...

P a g e 1

by user

on
Category: Documents
58

views

Report

Comments

Description

Transcript

P a g e 1
Page |1
International Association of Risk and Compliance
Professionals (IARCP)
1200 G Street NW Suite 800 Washington, DC 20005-6705 USA
Tel: 202-449-9750 www.risk-compliance-association.com
Top 10 risk and compliance management related news stories
and world events that (for better or for worse) shaped the
week's agenda, and what is next
Dear Member,
When an American is quite tired, he
is very tired. But if a Brit tells you a
restaurant is quite good, he means
it is not very good, so you’d be wise
to keep looking for a better one.
When a Brit (Mervyn King, former
governor of the Bank of England)
explained what has happened
during the financial crisis, he said:
“I think the real problem was there
was a shared intellectual view that
things were going well.” “Now there
were obvious imbalances, we knew the position was unsustainable, but it
wasn't entirely obvious where it would come unstuck."
When an American (Timothy F. Geithner, 75th United States Secretary of
the Treasury, under President Barack Obama, from 2009 to 2013)
explained what has happened during the financial crisis, he said: “You
cannot enjoy the light without enduring the heat”, or
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |2
“Most Americans still believe we threw away billions or even trillions of
their hard-earned dollars to bail out greedy banks. In fact, the financial
system repaid all our assistance, and U.S. taxpayers have turned a profit
from our crisis response, including our investments in all five of those
financial bombs”.
To enjoy the British way, you may listen to Mervyn King at BBC
(http://www.bbc.co.uk/programmes/p02g27yx).
To enjoy the American way, you must read the book from Timothy F.
Geithner, “Stress Test: Reflections on Financial Crises”.
Today we have a really interesting Regulatory Consistency Assessment
Programme (RCAP), the Assessment of Basel III regulations in the United
States of America.
Overall, and given the planned adoption and implementation of some
amendments described in this report that the US regulatory agencies
agreed to take and proposed publically, the assessment team finds the
risk-based capital requirements in the US to be largely compliant with the
minimum standards agreed under the Basel framework.
Two of the 13 Basel components are assessed as materially non-compliant:
the securitisation framework and the Standardised Approach for market
risk.
Regarding the Standardised Approach for market risk, the assessment team
found that “the US rules implement on a permanent basis a transitional
rule in the Basel framework for securitisations in the trading book.
This deviation has a material impact on the capital ratio of a few US core
banks.”
Oh, Basel Committee, do not worry, nothing is permanent!
Heraclitus has said “there is nothing permanent except change”. So, the US
rules implementing on a permanent basis a transitional rule, in fact
implement on a transitional basis a transitional rule.
It was a joke, wasn’t it?
Of the available approaches for operational risk in the Basel framework
(Basic Indicator Approach, Standardised Approach; Advanced
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |3
Measurement Approaches) the US agencies have implemented only the
Advanced Measurement Approaches (AMA).
For core banks that are in parallel run and report Basel I capital ratios, no
explicit capital requirements for operational risk apply.
In the view of the assessment team, this implementation differs from that in
most other Basel Committee jurisