct credit extension between exporters and importers could be seen as much riskier than arranging trade financing through banks. However, trade credit flows to EMEs have increased since the global financial crisis (Graph 3, left-hand panel), and the increase was driven, to a certain extent, by China (Graph 3, right-hand panel). In fact, the share of trade credit inflows in total other investment in China in recent years has been much larger than that in other EMEs. While these trade credit flows to China may reflect Chinese companies' growing importance and credibility in world trade, trade credit could be another route through which the proceeds of offshore funding can be transferred to headquarters and/or unrelated companies onshore. Between-company loans and corporate deposits Despite the limitations of the existing data frameworks discussed above, it is possible to combine BoP statistics with the BIS international banking statistics (IBS) to shed some light on the growing importance of non-bank corporates in providing cross-border loans and deposits to EMEs. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 74 From the lender perspective, the IBS capture the cross-border positions of internationally active banks. As a consequence, the IBS could be used to measure the amount of cross-border loans that banks provide to residents (both banks and non-banks) of a given country. From the borrower perspective, a couple of (liability) categories in the BoP data provide information on the amount of cross-border financing that the residents of a given country obtain in the form of deposits and loans. More specifically, "deposit liabilities" capture the standard contract liabilities of all deposit-taking institutions in a given reporting jurisdiction to both banks (interbank positions) and non-banks (transferable accounts and deposits). Meanwhile, "loan liabilities" cover liabilities that are created when a creditor lends funds directly to a debtor, and are documented by claims that are not negotiable. Table 2 illustrates how BoP and IBS can be brought together to estimate the amount of non-bank finance to EME residents. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 75 The two BoP categories discussed above capture the cross-border liabilities of (bank and non-bank) residents of a given country to all (bank and non-bank) creditors (represented by cells A, B, C and D). By contrast, the IBS capture solely the cross-border liabilities to offshore banks (cells A and B). Thus, in principle, the difference between the two series could be used as a rough proxy for the amount of non-bank external financing to the residents of a country (cells C and D). This difference used to be small but has been increasing rapidly in recent years (Graph 4, left-hand panel). Up until 2007, the two series moved fairly in sync, suggesting that BoP deposits and loan flows were dominated by banks. However, the gap between the two series has been steadily growing and currently stands at approximately $270 billion (which amounts to 17% of cumulative BoP flows since Q1 2005). The growing gap between the BoP and IBS series could be interpreted as evidence of the increasing weight of non-banks in providing external loan and deposit financing to residents of emerging market economies. A more detailed examination of the data suggests that the role of non-banks might be even greater than the above estimates imply. Assuming positive gross inflows from non-banks, the BoP external loan and deposit estimates should exceed the respective IBS estimates for each _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 76 country in our sample (since, as discussed above, the former include external lending by non-banks, whereas the latter do not). However, we find that the exact opposite is true for several EMEs, such as Brazil, China, Indonesia, the Philippines and Thailand (Graph 4, centre panel). In theory, this finding could be explained by negative cumulative non-bank flows to each of those countries. In practice, it is highly unlikely that this was the case during the time period we examine. A much more plausible explanation could be related to inconsistencies in the reporting of external liabilities. Box 2 Interpreting FDI flows under the new balance of payments template The rapid pace of financial globalisation over the past few decades has changed many aspects of international capital flows. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 77 To improve the understanding of these capital movements, in 2009 the IMF and its members agreed on a new template for collecting international financial transactions data: the sixth edition of the IMF's Balance of Payments and International Investment Position Manual (BPM6). From January 2015, the IMF will only accept data submissions under BPM6. In the transition period, some countries will still be publishing their BoP data under the previous template (BPM5, introduced in 1993) and the IMF will simply convert those "old" data to the new standard. Using Brazil as an example, this box illustrates how the conversion between BPM5 and BPM6 affects the interpretation of FDI flows. Data published under the two formats reflect somewhat different treatments of within-company loans, resulting in differences in reported gross FDI inflows and outflows (Graph B, left-hand and centre panels), even though net FDI flows remain unchanged. This is because, under BPM5, FDI transactions between affiliates are recorded on a residence versus non-residence basis, whereas BPM6 differentiates between the net acquisition of assets and the net incurrence of liabilities. Simply put, under BPM5, both headquarter lending to affiliates (which increases claims) and borrowing from affiliates (which increases liabilities) are counted as gross outflows, albeit with opposite signs. Under BPM6, by contrast, the two activities will fall into different categories. While headquarter lending to affiliates will continue to count as capital outflow, borrowing from affiliates will be counted as net incurrence of liabilities (capital inflow). Using the notation in Graph B (right-hand panel), net acquisition of debt claims under BPM6 (item 6.1.2) will be the sum of items 5.1.2 and 5.2.2 under BPM5. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 78 While the above finding is intriguing in its own right, it also has important implications for the main question that we examine in this article. Namely, it suggests that, for the remaining EMEs in our sample, the aggregate size of the gap between the BoP and IBS series is considerably larger than the one implied by the estimates for the full sample. Indeed, as the right-hand panel of Graph 4 illustrates, the wedge between the BoP and IBS series is considerably larger for the latter set of EMEs (ie Chile, the Czech Republic, Hungary, India, Korea, Mexico, Poland, Russia, South Africa and Turkey). At the end of 2013, the BoP-implied external loan and deposit series for that group of countries exceeded its IBS counterpart by over $550 billion (51% of cumulative BoP flows since Q1 2005). This presents further evidence of the importance of non-banks in providing external loan and deposit financing to EMEs. Conclusion The shift away from bank-intermediated financing to market financing over the past few years has coincided with a sharp increase in international bond issuance by EME non-financial corporations. This trend could have important financial stability implications. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 79 Yet, analysis of it is hindered by conceptual difficulties associated with statistical conventions on the measurement of cross-border flows. In this article, we utilise several key BoP data items to shed light on cross-border capital flows through non-financial corporate activities. We find that capital flows associated with non-financial corporations have indeed increased markedly over the past few years through three different channels. First, within-firm transfers have surged. Second, trade credit flows to EMEs have increased significantly. Finally, the amount of external loan and deposit financing to EMEs provided by non-banks has grown considerably. We interpret those findings as evidence that the offshore subsidiaries of EME non-financial corporates are increasingly acting as surrogate intermediaries, obtaining funds from global investors through bond issuance and repatriating the proceeds to their home country through the above three channels. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 80 [Exposure Draft] Japan’s Corporate Governance Code Seeking Sustainable Corporate Growth and Increased Corporate Value over the Mid- to Long-Term In this Corporate Governance Code, “corporate governance” means a structure for transparent, fair, timely and decisive decision-making by companies, with due attention to the needs and perspectives of shareholders and also customers, employees and local communities. This Corporate Governance Code establishes fundamental principles for effective corporate governance at listed companies in Japan. It is expected that the Code’s appropriate implementation will contribute to the development and success of companies, investors and the Japanese economy as a whole through individual companies’ self-motivated actions so as to achieve sustainable growth and increase corporate value over the mid- to long-term. Background 1. Japan's initiatives for the corporate governance system have significantly accelerated in recent years. 2. The Japan Revitalization Strategy approved by the Cabinet in June 2013 specified as one of its measures the “preparation of principles (a Japanese version of the Stewardship Code) for institutional investors in order to fulfill their stewardship responsibilities, such as promoting the mid- to long-term growth of companies through dialogue.” This led to discussions starting in August 2013 by the Council of Experts Concerning the Japanese Version of the Stewardship Code established under the Financial Services Agency, which drafted and released the “Principles for Responsible Institutional Investors (Japan’s Stewardship Code)” (hereinafter, “Japan’s Stewardship Code”) in February 2014. Japan’s Stewardship Code is currently in effect. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 81 In addition, the Legislative Council of the Ministry of Justice adopted the “Outlines for the Revision of the Companies Act” in September 2012. Subsequently, a bill was submitted to the Diet as an amendment to the Companies Act, including a provision requiring companies to explain if they do not appoint outside directors. The bill was passed in the Diet and became law in June 2014. 3. Another measure specified in the Japan Revitalization Strategy was the encouragement of “securities exchanges in Japan to take measures that lead to the enhancement of corporate governance, for example, by clarifying listing rules concerning the appointment of outside directors and developing new indices for companies that are highly evaluated for their profitability and management.” This led to the establishment by the Japan Exchange Group, Inc. of the JPX-Nikkei Index 400, a new stock index composed of “companies with high appeal for investors, which meet the requirement of global investment standards, such as the efficient use of capital and investor-focused management perspectives.” The operation of this index began in January 6, 2014. 4. In this context, the Japan Revitalization Strategy (Revised in 2014) approved by the Cabinet in June 2014 specified as one of its measures the establishment of “a council of experts of which the Tokyo Stock Exchange and the Financial Services Agency will act as joint secretariat, aiming to prepare the key elements of the Corporate Governance Code by around autumn 2014 for the Tokyo Stock Exchange to newly prepare the Corporate Governance Code in time for the 2015 season of general shareholder meetings.” This led to the formation of the Council of Experts Concerning the Corporate Governance Code (hereinafter, the “Council of Experts”) in August 2014, with the Financial Services Agency and the Tokyo Stock Exchange serving as joint secretariat. The Council of Experts met eight times since August, and developed its basic thought on a corporate governance code as the “Corporate Governance Code [Exposure Draft]” (hereinafter, the “Code”). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 82 The Japan Revitalization Strategy (Revised in 2014) also specified that the formulation of a corporate governance code should be based on the OECD Principles of Corporate Governance. The Council of Experts thus engaged in their discussions by giving due reference to the OECD Principles, and the content of the Code is based on them. 5. The Code is scheduled to receive broad public comments, both domestic and global. Then, in accordance with the Japan Revitalization Strategy (Revised in 2014), the Tokyo Stock Exchange is expected to revise its listing rules and related regulations and formulate a corporate governance code, which is expected to have the same content as the Code. Objectives of the Code 6. The Code has its foundation in the Japan Revitalization Strategy (Revised in 2014 ), and is formulated as part of Japan’s economic growth strategy. As noted above, in the Code corporate governance means a structure for transparent, fair, timely and decisive decision-making by companies, with due attention to the needs and perspectives of shareholders and also customers, employees and local communities. On this basis, the Code establishes fundamental principles for effective corporate governance. 7. It is important that companies operate manage themselves with the full recognition of responsibilities to a range of stakeholders, starting with fiduciary responsibility to shareholders who have entrusted the management. The Code seeks “growth-oriented governance” by promoting timely and decisive decision-making based upon transparent and fair decision-making through the fulfillment of companies’ accountability in relation to responsibilities to shareholders and stakeholders. The Code does not place excessive emphasis on avoiding and limiting risk or the prevention of corporate scandals. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 83 Rather, its primary purpose is to stimulate healthy corporate entrepreneurship, support sustainable corporate growth and increase corporate value over the mid- to long-term. Recognizing the board’s fiduciary responsibilities to shareholders and other stakeholder responsibilities, the Code includes language that calls for a certain measure of corporate self-discipline. It would not be appropriate, however, to view them as limits on companies’ business prerogatives and activities. Indeed, quite the opposite: without appropriately functioning corporate governance, the reasonableness of management’s decision-making processes cannot be secured. In such a case, the management may become risk-avoiding due to concerns that their responsibility with respect to business decisions may be put in question. Such a situation would significantly restrict decisive decision-making and companies’ business activities. By calling for appropriate corporate governance disciplines at Japanese companies, the Code aims to have the management free from such restrictions and establish an environment where healthy entrepreneurship can flourish and where the management’s capabilities can be given full force. 8. Given the concerns regularly perceived about the growth of short-term investment activities in capital markets, it is hoped that the Code will also have the effect of promoting mid- to long-term investing. Market participants who have the strongest expectations for the improvement of corporate governance are usually shareholders with midto long-term holdings, and they usually wait until the improvements of corporate governance are achieved. Notwithstanding recent concerns over the growth of short-termism in the market place, such shareholders have the potential to become important partners for companies. The Code asks companies to examine whether there are issues in their corporate governance in light of the aim and spirit of the principles of the Code, and take self-motivated actions in response to those issues. Such efforts by companies will make possible further corporate governance improvements, supported by purposeful dialogue with shareholders (institutional investors) based on Japan’s Stewardship Code. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 84 In this sense, the Code and Japan’s Stewardship Code are "the two wheels of a cart", and it is hoped that they will work appropriately and together so as to achieve effective corporate governance in Japan. “Principles-Based Approach” and “Comply-or-Explain Approach” 9. The Code specifies General Principles, Principles and Supplementary Principles. The manner of their implementation may vary depending on industry, company size, business characteristics, company organization and the environment surrounding the company. The Code’s principles should be applied in accordance with each company’s particular situation. 10. Given the above, the Code does not adopt a rule-based approach, in which the actions to be taken by companies are specified in detail. Rather, it adopts a principles-based approach so as to achieve effective corporate governance in accordance with each company’s particular situation. This principles-based approach has already been adopted in Japan’s Stewardship Code. The significance of this approach is found in having parties confirm and share the aim and spirit of the principles and review their activities against the aim and spirit, not against the literal wording of the principles, even where the principles may look abstract and broad on the surface. For this reason, the terminology used in the Code is not strictly defined as is the case with laws and regulations. It is anticipated that companies that are accountable to shareholders and other stakeholders will apply appropriate interpretations of the terminology in accordance with the aim and spirit of the Code. Shareholders and other stakeholders are also expected to fully understand the significance of this principles-based approach in their dialogue with companies. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 85 11. Moreover, unlike laws and regulations the Code is not legally binding. The approach it adopts for implementation is “comply or explain” (either comply with a principle or, if not, explain the reasons why not to do so). In other words, the Code assumes that if a company finds specific principles (General Principles, Principles and Supplementary Principles) inappropriate to comply with in view of their individual circumstances, they need not be complied with, provided that the company explains fully the reasons why it does not comply. 12. While this comply-or-explain approach is also adopted in Japan’s Stewardship Code, it is an approach that may not yet be well known in Japan. It is necessary to bear fully in mind that companies subject to the Code are not required to comply with all of its principles uniformly. Shareholders and other stakeholders should also understand the aim of this approach and should fully respect the particular circumstances of individual companies. In particular, it would not be appropriate to consider the literal wording of each principle of the Code superficially and conclude automatically that effective corporate governance is not realized by a company on the ground that the company does not comply with some of the principles. Of course, when companies explain their reasons for non-compliance, they should do so by explaining the measures they have taken or they will take for those non-compliant principles in a manner that non-compliance will gain full understanding from shareholders and other stakeholders. Offering a superficial explanation using boiler-plate expressions would be inconsistent with the concept of “comply or explain.” Implementation of the Code 13. The Code is applicable to all companies listed on securities exchanges in Japan (hereinafter, “companies”). For the application of the Code to the companies listed in the markets other than the main market (namely, the Tokyo Stock Exchange First and Second _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 86 Sections), some consideration may need to be given to the size and characteristics of such companies with respect to the applicability of principles such as governance structure and disclosure. In this respect, it is expected that the Tokyo Stock Exchange will clarify what sorts of consideration will need to be given to which parts of the Code for the companies listed in the markets other than the main market. 14. Companies in Japan may choose one of the following three forms of corporate organization: Company with Kansayaku Board, Company with Three Committees (Nomination, Audit and Remuneration), or Company with Supervisory Committee. The Code does not express a view on any of these forms of company organization. It specifies fundamental principles for corporate governance that should be applicable to whichever form of organization a company may choose. Given that most Japanese companies are Companies with Kansayaku Board, a number of principles specified in the Code are drafted under the assumption that the form of Company with Kansayaku Board is chosen. It is anticipated that companies that take a form other than Company with Kansayaku Board will apply these principles by making necessary adjustments in accordance with their form of company organization. 15. It is expected that the Code will enter into force on June 1, 2015, after the Tokyo Stock Exchange takes necessary institutional steps. Depending on their situation, there may be companies that will find it difficult to fully implement certain principles of the Code from the implementation date noted above even if they desire to do so, such as the principles on governance structures. In such situations, if companies undertake serious investigations and preparations for the commencement of the Code’s application but still find immediate full compliance difficult, these companies’ provision of clear explanations on their plans and conceivable schedule for future compliance should not be ruled out as being against the Code. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 87 Moreover, some principles in the Code call for disclosure or explanation, including cases where companies are asked to “explain” the reasons for non-compliance. Since it would be desirable that companies disclose and explain some of these matters in a standardized framework (for example, through the Corporate Governance Report submitted to the Tokyo Stock Exchange), it is expected that the Tokyo Stock Exchange will offer clarification for handling this matter. Future Revisions of the Code 16. As noted above, while the Code establishes fundamental principles for effective corporate governance, these principles do not remain unchanged. Under rapidly changing economic and social circumstances, in order to ensure that the Code continues to achieve its objectives, the Council of Experts expects that the Code will be periodically reviewed for possible revisions. General Principles Securing the Rights and Equal Treatment of Shareholders 1. Companies should take appropriate measures to fully secure shareholder rights and develop an environment in which shareholders can exercise their rights appropriately and effectively. In addition, companies should secure effective equal treatment of shareholders. Given their particular sensitivities, adequate consideration should be given to the issues and concerns of minority shareholders and foreign shareholders for the effective exercise of shareholder rights and effective equal treatment of shareholders. Appropriate Cooperation with Stakeholders Other Than Shareholders 2. Companies should fully recognize that their sustainable growth and the creation of mid- to long-term corporate value are brought as a result of the provision of resources and contributions made by a range of _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 88 stakeholders, including employees, customers, business partners, creditors and local communities. As such, companies should endeavor to appropriately cooperate with these stakeholders. The board and the management should exercise their leadership in establishing a corporate culture where the rights and positions of stakeholders are respected and sound business ethics are ensured. Ensuring Appropriate Information Disclosure and Transparency 3. Companies should appropriately make information disclosure in compliance with the relevant laws and regulations, but should also strive to actively provide information beyond that required by law. This includes both financial information, such as financial standing and operating results, and non-financial information, such as business strategies and business issues, risk, and governance. The board should recognize that disclosed information will serve as the basis for constructive dialogue with shareholders, and therefore ensure that such information, particularly non-financial information, is accurate, clear and useful. Responsibilities of the Board 4. Given its fiduciary responsibility and accountability to shareholders, in order to promote sustainable corporate growth and the increase of corporate value over the mid- to long-term and enhance earnings power and capital efficiency, the board should appropriately fulfill its roles and responsibilities, including: (1) Setting the broad direction of corporate strategy; (2) Establishing an environment where appropriate risk-taking by the senior management is supported; and (3) Carrying out effective oversight of directors and the management (including shikkoyaku and so-called shikkoyakuin) from an independent and objective standpoint. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 89 Such roles and responsibilities should be equally and appropriately fulfilled regardless of the form of corporate organization – i.e., Company with Kansayaku Board (where a part of these roles and responsibilities are performed by kansayaku and the kansayaku board), Company with Three Committees (Nomination, Audit and Remuneration), or Company with Supervisory Committee. Dialogue with Shareholders 5. In order to contribute to sustainable growth and the increase of corporate value over the mid- to long-term, companies should engage in constructive dialogue with shareholders even outside the general shareholder meeting. During such dialogue, senior management and directors, including outside directors, should listen to the views of shareholders and pay due attention to their interests and concerns, clearly explain business policies to shareholders in an understandable manner so as to gain their support, and work for developing a balanced understanding of the positions of shareholders and other stakeholders and acting accordingly. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 90 Public Service: An Obligation and Opportunity for Lawyers Chair Mary Jo White Association of American Law Schools Annual Meeting, Showcase Speaker Program, Washington D.C. Thank you, for that excellent introduction. I am truly honored to have been asked to be the inaugural speaker in your Showcase Speaker Program. This is an impressive forum for a serious discussion of the most important issues affecting law schools and the legal profession. And the theme of this year’s annual meeting – “Legal Education at the Crossroads” – is an apt description of the critical juncture we are facing in 2015. Many of the challenges confronting law schools today are well-known. Enrollment of first-year law students has not been this low since 1973, the year before I graduated from law school. And while the job market for law school graduates has improved over the last few years, the financial crisis resulted in fundamental structural and market changes to more than just our financial system. There have been lasting changes to the legal job market that may, in the long-run, affect the educational choices of college graduates and the economic models of many of our law schools. I know you are studying these changes carefully and strategizing for the “new normal” and the financial challenges that come with it – for both students and your institutions. One positive by-product of the market changes, however, has been the steady, perhaps slightly increased, number of recent law graduates employed in the public and public interest sectors. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 91 And the graduates going into public service roles are increasingly subsidized in some fashion by the law schools -- indeed, about a quarter of such jobs are supported by law school grants. This is a far cry from what was happening when I graduated from Columbia Law School in 1974. At that time, it seemed like the vast majority of students exclusively sought employment in large law firms. There were no clinical programs to speak of, let alone financial subsidies and loan forgiveness programs to support public interest work. Those changes are very good ones -- very good for students, the legal profession and society. I think we would all like to see these programs, and the opportunities that come with them, expand in the years to come. My remarks tonight are inspired by the public service “silver lining” that is emerging in the current environment. What I will talk about is the overarching public service obligation of lawyers and the opportunities and benefits that public service jobs provide. As an initial matter, I believe that, as lawyers, we should broaden our perspective on our public service obligation and deepen our commitment to public service, irrespective of the particular job we currently hold. More of us should consider careers in public service or at least aim to work in the public sector at various stages of our professional lives. And, more broadly, we should view our public service obligation as a long-term, continuous responsibility that guides how we conduct ourselves – whether working in the public or private sectors. I will begin, as lawyers often do, by defining some terms. What do I mean, in the broadest sense, by the “public service obligation” of lawyers? I will offer my view that the public service obligation is something that should permeate everything we do as lawyers. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 92 Next, I will discuss some of the unique and significant benefits of public service. And, finally, I will encourage you in the legal academy to continue teaching and emphasizing the importance of the lawyer’s public service obligation and its benefits, to raise the bar for lawyer performance and to inspire an interest in a broader set of career choices for your students. A Lawyer’s Public Service Obligation Law is a service business, with the emphasis on service. Our responsibilities as lawyers indeed center on our ethical obligations related to the services we provide to our clients, to the profession and to the rule of law. And, as Ben Heineman, William Lee and David Wilkins recently wrote in their very thoughtful piece on “Lawyers as Professionals and Citizens,” there is a fourth ethical responsibility or dimension for lawyers that requires us to generally provide our services “in the public interest” in furtherance of a “safe, fair and just society.” To be sure, some lawyers have “pure” public service and public interest jobs, whether in government agencies, the military, the legal academy, public interest organizations, or non-profit work of various kinds. In those positions, the duty of public service is the essence of the job description. But this fourth ethical responsibility of public service for lawyers is by no means limited to those of us in public service roles. It applies to all lawyers throughout their careers, including private sector lawyers advising private sector clients. And it is an obligation that extends far beyond our still aspirational duty to provide 50 hours of pro bono legal services each year. As Roscoe Pound, the distinguished former Dean of Harvard Law School, so eloquently captured it, private sector lawyers also have an obligation to practice law “in the spirit of public service.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 93 For me, that means that we are obligated to ask our clients the “should” or “ought to” questions and include those considerations in the advice we give. Or, as Archibald Cox put it in terms we can all understand – lawyers should be willing to say to clients, “Yes, the law lets you do that, but don’t do it. It’s a rotten thing to do.” Cox’s point is obviously that our role as lawyers transcends the technical -it requires us to consider the public’s welfare in addition to the interests of a private client. That is how it should be. Perhaps if lawyers were better at fulfilling this aspect of our public service obligation, we could elevate our collective reputation, and finally make the list of most admired professions -- a list where teachers and members of our military always rightfully do well. Lawyers, on the other hand, tend to trail way behind, sometimes barely ahead of telemarketers and lobbyists. But this was not always the case. Lawyers, for example, played a central role in the founding of our nation and enshrining the values that guide our country today. Thomas Jefferson was a lawyer, as was Abraham Lincoln. There are more modern day heroes too. A number from my field, for example, have been singled out, including former SEC Chairman Manny Cohen – who rose from staff member to Chairman and brought about changes to allow SEC staff lawyers to provide pro bono legal services – and former Director of Corporation Finance, Linda Quinn, who was both a giant of the securities bar and the first woman to lead the Division. And there are, of course, other heroes from our ranks: Justices Thurgood Marshall, Sandra Day O’Connor and Ruth Bader Ginsberg. Their careers, before they joined the Court, centered on championing the civil rights of minorities and women, as well as a commitment to legal education and other public service. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 94 A 2013 survey by the Pew Research Center’s Religion and Public Life Project, however, paints a bleak picture of how our profession as a whole is regarded today. It asked how much certain professions contribute to society’s well-being. Not surprisingly, 78% said members of the military contribute “a lot,” and 72% said teachers do as well. Lawyers, on the other hand, got a disappointing 18% endorsement, with 34% of those surveyed saying that lawyers contribute very little or nothing to society. That 34% hurts. Our image as a profession clearly needs work. Public service though is about much more than image. It is about lawyers being good citizens as well as knowledgeable, well-trained practitioners. Personally, it has been one of the most satisfying aspects of my career, whether in the public or private sector. And make no mistake, private practitioners, not just public sector lawyers, need to absorb and live the public service mandate in order to raise the bar on our real worth as a profession. The “image part” will follow right behind. Public Service Jobs Government lawyers and public interest lawyers are also bound by the public service obligation, but for them it is their core mandate. I used to say to the young prosecutors who worked for me when I was the U.S. Attorney for the Southern District of New York: “your conscience is your client,” reminding them that, as representatives of the public, they should always, always take the “high road,” both substantively and procedurally, as they carry out their responsibilities. The same applies to the SEC staff lawyers with whom I am now privileged to work. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 95 The primary responsibility of government lawyers is to serve the public – and that is also their primary source of job satisfaction. I see that every day with the SEC staff and the high levels of professional accomplishment and personal pride that comes from the work they do to protect investors, safeguard our markets, and facilitate capital formation -the tripartite mission of the SEC. Doing what you think is in the public’s best interest every day, and doing it in the most principled way, is a sure path to professional and personal fulfillment. Very good work if you can get it. The Rewards of Public Service There are, of course, many other benefits and rewards that come from a public service job. I will highlight just three of them: - exposure to an important segment of our profession that contributes directly to the public welfare; - hands-on training and greater responsibility as a young lawyer; and - the opportunity to work on cutting edge issues. When young lawyers ask me about a choice between a career in the public or private sector, I invariably offer the following advice -- if possible, try to spend time in both. Even if you think you are destined to be a life-long government or public interest lawyer, or to have a long career in private practice in a large law firm, it is still invaluable to experience as many different slices of legal life as you can. As young lawyers begin their legal careers, they often have very little idea of what will actually interest and engage them, so it is important to take advantage of every available opportunity early on. Exploring both the public and private sectors will steepen and broaden their learning curves. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 96 Our careers as lawyers typically span many decades, often as many as 40 or 50 years –that gives us a lot of time to work with. So it is possible for your graduates, over the course of their careers, to seize any number of exciting and varied opportunities that come their way and ignite their interest. This last piece of curbside advice is for the long-term too. More senior – or as I like to say “seasoned” – lawyers should look for opportunities to follow their hearts and dreams, especially when they involve providing public service on a more full-time basis. Both the lawyer and the public will be the beneficiaries. At the SEC, for example, we have made an effort over the last several years to hire experts from the private sector, both lawyers and other market specialists. Our existing staff and the new private sector recruits learn from and complement each other. It unquestionably makes us a stronger agency and enhances our ability to protect investors and strengthen our capital markets. We also benefit enormously from those academics, market experts and others with very busy day jobs who give of their time and talents to our advisory committees. For example, in the coming days we will announce the members of the Market Structure Advisory Committee, a committee filled with market experts and academics that will assist our staff and the Commission in the very important work we are doing to comprehensively review the structure of our equity markets to optimize them for the benefit of investors and companies seeking to raise capital. The opportunities are many. Jobs in the government for lawyers range from short-term consultancies and fellowships, to full-time positions and even Presidential appointments, such as mine as Chair of the SEC and United States Attorney. As a society, we need to attract talented, knowledgeable and genuinely committed professionals to public service and work to remove barriers that _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 97 discourage giving back – whether the obstacles are financial, structural, educational or something else. Of course, a major benefit of public service jobs for young lawyers is hands-on training and greater responsibility. There simply is no substitute for “doing it” to grow your competence and expertise. Trying a case, however small, is qualitatively different than serving as one of a dozen associates on the biggest antitrust or securities fraud case. Having done both, I know that both can provide invaluable experience, but I would argue that young lawyers find the most vertical learning curves in the public sector -- where you can handle your own cases and where the decisional “buck” often stops with you. Some of my most meaningful, and memorable, learning occurred when I was the one calling the shots as a young prosecutor. Another significant benefit of public service jobs is the importance and variety of the work. Prosecutors who worked for me when I was U.S. Attorney tried and convicted the terrorists who bombed the World Trade Center in 1993 and our embassies in East Africa in 1998, indicted Osama bin Laden, and investigated the terrorist attacks of 9/11. Others indicted and convicted major financial institutions for securities and other frauds. Enforcement staff attorneys at the SEC root out fraudsters stealing millions of dollars in complex Ponzi schemes and recover money for harmed investors who count on their investments to fund their children’s education or their own retirements. Others at the agency develop policy initiatives that enhance the resiliency of our equity markets and provide more useful information to investors before they decide whether and where to invest their money. In other areas of the public sector, lawyers work to overturn unjust laws, exonerate the innocent, uphold our civil rights, or provide legal services to those who cannot afford a lawyer. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 98 Motivation is almost never lacking in public service jobs. Indeed, the word that almost always pops up in discussing public service jobs is “fun” – a priority that has become far too elusive and scarce in our profession. The late Judge Edward Weinfeld of the Southern District of New York, who routinely arrived at the courthouse before 6 AM and worked twelve hour days, put it this way – “What one enjoys is not work. It is joy.” I have been very fortunate in my career to share Judge Weinfeld’s view. Finally, trying hard not to sound like I am on a soapbox, when you engage in public service, every day you go to work, you have a chance to make a real difference in people’s lives. As I said earlier, very good work if you can get it. *** So, thus far, I have urged that all lawyers recognize our obligation to conduct ourselves in furtherance of the public interest, whether directly from the perch of a public service job or by practicing law “in the spirit of public service” -- asking and advising on those “ought to” questions. I have also made a shameless pitch for greater pursuit of public service jobs throughout our legal careers. That brings me to my final point -- close to home for this audience -- how I believe law schools contribute so vitally to broadening law students’ perspectives and deepening their commitment to serving in the public interest. Role of the Law Schools Let me hasten to say that I would not presume to lecture you on legal education. That is your expertise and one that I deeply respect. Rather, I want to commend you for some of the steps law schools have taken to foster and promote public service and legal practice “in the spirit of public service.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 99 I will be brief and again mention just three: - exposing students to opportunities and direct experience in public service; - providing encouragement and support for placement in public service jobs; and - teaching professional responsibility beyond specific courses as a permeating guiding principle. Law schools today offer a wide range of clinical programs, externships, and other direct opportunities for students to obtain on-the-job public service experience through working in government agencies and public interest organizations. I can tell you firsthand that the SEC has benefited greatly from these programs as we typically have law school interns from many different law schools working with us throughout the academic year -- last year, some 800 students from more than 130 law schools participated in the programs we offer. Our interns provide a real contribution to our work, becoming valuable members of our teams – in enforcement, rulemaking and other areas of the agency’s responsibility. Most of our interns receive school credit, and many have come back to work for us after graduation. On top of providing such valuable direct experience while still in law school, law schools have also instituted several important, and often creative, programs to encourage and support their students’ placement in public service jobs. These programs range from student loan deferral or forgiveness, fellowships and direct grants for a public service commitment after graduation to career fairs, symposiums, placement assistance, and public service mentorships. More broadly, law schools have increasingly established centers focused on ethics and professional responsibility to prepare students for the difficult and important ethical issues they will invariably face during the course of their careers. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 100 As typified by the Louis Stein Center for Law and Ethics at Fordham Law School, these programs go far beyond ensuring that the curriculum has a course or two on professional responsibility. Rather, they teach what they call at Fordham “a life in noble lawyering.” These programs are a critically important component of a law school education that fosters a perspective that ethics and professional responsibility can and must serve as a life-long guiding principle. It is a public service perspective that reminds students that our profession rightfully demands giving something back, which is important no matter where law school graduates end up spending their professional careers. The benefits of this greater public service emphasis thus extends far beyond providing first-year jobs or a more diverse set of employment choices to law school graduates. The enhanced focus will return real dividends in training a new generation of lawyers on the importance of public service in all of its forms and fostering the critical values of a public service ethic. All of this will have a positive impact on how graduates practice and how the profession is perceived. As you continue such efforts, it is important to keep in mind that a career in public service should not be a hard sell to many of the millennials who decide to attend law school. There is a growing body of evidence suggesting that younger generations are generally more civic-minded and interested in community service than older -- by which I mean “my” and possibly your -- generations. There is also a trend of more law school graduates working in jobs that do not require passing the bar exam, including many in the public sector. And some foresee a growing demand for individuals with a law school education in the fields of health care, housing, elder care, international commerce and digital security. We should try to capitalize on all of these developments and opportunities as we think about the future of legal education. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 101 Although easier said than done, surely it is possible to recalibrate our economic models for legal education to harness the new normal for lawyers, including, I hope, a greater emphasis on and participation in public service. Conclusion There is in my view, no higher calling for a lawyer than public service. And each of you is actively engaged in perhaps the most important aspect of public service for our profession – teaching, guiding and inspiring our future lawyers. You are the role models and primary drivers of how well lawyers will do in fulfilling their public service obligation. How well they do at that, in turn, will heavily influence what kind of society we will have. No pressure. Just know how important you are and how important the decisions you make about legal education at the crossroads will be. Most importantly, know how much the profession admires what you do and how grateful we are for the public service choice you have made for your own careers. Thank you. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 102 Cybersecurity: Enhancing Coordination to Protect the Financial Sector Written testimony of NPPD Deputy Under Secretary for Cybersecurity Dr. Phyllis Schneck for a Senate Committee on Banking, Housing, and Urban Affairs hearing Introduction Chairman Johnson, Ranking member Crapo, and distinguished Members of the Committee, I am pleased to appear today to discuss the work of the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) to address persistent and emerging cyber threats to the U.S. homeland. On February 12, 2013, the President signed Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21, Critical Infrastructure Security and Resilience. These set out steps to strengthen the security and resilience of the Nation’s critical infrastructure. They reflect the increasing importance of integrating cybersecurity efforts with traditional critical infrastructure protection. The President highlighted the importance of government’s role in encouraging innovation and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. DHS partners closely with owners and operators to improve cybersecurity information sharing and encourage implementation of risk-based standards in order to meet the President’s objectives. In my testimony today, I would like to highlight how DHS helps secure cyber infrastructure and then discuss a few specific examples where we prevented and responded to a variety of cybersecurity challenges. DHS Cybersecurity Role _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 103 Based on our statutory and policy requirements, DHS undertakes three broad areas of responsibility in cybersecurity: (1) we coordinate the national protection, prevention, mitigation, response and recovery in the event of significant cyber and communications incidents; (2) we disseminate domestic cyber threat and vulnerability analyses across critical infrastructure sectors; (3) we investigate cybercrime that falls under DHS’s jurisdiction. DHS components actively involved in cybersecurity include NPPD, the United States Secret Service, the U.S. Coast Guard, U.S. Customs and Border Protection, Immigration and Customs Enforcement, the DHS Office of the Chief Information Officer, the DHS Science and Technology Directorate, and the DHS Office of Intelligence and Analysis (I&A), among others. In all of its activities, DHS coordinates its cybersecurity efforts with governmental, private sector, and international partners. The DHS National Cybersecurity & Communications Integration Center (NCCIC) is a 24-7 cyber situational awareness and incident response and management center that serves as a centralized location for the coordination and integration of operational elements involved in cybersecurity and communications reliability. NCCIC partners include all federal departments and agencies; state, local, tribal, and territorial governments (SLTT); the private sector; and international entities. The Center provides greater situational awareness of cybersecurity and communications, and takes actions to address vulnerabilities, intrusions, and incidents, including mitigation, information-sharing, and recovery. The NCCIC is composed of the United States Computer Emergency Readiness Team (US-CERT), the Industrial Control System Cyber Emergency Response Team (ICS-CERT), the National Coordination Center for Communications (NCC), and an Operations and Integration Team. NCCIC operations are currently conducted from three states: Virginia, Idaho, and Florida. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 104 During the first eleven months of 2014, the NCCIC has had 108,734 incidents reported to the center, issued over 11,514 actionable cyber-alerts, and had over 219,805 partners subscribe to our cyber threat warning sharing initiative. NCCIC teams have also detected over 87,797 vulnerabilities and directly aided in the mitigation of near 53,624 unique challenges. Enhancing the Security of Cyber Infrastructure The NCCIC actively collaborates with public and private sector partners every day, including responding to and mitigating the impacts of attempted disruptions to the Nation’s critical cyber and communications networks. DHS also directly supports federal civilian departments and agencies in developing capabilities that will improve their own cybersecurity postures. Through the Continuous Diagnostics and Mitigation (CDM) program, led by the NPPD Federal Network Resilience Branch, DHS enables Federal agencies to more readily identify network security issues, including unauthorized and unmanaged hardware and software; known vulnerabilities; weak configuration settings; and potential insider attacks. Agencies can then prioritize mitigation of these issues based upon potential consequences or likelihood of exploitation by adversaries. The CDM program provides diagnostic sensors, tools, and dashboards that provide situational awareness to individual agencies and at a summary federal level. Memoranda of Agreement between government entities and DHS to provide the CDM program’s services encompass network security protection for over 97 percent of all federal civilian personnel. The National Cybersecurity Protection System (NCPS) complements these efforts. A key component of NCPS is referred to as EINSTEIN, an integrated intrusion detection, analysis, information sharing, and intrusion-prevention system. EINSTEIN utilizes hardware, software, and other components to support DHS’s protection of Federal civilian agency networks. The program will expand intrusion prevention, information sharing, and cyber analytic capabilities at Federal agencies. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 105 EINSTEIN 3 Accelerated (E3A) gives DHS an active role in defending .gov network traffic. At this time, E3A provides Domain Name System and/or email protection services to thirty-three departments and agencies. It reduces threat vectors available to actors seeking to infiltrate, control, or harm Federal networks. Securing the Homeland Against Persistent And Emerging Cyber Threats Cyber intrusions into critical infrastructure and government networks are serious and sophisticated threats. The complexity of emerging threat capabilities, the inextricable link between the physical and cyber domains, and the diversity of cyber actors present challenges to DHS and our customers. As the private sector owns and operates over 85% of the Nation’s critical infrastructure, information sharing and capability development partnership becomes especially critical between the public and private sectors. Financial Sector Distributed Denial of Service (DDoS) Attacks The continued stability of the U.S. financial sector is often discussed as an area of concern, as U.S. banks are consistent targets of cyber-attacks. There have been increasingly powerful DDoS incidents impacting leading U.S. banking institutions in 2012 and 2013 and some high-profile media coverage of financial sector cybersecurity issues in 2014. US-CERT has a distinct role in responding to a DDoS: to disseminate victim notifications to United States Federal Agencies, Critical Infrastructure Partners, International CERTs, and US-based Internet Service Providers. US-CERT has provided technical data and assistance, including identifying 600,000 DDoS related IP addresses and supporting contextual information about the source of the attacks, the identity of the attacker, or other associated details. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 106 This information helps financial institutions and their information technology security service providers improve defensive capabilities. In addition to sharing with relevant private sector entities, US-CERT provided this information to over 120 international partners, many of whom contributed to our mitigation efforts. US-CERT, along with the FBI and other interagency partners, also deployed to affected entities on-site technical assistance, or “boots on the ground.” US-CERT works with federal civilian agencies to ensure that no USG systems are vulnerable to take-over as a part of a botnet, since botnets are a tool that cybercriminals use to deflect attribution in DDoS attacks. During these attacks, our I&A partners bolstered long-term, consistent threat engagements with the Department of Treasury and private sector partners in the Financial Services Sector. I&A analysts presented sector-specific unclassified briefings on the relevant threat intelligence, including at the annual Financial Services Information Sharing and Analysis Center (FS-ISAC) conference, alongside the Office of the National Counterintelligence Executive and the U.S. Secret Service. At the request of the Treasury and the Financial and Banking Information Infrastructure Committee (FBIIC), I&A analysts provided classified briefings on the malicious cyber threat actors to cleared individuals and groups from several financial regulators, including the Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), and the Federal Reserve Board (FRB). Additionally our Science & Technology organization coordinates priority R&D programs in collaboration with the Financial Services Sector Coordinating Council. Point of Sale Compromises On December 19, 2013, a major retailer publically announced it had experienced unauthorized access to payment card data from the retailer’s U.S. stores. The information involved in this incident included customer names, credit and debit card numbers, and the cards’ expiration dates and card verification value security codes. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 107 The value security codes are three or four digit numbers that are usually on the back of the card. Separately, another retailer also reported a malware incident involving its Point of Sale (POS) system on January 11, 2014, that resulted in the apparent compromise of credit card and payment information. In response to this activity, NCCIC/US-CERT analyzed the malware identified by the Secret Service as well as other relevant technical data and used those findings, in part, to create two information sharing products. The first product, which is publically available and can be found on US-CERT’s website, provides a non-technical overview of risks to POS systems, along with recommendations for how businesses and individuals can better protect themselves and mitigate their losses in the event an incident has already occurred. The second product provides more detailed technical analysis and mitigation recommendations, and has been securely shared with industry partners to enable their protection efforts. NCCIC’s goal is always to share information as broadly as possible, including by producing products tailored to specific audiences. These efforts ensured that actionable details associated with a major cyber incident were shared with the private sector partners who needed the information in order to protect themselves and their customers quickly and accurately, while also providing individuals with practical recommendations for mitigating the risk associated with the compromise of their personal information. NCCIC especially benefited from close coordination with the private sector Financial Services Information Sharing and Analysis Center during this response. Preparing for the Next Cyber Incident DHS is taking a number of proactive measures to strengthen its partnerships with the financial sector and increase shared understanding of one another’s capabilities and cybersecurity response plans and procedures. These efforts include regularly exercising incident response procedures together with interagency and private sector representatives; working _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 108 collaboratively with financial sector representatives to clarify and streamline processes when requesting technical assistance from the government; identifying barriers to information sharing and ways to reduce those barriers; and implementing automated information sharing between the financial services sector and government by expanding the use of Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) programs, a free method for machine-to-machine sharing of cyber threat indicators. Also of significant note is our vision and direction moving forward to create broad situational awareness of cyber threats and disseminate warning information ahead of malicious attacks. We recognize the need to change the profit model in cybercrime by making networks more resilient and less appealing and rewarding for adversarial attack or intrusion. Just as the human body achieves resilience by fighting new viruses with biological mechanisms that recognize when the body is under attack, DHS is enabling similar mechanisms for networks using mathematical trend analysis of cyber events. We collect the data needed for this from the government agencies that we protect, with full collaboration from our privacy and civil liberties experts, and are creating a cyber “Weather Map,” to help visualize and inform current cyber conditions. The concept comprises the ability to view the current state of cybersecurity, just as a traditional weather map provides a view of current weather. Our goal is for networks and connected devices to know when to reject incoming traffic or even refuse to execute specific computer instructions because they are recognized as harmful due to their current behavior, even if the exact computer “disease” has not been seen before. This will help to create that resilience to deter many cyber threat actors. DHS also recognizes that effective incident response requires plenty of practice and close cooperation across government and with the private sector. To prepare for and ensure effective cooperation during a significant event, DHS, in close coordination with the Department of the Treasury, private _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 109 sector representatives, financial sector regulatory bodies and other federal government partners, has instituted an exercise program to periodically test processes and procedures for responding to a significant cyber incident impacting the financial sector. The exercises help clarify roles and responsibilities, identify gaps in response plans and capabilities, and assist with developing plans to address those gaps. The exercises result in valuable lessons learned and will help improve existing processes and procedures and result in more effective cooperation during an actual incident. DHS Cybersecurity Authorities We continue to seek legislation that clarifies and strengthens DHS responsibilities and allows us to respond quickly to vulnerabilities like Heartbleed, a vulnerability in the popular OpenSSL cryptographic software library. Legislative action is vital to ensuring the Department has the tools it needs to carry out its mission. DHS had to go “door to door” securing authorization from federal entities to exercise our authority in responding to Heartbleed. We urge Congress to continue efforts to modernize the Federal Information Security Management Act to reflect the existing DHS role in agencies’ Federal network information security policies; clarify existing operational responsibilities for DHS in cybersecurity by authorizing the NCCIC; and provide DHS with hiring and other workforce authorities. Conclusion DHS will continue to work with our public and private partners to create collaborative solutions to improve cybersecurity, particularly those that reduce the likelihood of the highest-consequence cybersecurity incidents. We work around the clock to ensure that the peace and security of the American way of life will not be interrupted by degradation of systems or by opportunist, enemy, or terrorist actors. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 110 Each incarnation of threat has some unique traits, and mitigation requires agility and layered security. Cybersecurity is a process of risk management in a time of constrained resources, and we must ensure that our efforts achieve the highest level of security as efficiently as possible. DHS represents an integral piece of the national work in cybersecurity: we are building a foundation of voluntary partnerships with private owners of critical infrastructure and government partners working together to safeguard stability. While securing cyberspace has been identified as a core DHS mission since the 2010 Quadrennial Homeland Security Review, the Department’s view of cybersecurity has evolved to include a more holistic emphasis on critical infrastructure which takes into account risks across the board. The Department stands to be the core of integration and joint analysis, by machines and by humans, of global cyber behavior, trends, malware analysis and the powerful combination of data that only we can correlate due to our unique role protecting civilian government systems with data that often only the private sector gathers. We are working to further enable the NCCIC to receive information at “machine speed.” This capability will begin to enable networks to be more self-healing, as they use mathematics and analytics to better recognize and block threats before they reach their targets, thus deflating the profit model of cyber adversaries and taking botnet response from hours to seconds in some cases. DHS forms a crucial underpinning for ensuring the ongoing protection of our infrastructures, services and way of life. We look forward to continuing the conversation and continuing to serve the American goals of peace and stability, and we rely upon your continued support. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 111 Five Things to Know: The Administration's Priorities on Cybersecurity “America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.” - President Obama Five Things to Know: 1. Protecting the country's critical infrastructure — our most important information systems — from cyber threats. 2. Improving our ability to identify and report cyber incidents so that we can respond in a timely manner. 3. Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace. 4. Securing federal networks by setting clear security targets and holding agencies accountable for meeting those targets. 5. Shaping a cyber-savvy workforce and moving beyond passwords in partnership with the private sector. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 112 Cyberspace touches nearly every part of our daily lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history. We must secure our cyberspace to ensure that we can continue to grow the nation’s economy and protect our way of life. The Administration is employing the following principles in its approach to strengthen cybersecurity: - Whole-of-government approach - Network defense first - Protection of privacy and civil liberties - Public-private collaboration - International cooperation and engagement On February 12, 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” Protect Critical Infrastructure The government must work collaboratively with critical infrastructure owners and operators to protect our nation’s most sensitive infrastructure from cybersecurity threats. Specifically, we are working with industry to increase the sharing of actionable threat information and warnings between the private sector and the U.S. Government and to spread industry-led cybersecurity standards and best practices to the most vulnerable critical infrastructure companies and assets. The Administration issued E.O. 13636, Improving Critical Infrastructure Cybersecurity, in 2013 _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 113 The Administration launched a follow-on Cybersecurity Framework, a guide developed collaboratively with the private sector for private industry to enhance their cybersecurity, in 2014 Improve Incident Reporting and Response We must enhance our ability to detect and characterize cyber incidents, share information about them, and respond in a timely manner. These efforts encompass network defense, law enforcement, and intelligence collection initiatives, so we can better understand our potential adversaries in cyberspace. Awareness of a cyber threat or incident - and quickly acting on that information - are critical prerequisites to effective incident response. As directed in E.O. 13636, the U.S. Government has developed systems and procedures to increase the timeliness and quality of cyber threat information shared with at-risk private sector entities. We are placing great emphasis on unity of effort by agencies with a domestic response mission Engage Internationally Because cyberspace crosses every international boundary, we must engage with our international partners. We will work to create incentives for, and build consensus around, an international environment where states recognize the value of an open, interoperable, secure, and reliable cyberspace. We will oppose efforts to restrict internet freedoms, eliminate the multi-stakeholder approach to internet governance, or impose political and bureaucratic layers unable to keep up with the speed of technological change. An open, transparent, secure, and stable cyberspace is critical to the success of the global economy. We are continuing to pursue the policy objectives laid out in the U.S. International Strategy for Cyberspace including: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 114 - Developing international norms of behavior in cyberspace - Promoting collaboration in cybercrime investigations (Mutual Legal Assistance Treaty modernization) - International cybersecurity capacity building Secure Federal Networks We must improve the security of all federal networks by setting clear targets for agencies and then hold them accountable to achieve those targets. We are also deploying improved technology to enable more rapid discovery of and response to threats to federal data, systems, and networks. The Cybersecurity Cross Agency Priority (CAP) Goal represents the Administration's highest cybersecurity priorities for securing unclassified federal networks. Shape the Future Cyber Environment We are also looking to the future. We are working to develop a cyber-savvy workforce and ultimately to make cyberspace inherently more secure. We will prioritize research, development, and technology transition and harness private sector innovation while ensuring our activities continue to respect the privacy, civil liberties and rights of everyone. The federal government is partnering with the private sector and academia to encourage and support the innovation needed to make cyberspace inherently more secure. Cybersecurity Policies and Initiatives Presidential Policy Directive 28 (PPD-28) Executive Order (E.o.) 13636 Presidential Policy Directive 21 (PPD-21) Presidential Policy Directive 8 (PPD-8) Cyberspace Policy Review _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 115 FINMA publishes revised circular on auditing The Swiss Financial Market Supervisory Authority FINMA has published its partially revised circular on auditing (FINMA-Circ. 2013/3). Following the transfer of supervision of audit firms from FINMA to the Federal Audit Oversight Authority (FAOA), adjustment of the legal basis was necessary. After the consultation in the third quarter, FINMA’s circular, “Auditing”, has thus been partially revised. It enters into force on 1 January 2015. Two years ago, both authorities decided to pool supervisory competences and to transfer the supervision of audit firms from FINMA to the FAOA. Parliament has thus adjusted the legal basis, and the revised Financial Market Auditing Ordinance (FMAO) will be put into effect by the Federal Council as of 1 January 2015. Certain provisions and principles previously prescribed in FINMA’s circular, “Auditing” have now been set out at ordinance level. This required partial revision of the circular and the opening of a consultation. Overall, consultation respondents were in favour of the proposed changes. FINMA accepted some minor changes - for instance, keeping the term "financial audits". Some of the respondents brought up the subject of risk analysis and certain activities that are not compatible with an audit mandate. Here, however, no material changes will be made and the communicated practice will be maintained. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 116 The revised circular enters into force on 1 January 2015. The FINMA circular, “Audit firms and lead auditors” (FINMA-Circ. 2013/4) will be repealed at the end of 2014 and not replaced. Following the transfer of supervisory competences from FINMA to the FAOA, the licensing requirements prescribed in that circular will now be governed by the Auditor Oversight Ordinance (AOO). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 117 Bank business models Rungporn Roengpitya, Nikola Tarashev and Kostas Tsatsaronis We identify three business models using balance sheet characteristics of 222 international banks and a data-driven procedure. We find that institutions engaging mainly in commercial banking activities have lower costs and more stable profits than those more heavily involved in capital market activities, mainly trading. We also find that retail banking has gained ground post-crisis, reversing a pre-crisis trend. _________________________________________ Banks choose to be different from one another. They engage strategically in different intermediation activities and select their balance sheet structure to fit their business objectives. In a competitive pursuit of growth opportunities, banks choose a business model to leverage the strengths of their organisation. This article has three objectives. The first is to define and characterise banks' business models. We identify a small set of key ratios that differentiate banks' business profiles and use a broader set of variables to provide a more complete characterisation of these profiles. The second objective is to analyse the performance of these business models in terms of profitability and operating costs. The final objective is to track how banks changed their business models before and after the recent crisis. We identify three business models: a retail-funded commercial bank, a wholesale-funded commercial bank and a capital markets-oriented bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 118 The first two models differ mainly in terms of banks' funding mix, while the third category stands out primarily because of banks' greater engagement in trading activities. On average, retail-focused commercial banks exhibit the least volatile earnings, while wholesale funded commercial banks are the most efficient. On the other hand, trading banks struggle to consistently outperform the other two business types. Banks' profiles evolve over time in response to changes in the economic environment and to new rules and regulations. We find that transition patterns changed around the recent financial crisis. While several banks increased their reliance on wholesale funding prior to the crisis, in its wake more banks have adopted more traditional business profiles geared towards commercial banking. The rest of this article is organised in four sections. In the first section, we lay out the methodology we employ to classify banks into distinct business models. In the second section, we characterise the three business models in terms of banks' balance sheet composition, while in the third we highlight systematic differences in the performance of banks in different business model groups. In the last section, we look into the transitions of banks across the three groups. Classifying banks: the methodology The procedure we use to classify banks into distinct business models is primarily driven by data but incorporates judgmental elements. It shares many technical aspects with the procedure employed by Ayadi and de Groen (2014), but differs in terms of the judgmental elements and the data used. In contrast to their analysis, which focuses exclusively on European banks, we use annual data for 222 individual banks from 34 countries, covering the period between 2005 and 2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 119 The unit of our analysis (ie a data point) is a bank in a given year (bank/year pair). Given that the available data do not cover the entire period for each bank, we work with 1,299 bank/year observations. By focusing on bank/year pairs our approach allows institutions to switch between business models at any point in the period of analysis (an aspect that we explore in the last section). In this section we provide a description of the classification methodology, leaving the more technical details for the box. The inputs to the classification are bank characteristics. These are balance sheet ratios, which we interpret as reflecting strategic management choices. We use eight ratios expressed in terms of balance sheet size and evenly split between the asset and liability sides of the ledger. They relate to the share of loans, traded securities, deposits and wholesale debt, as well as the interbank activity of the firm. We distinguish this set of variables from other variables that we use in the third section to characterise the performance of different business models. We view these other variables, which capture profitability, income composition, leverage and cost efficiency, as reflecting the interaction between banks' strategic choices and the market environment. We thus treat them as variables that relate to outcomes as opposed to choices. The core of the methodology is a statistical clustering algorithm. Based on a pre-specified set of input variables, the algorithm partitions the 1,299 bank/year observations into distinct groups. We select inputs from the set of choice variables. The idea is that banks with similar business model strategies have made similar choices regarding the composition of their assets and liabilities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 120 We make no a priori decisions as to which choice variables are more important in defining business models or as to the general profile of these models. In that sense, the methodology is data-driven. We rely on the repeated use of the clustering algorithm and a goodness-of-fit metric (the F-index, which is described in the box) to guide the selection of the most appropriate partitioning of the observations universe into a small number of distinct business model groups. Using statistical clustering to identify business models This box more precisely defines the variables used as inputs and discusses the more technical aspects of the statistical classification (clustering) procedure. The eight input variables from which we selected the key characteristics of the business models are evenly split between the asset and liability sides of the balance sheet. All ratios are expressed as a share of total assets net of derivatives positions. The reason for this is to avoid distortions of the metrics related by differences in the applicable accounting standards in different jurisdictions. The asset side ratios relate to: (i) total loans; (ii) securities (measured as the sum of trading assets and liabilities net of derivatives); (iii) the size of the trading book (measured as the sum of trading securities and fair value through income book); and (iv) interbank lending (measured as the sum of loans and advances to banks, reverse repos and cash collateral). The liability side ratios relate to: (i) customer deposits; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 121 (ii) wholesale debt (measured as the sum of other deposits, short-term borrowing and long-term funding); (iii) stable funding (measured as the sum of total customer deposits and long-term funding); and (iv) interbank borrowing (measured as deposits from banks plus repos and cash collateral). We employ the statistical classification algorithm proposed by Ward (1963). The algorithm is a hierarchical classification method that can be applied to a universe of individual observations (in our case, these are the bank/year pairs). Each observation is described by a set of scores (in our case, the balance sheet ratios). This is an agglomerative algorithm, which starts from individual observations and successively builds up groups (clusters) by joining observations that are closest to each other. It proceeds by forming progressively larger groups (ie partitioning the universe of observations more coarsely), maximising the similarities of any two observations within each group and maximising the differences across groups. The algorithm measures the distance between two observations by the sum of squared differences of their scores. One could present the results of the hierarchical classification in the form of the roots of a tree. The single observations would be automatically the most homogeneous groups at the bottom of the hierarchy. The algorithm first groups individual observations on the basis of the closeness of their scores. These small groups are successively merged with each other, forming fewer and larger groups at higher levels of the hierarchy, with the universe being a single group at the very top. Which partition (ie step in the hierarchy) represents a good compromise between the homogeneity within each group and the number of groups? _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 122 There are no hard rules for determining this. We use the pseudo F-index proposed by Calinśki and Harabasz (1974) to help us decide. The index balances parsimony (ie a small number of groups) with the ability to discriminate (ie the groups have sufficiently distinct characteristics from each other). It increases when observations are more alike within a group (ie their scores are closer together) but more distinct across groups, and decreases as the number of groups gets larger. The closeness of observations is measured by the ratio of the average distance between bank/years that belong to different groups to the corresponding average of observations that belong to the same group. The number of groups is penalised based on the ratio of the total number of observations to that of groups in the particular partition. The criterion is similar in spirit to the Akaike and Schwarz information criteria that are often used to select the appropriate number of lags in time series regressions. The clustering algorithm is run for all combinations of at least three choice variables from the set of eight. If we had considered all their combinations, there would have been 325 runs. We reduce this number by ignoring subsets that include two choice variables that are highly correlated because the simultaneous presence of these variables provides little additional information. We impose a threshold for the correlation coefficient of 60% (in absolute value), which means that we do not examine sets of input variables that include simultaneously the securities and trading book variables, or the wholesale debt and stable funding variables. ___________________________________________ At various stages, our approach incorporates judgmental elements in order to help narrow down the search for a robust, intuitive and parsimonious classification of banks into distinct business models. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 123 The general strategy is as follows. We run the clustering algorithm for each subset of at least three choice variables, ignoring all subsets that include simultaneously pairs of variables that are very highly correlated with each other, hence providing little independent information. The clustering algorithm produces a hierarchy of partitions ranging from the very coarse (ie few groups) to the very fine (ie many small groups). We select the partition in this hierarchy with the highest F-index. This becomes the candidate partition for this run (ie this subset of choice variables). We use judgmental criteria to eliminate candidates that do not represent clear and easily interpretable groups (ie distinct bank business models). One such criterion is to eliminate candidates that produce fewer than three or more than five groups as fewer than three do not allow for a meaningful differentiation of banks and more than five are difficult to interpret. The other criterion is to focus only on partitions that are "clear winners" among all other partitions based on the same set of choice variables. To this effect we require that the top scoring partition has an associated F-index score at least 15% higher than that of the partition with the second highest score within the same hierarchy (ie the same set of input variables). We dropped candidates that failed this test. This elimination procedure leaves us with five partitions (ie five different sets of groups) based on five different subsets of the choice variables. To these five groups we apply a final judgmental criterion that seeks to capture the stability of outcomes over time. For each of the five combinations of choice variables we create two partitions of the banks in the universe. We first partition banks using only data up to 2012, and then using all available data. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 124 We then calculate the share of observations that are classified in the same group in both partitions over the overlapping period. We select the partition with the highest overlap ratio, which is 85%. This partition classifies the 1,299 bank/year observations into three groups, which we refer to as bank business models. We next characterise these models in terms of the whole set of eight choice variables. Three distinct business models: the characteristics that matter The classification process identifies three distinct business models and selects three ratios as the key differentiating choice variables: the share of loans, the share of non-deposit debt and the share of interbank liabilities to total assets (net of derivatives exposures). This partition satisfies our criteria of robustness, parsimony and stability. The share of gross loans is the only variable relating to the composition of the banks' assets. The other two ratios differentiate banks in terms of their funding structure. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 125 Table 1 characterises the three business model profiles in terms of all eight choice variables (rows). The cells report the average ratio for all banks that were classified in the corresponding business model (columns). For comparison, the last column provides the average value of the corresponding ratio for the universe of observations. The first business model group we label commercial "retail-funded", and it is characterised by a high share of loans on the balance sheet and high reliance on stable funding sources including deposits. In fact, customer deposits are about two thirds of the overall liabilities of the average bank in this group. This is the largest group in our universe with 737 bank/year observations over the entire period. The second business model group we label commercial "wholesale-funded". The average bank in this group has an asset profile that is remarkably similar to the profile of the retail funded banks in the first group. The main differences between the two relate to the funding mix. Wholesale-funded banks have a higher share of interbank liabilities (13.8% versus 7.8%) and a much higher share of wholesale debt (36.7% versus 10.8%), with the balance being a lower reliance on customer deposits (35.6% versus 66.7%). There are half as many observations in the wholesale-funded group compared to the retail-funded group. The third group is more capital markets-oriented. Banks in this category hold half of their assets in the form of tradable securities and are predominately funded in wholesale markets. In fact, the average bank in this group is most active in the interbank market, with related assets and liabilities accounting for about one fifth of the balance sheet. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 126 We label this business model "trading bank". It is the smallest group in terms of observations (203 bank/years) in our sample. By comparison, Ayadi and de Groen (2014) classify European banks into four business models, which they label as investment banks, wholesale banks, diversified retail and focused retail. Drawing rough parallels with the classification in this paper, which involves a more global universe of banks, their investment bank model corresponds to our trading model, the two wholesale models correspond to each other, and the diversified and focused retail models together correspond to our retail-funded model. That said, an exact comparison would require comparing individual banks in the two universes. We find that the popularity of business models differs with banks' nationality (Table 2). Looking only at the last year of our data (2013), the North American banks in our universe had either a retail-funded or trading profile; none belonged to the wholesale-funded group. At the same time, one third of the European banks had a wholesale-funded model. In turn, banks domiciled in emerging market economies (EMEs) clearly preferred the retail-funded model (90%). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 127 We also look at the distribution of global systemically important banks (G-SIBs) across business models (Table 2). Our data for 2013 cover 28 firms that were part of the banking organisations designated as G-SIBs by international policymakers (Financial Stability Board (2014)). The list - which includes institutions from both advanced and emerging market economies - was roughly equally split between the retail-funded and trading models. Business models and bank performance Are there systematic differences in the performance of banks with different business models? The question is pertinent for understanding the impact of banks' choices on shareholder value but also on financial stability, which depends on sustainable performance by financial intermediaries. In this section we examine the performance of banks in the different business model categories both in a cross section and over time. In analysing the performance of different bank models, we use what we label "outcome" variables. In contrast to the choice variables that we used to define the business models, we interpret outcome variables as the result of the interaction between the strategic choices made by the bank in terms of business area focus and the market environment. Examples of such variables are indicators of profitability, (for example, banks' return-on-equity (RoE)), the composition of bank earnings (for instance, the share of interest income in total income) and indicators of efficiency (for example, the cost-to-income ratio). Profitability and efficiency have varied markedly across models as well as over time (Graph 1). The outbreak of the recent crisis marked a steep drop in advanced economy banks' RoE across all business models (Graph 1, left-hand panel). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 128 But while RoE stabilised for retail banks after 2009, it remained volatile for trading and wholesale-funded banks. In fact, trading banks as a group show the highest volatility of RoE across the three groups, swinging repeatedly between the top and bottom of the relative ranking. The story is qualitatively similar in terms of return-on-assets (RoA, not reported here), an alternative metric of profitability that is insensitive to leverage (see also Table 3). All three business models show relatively stable costs in relation to income (Graph 1, centre panel). A spike in the cost-to-income ratio around 2008 is readily explained by the drop in earnings in the midst of the crisis. Compared to the other two business models, trading banks had a persistently high cost base throughout the period of analysis, despite their more mixed record in terms of profitability. Interestingly, high costs relative to income have persisted post-crisis despite the decline in these banks' profitability. A possible explanation can be found in staff remuneration rates, although this would be difficult to decipher from our data. Post-crisis markets appear rather sceptical about the prospects of all three business models, judging from the price-to-book ratio of banks in advanced economies (Graph 1, right-hand panel). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 129 This ratio relates the banks' stock market capitalisation to the equity they report in their financial accounts. A value higher than unity suggests that the equity market has a more positive view on the franchise value of the bank than what is recorded on the basis of accounting rules. A value below unity suggests the opposite. The ratio declined dramatically around the crisis for banks in all three business models. In fact, it has been persistently below unity since 2009 for most advanced economy banks, reflecting market scepticism about their prospects. Banks domiciled in EMEs (dashed lines in Graph 1) remained largely unscathed by the 2007-09 crisis. These lenders are almost exclusively classified in the retail-funded model. But even compared to their advanced economy peers with a similar business model, they achieved a more stable performance. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 130 And while a more favourable macroeconomic environment has certainly contributed to their higher profitability in recent years, the overall stability of their performance is underpinned by greater cost efficiency, ie a lower cost-to-income ratio. In line with these results, market valuations are quite generous for EME banks with price-to-book ratios persistently higher than unity, although they are on a declining trend. Table 3 compares the three business models in terms of a number of other outcome variables across the entire sample period. Besides RoA and RoE, which confirm the ranking from Graph 1, we also calculate risk-adjusted versions of these profitability statistics, which subtract from the earnings variable (the numerator of the ratio) the cost of capital that is necessary to cover for the risk inherent to the activity of the bank. The approach follows closely the rationale of standard industry approaches to calculate the risk-adjusted return on capital (or RAROC). More specifically, we subtract from the bank's gross earnings the associated operational expenses and losses (including credit losses and provisions) as well as the cost of capital set aside to cover possible future losses. This last component is the product of the quantity of capital held by the bank (proxied by the regulatory capital requirement linked to risk-weighted assets) multiplied by the cost of equity capital (estimated by a standard capital asset pricing model). Regardless of the profitability metric, the retail-funded model is the top performer. This is true in almost every year in our sample (not reported here). Trading banks come in second place, with the exception of the risk-adjusted RoE, which penalises the volatility of their earnings base. Trading banks differ very significantly from their commercial bank peers in terms of the source of revenue. They collect about 44% of their total profit through fees, a share that is almost double that of the average other bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 131 Wholesale-funded banks have the thinnest capital buffers among the three business models, while they also have the lowest cost of equity. Somewhat surprisingly, trading banks do not seem to be too different from retail-funded banks in terms of these yardsticks. However, they do stand out in terms of total asset size. The average trading bank is more than twice as large as the average commercial bank, even those that are primarily funded in the wholesale markets. Shifting popularity of bank business models The crisis-driven reshaping of the banking sector has affected its concentration and business model mix. A number of institutions failed or were absorbed by others, thus increasing the concentration in the sector despite tighter regulatory constraints on banks with a large systemic footprint. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 132 And many of the surviving banks adjusted their strategies in line with the business models' relative performance. Table 4 presents a summary of banks' shifts across different business models before and after the crisis. Each cell reports the number of banks that started the period in the model identified by the row heading and finished it in the model named in the column heading. The large numbers along the diagonal indicate that there is considerable persistence in the classification of banks, as the majority of institutions remain in the same business model group over time. In recent years, most of the transitions have been between the retail- and wholesale-funded models of commercial banks. The group of trading-oriented banks is fairly constant throughout the period. The direction of change in bank business models, however, is very different post-crisis from that prevailing prior to 2007. During the boom period, market forces favoured wholesale funding, as bankers tapped debt and interbank market sources of finance. About one in six retail banks in our 2005 universe increased their capital market funding share to the point that they could be reclassified as wholesale-funded by 2007 (first row of Table 4). The opposite trend characterises the post-crisis period. About two fifths of the banks that entered the crisis in 2007 as wholesale-funded or trading banks (ie 19 out of 50 institutions) ended up with a retail-funded business model in 2013. Meanwhile, only one bank switched from retail-funded to another business model post-crisis, confirming the relative appeal of stable income and funding sources. While we observe transformations of banks in ways that result in their reclassification under a different business model, we cannot pinpoint the underlying economic drivers. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 133 We can, however, look at performance statistics to examine whether bank shifts correlate with a turnaround of the firm. We find that a change in bank business model actually hurts profitability, but improves efficiency relative to the firm's peer group. To do this, we select all the banks in our sample that switched models and for which we have data for at least two years before and two years after the switch. We focus on two performance ratios: RoE and cost-to-income. We benchmark the performance of the bank against a comparator group that comprises all banks that belonged to the same business model as the switching bank prior to the switch and remained in that model. We determine that the switching bank outperformed its old peers if the difference between its average post-switch and average pre-switch RoE is greater than the difference between the corresponding averages in the comparator group. On the basis of this criterion, we find that only a third of the banks that switched their business model outperformed their old peers in terms of profitability. The remaining two thirds underperformed. However, applying the same criterion to the cost-to-income ratio reveals that, among the banks that switched business model, two thirds registered post-switch efficiency gains relative to their peers. Conclusions We identified bank business models that have had different experiences over the past decade. Given the consistently stable performance of retail-funded banks engaging in traditional activities, it comes as little surprise that their model has recently gained in popularity. More surprising is the stability of the group of trading banks, which exhibited sub-par return-on-equity over most of the sample, both in absolute and risk-adjusted terms. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 134 While further analysis is needed to uncover the clear benefits to these banks' shareholders, high cost-to-income ratios suggest outsize benefits to their managers. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 135 Monetary Policy Report, December 2014 Summary Deterioration of external conditions in September – early December 2014 presented a new challenge for the monetary policy. Decline in oil price continued against the backdrop of its excess demand in the world market and US dollar appreciation. Under the existing financial sanctions imposed on Russian companies the domestic foreign exchange market demonstrated growing demand for foreign currency. This brought about a considerable depreciation of the ruble against major world currencies, the ruble’s volatility grew, depreciation and inflation expectations increased, and there was a significant rise in inflation risks and risks to financial stability. To stabilise foreign exchange market, the Bank of Russia adopted a set of measures: it introduced refinancing facilities in foreign currency, employed a conservative approach to manage banking sector liquidity, and, among other things, set limits on ruble liquidity provision through FX swaps. Besides, in November 2014, the Bank of Russia abolished its exchange rate mechanism implying the conduct of regular interventions in line with established rules, which, in fact, signified the transition to a floating exchange rate regime. In doing this, the Bank of Russia reserved the right to conduct interventions in case of the emergence of any threats to financial stability. In early December 2014, due to the ruble’s significant deviation from the fundamental level and the excessing increase in its volatility posing a threat to financial stability, the Bank of Russia intervened in the FX market on several occasions. Ruble depreciation observed in August-November 2014 led to a further acceleration in consumer price growth. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 136 Restrictions on the import of certain food products imposed in August 2014 spurred inflation as well. These factors caused consumer prices to increase year-on-year from 8.0% in September to 9.1% in November. In early December, the upward trend of the said factors remained. According to Bank of Russia estimates, inflation will be about 10% at end2014, and the contribution of the accumulated ruble depreciation from end-2013 to the annual consumer price growth might reach 2.6 percentage points. In October 2014, in order to limit the exchange rate pass-through, the Bank of Russia decided to raise the key rate in October and December 2014 by the total of 250 bp to 10.50% p.a. The Bank of Russia stands ready to continue tightening the monetary policy in case of the further aggravation of inflation risks. Unfavourable external factors hampered the growth of the Russian economy. In view of existing economic uncertainty, restricted access to international capital markets, escalating prices of imported investment goods and tightening lending conditions, fixed capital investment also declined. At the same time, exchange rate dynamics raised the competitiveness of Russian products both in the external and domestic markets, and set the ground for the import substitution. Notwithstanding the drop in the growth rates of households’ real income and retail lending, consumer activity demonstrated a slight increase. This was driven by an enhanced demand for certain groups of consumer goods, primarily durable ones, amid increased inflation expectations. Labour force shortage persisted, whereas unemployment remained low due to unfavourable demographic factors. The Bank of Russia revised the medium-term macroeconomic forecast. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 137 The average annual oil price is expected to remain at $80 per barrel till end-2017. The access to foreign capital markets will be restricted for Russian companies in the forthcoming three years. In view of the above, there will be further reductions in the fixed capital investment in 2015-2016. Consumer activity will remain weak against the backdrop of declining growth in real disposable income and consumer lending. At the same time, exchange rate dynamics will counterbalance reduction in export revenue, and weak domestic demand will bring down import growth rates. As a result, net export contribution to the economic growth will be positive. In line with Bank of Russia forecasts, the annual economic growth will remain close to zero in 2015-2016. In 2017, as financing sources will diversify, import substitution will develop and the competitiveness of Russian exports will improve, the annual economic growth rates are expected to reach 1.0-1.2%. The Bank of Russia forecasts the start of consumer inflation slowdown in the second half of 2015. Before that, inflation will stay at enhanced level. Its decline will be facilitated by an exhausted impact of the August-November ruble depreciation on prices, subdued aggregate demand, drop in inflation expectations, and Bank of Russia measures adopted in 2014. According to Bank of Russia forecasts, inflation will decrease to the level close to the target in 2017. At the same time, there exist risks of more significant fall in oil prices. Should oil prices remain at $60 per barrel till end-2017, GDP growth will reduce to -4.5-(-4.7)% in 2015 and -0.9-(-1.1)% in 2016. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 138 Further ahead, as the economy will adapt to changes in external conditions, partly facilitated by exchange rate dynamics, the economic growth rates are expected to increase to 5.6-5.8% in 2017. In 2015, inflation will be higher than the baseline scenario. In future, inflation is expected to be under a considerable downward pressure from the weak domestic demand. As inflation and inflation expectations decrease, the transition to more loose monetary policy will beсome possible. According to Bank of Russia forecasts, consumer price growth will decelerate to the level close to the target in 2017. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 139 Financial Stability Report, December 2014 Opening Remarks by the Governor Over the past 18 months, the FPC has been working systematically to address the most important risks to UK financial stability. These risks have principally been domestic. In 2013 we reinforced the capital position of major banks, encouraging them to raise £27bn of new capital. Alongside this, the FPC has developed the capital framework for UK banks. This year we have taken action to mitigate the biggest domestic risks, those related to housing. First, in June, we took steps to insure against a significant increase in the number of highly indebted households. This insurance remains relevant despite the recent moderation in housing market activity. Momentum may return following, for example, recent falls in mortgage rates and changes to stamp duty. Second, we conducted a major stress test to assess the resilience of banks to a severe housing shock. The stress test completes our capital framework by informing judgments about the appropriate size of capital buffers for individual firms and for the system as a whole. It is a major component of both our macro- and microprudential regimes. As a joint exercise of PRA and FPC, it demonstrates the considerable synergies possible across One Bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 140 We are publishing the stress test results today, and I will say more about them in a moment. Global Risks But first, let me note that, while we are making progress on domestic risks to financial stability, the FPC has remained vigilant to new risks, the most important of which are now international. The international economic outlook has weakened and global risks have increased since June. Financial stability in the UK could be affected if concerns about persistently low nominal growth cause a sudden reappraisal of vulnerabilities in highly indebted countries; or if a shift in global risk appetite triggers sharp adjustments in financial markets, undermining business and household confidence. These adjustments will be more disruptive to the extent that investors’ pricing of liquidity risk does not fully reflect structural changes in market liquidity. The recent sharp fall in the oil price should support global and UK growth. It is a positive development, but it is also one that entails some risks to financial stability. Geopolitical risks could intensify. Inflation expectations could be further depressed in economies, such as the euro area, where core inflation is already weak, slowing nominal income growth and increasing the burdens of debts. The ability of some shale oil producers, who have been significant high-yield bond issuers in recent years, to service their debts will be reduced. This could affect market sentiment more broadly. To varying degrees, contagion from any of these risks could threaten financial stability in the UK. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 141 Stress Test Let me turn to the stress test concluded today. The test builds on the recently-completed European test, which incorporated weaker global growth and a snap back of global interest rates. To this base, we have added a severe shock in the UK economy and housing market. In the Bank stress scenario, balance of payments pressures induce sharp interest rate increases, a deep recession, rising unemployment and a 35% fall in house prices. For banks, mortgage and corporate loan impairments rise sharply. Funding costs rise. Over three years, bank profits are reduced by £90bn. This is a demanding test. It is certainly not a forecast. Nor is it a simple re-run of the recent financial crisis. Rather it is a coherent, tail-risk scenario, most similar to the early 1990s recession. The test results demonstrate that the core of the banking system has become significantly more resilient since the FPC’s 2013 capital exercise. Most importantly, the results suggest that the banking system is strong enough to continue to serve households and businesses during a severe shock. To be clear, the firms were not allowed to respond to the stress by cutting the supply of lending. Given this performance, the FPC judges that no system-wide macroprudential actions are required. In light of the stress, the PRA Board judged that the capitalisation of three firms had to be strengthened relative to their position at end 2013. Lloyds Banking Group has delivered positive financial results, as well as strengthened and de-risked its balance sheet. As a consequence, no change to its current plan was required. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 142 Royal Bank of Scotland Group has also made steady progress in building the strength of its balance sheet and submitted a revised capital plan. This includes substantial issuance of AT1 capital over the course of the next year. The PRA Board has accepted the latest capital plan. And over the past year, Cooperative Bank (Co-op) has strengthened its capital position, built resilience and achieved its capital targets. The bank has been stabilised and now has a CET1 ratio of 11.5%. It has always been clear that Co-op would have to do further work to build buffers against stress. This is not news. Now with the stress test, we have a better perspective of what is required over the medium term, and on that basis the PRA Board required a revised plan to be submitted. That plan has been accepted. Co-op’s plan is to reduce its balance sheet and risk profile in order to reduce its future capital requirements. If executed, the plan will deliver a level of resilience commensurate with a bank of its future size and business model. The PRA Board will monitor progress closely and hold Co-op to deliver this plan. Turning from individual firms back to the aggregate level, the test reveals several features of the system that would be important determinants of its response to stress. First, the only management actions allowed during the stress were those taken to reduce personnel costs and dividends. And the latter were only allowed when there were clear published dividend policies with quantified pay-out ranges. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 143 Second, the results underscore that it is important for investors to realise that, as AT1 instruments could be triggered or coupons withheld in adverse scenarios, they should be priced accordingly. Third, the test revealed issues with the procyclicality in some banks’ capital models and differences across firms in risk weights through the financial cycle. The Bank will undertake further work to explore this issue in more depth. This underscores the benefit of judging capital adequacy against a leverage requirement in addition to risk-based ratios, as will be the case in future years. Conclusion Since the crisis, authorities have been working diligently to make the financial system safer, fairer and simpler. This year, we reached two crucial milestones in developing a more robust prudential framework: agreement on total loss absorbing capacity internationally and the publication of a proposed leverage ratio domestically. With these and other agreements, the design of the overall regulatory framework is now set out. To realise its full potential it must be implemented. This is proceeding well. UK banks have increased capital significantly over the last year and are transitioning towards greater resilience ahead of the regulatory timetable. The stress tests and associated capital plans suggest that growing confidence in the resilience of the system is merited. However, recent misconduct and operational failings have highlighted that rebuilding confidence in the banking system requires more than financial resilience. In addition, changes to bank business models are expected to challenge management capacity over the next few years. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 144 In this environment, strong, effective and well-informed governance and management of banks will be essential. The FPC will remain vigilant in an environment of evolving domestic and global risks. International risks are expected to figure prominently in next year’s stress test. We will continue to work closely with the PRA and the MPC to harness the synergies from having monetary, macroprudential policy and microprudential supervision together in a single institution. In that way, we will promote strong, sustainable and balanced growth and the good of the people of the United Kingdom. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 145 Disclaimer The Association tries to enhance public access to information about risk and compliance management. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will try to correct them. This information: is of a general nature only and is not intended to address the specific circumstances of any particular individual or entity; should not be relied on in the particular context of enforcement or similar regulatory action; - is not necessarily comprehensive, complete, or up to date; is sometimes linked to external sites over which the Association has no control and for which the Association assumes no responsibility; is not professional or legal advice (if you need specific advice, you should always consult a suitably qualified professional); - is in no way constitutive of an interpretative document; does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed here; does not prejudge the interpretation that the Courts might place on the matters at issue. Please note that it cannot be guaranteed that these information and documents exactly reproduce officially adopted texts. It is our goal to minimize disruption caused by technical errors. However some data or information may have been created or structured in files or formats that are not error-free and we cannot guarantee that our service will not be interrupted or otherwise affected by such problems. The Association accepts no responsibility with regard to such problems incurred as a result of using this site or any linked external sites. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 146 The International Association of Risk and Compliance Professionals (IARCP) You can explore what we offer to our members: 1. Membership – Become a standard, premium or lifetime member. You may visit: www.risk-compliance-association.com/How_to_become_member.htm If you plan to continue to work as a risk and compliance management expert, officer or director throughout the rest of your career, it makes perfect sense to become a Life Member of the Association, and to continue your journey without interruption and without renewal worries. You will get a lifetime of benefits as well. You can check the benefits at: www.risk-compliance-association.com/Lifetime_Membership.htm 2. Weekly Updates - Subscribe to receive every Monday the Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next: http://forms.aweber.com/form/02/1254213302.htm 3. Training and Certification - Become a Certified Risk and Compliance Management Professional (CRCMP) or a Certified Information Systems Risk and Compliance Professional (CISRSP). The Certified Risk and Compliance Management Professional (CRCMP) training and certification program has become one of the most recognized programs in risk management and compliance. There are CRCMPs in 32 countries around the world. Companies and organizations like IBM, Accenture, American Express, USAA etc. consider the CRCMP a preferred certificate. You can find more about the demand for CRCMPs at: www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) P a g e | 147 You can find more information about the CRCMP program at: www.risk-compliance-association.com/CRCMP_1.pdf (It is better to save it and open it as an Adobe Acrobat document). For the distance learning programs you may visit: www.risk-compliance-association.com/Distance_Learning_and_Certificat ion.htm For instructor-led training, you may contact us. We can tailor all programs to specific needs. We tailor presentations, awareness and training programs for supervisors, boards of directors, service providers and consultants. 4. IARCP Authorized Certified Trainer (IARCP-ACT) Program - Become a Certified Risk and Compliance Management Professional Trainer (CRCMPT) or Certified Information Systems Risk and Compliance Professional Trainer (CISRCPT). This is an additional advantage on your resume, serving as a third-party endorsement to your knowledge and experience. Certificates are important when being considered for a promotion or other career opportunities. You give the necessary assurance that you have the knowledge and skills to accept more responsibility. To learn more you may visit: www.risk-compliance-association.com/IARCP_ACT.html 5. Approved Training and Certification Centers (IARCP-ATCCs) - In response to the increasing demand for CRCMP training, the International Association of Risk and Compliance Professionals is developing a world-wide network of Approved Training and Certification Centers (IARCP-ATCCs). This will give the opportunity to risk and compliance managers, officers and consultants to have access to instructor-led CRCMP and CISRCP training at convenient locations that meet international standards. ATCCs use IARCP approved course materials and have access to IARCP Authorized Certified Trainers (IARCP-ACTs). To learn more: www.risk-compliance-association.com/Approved_Centers.html _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)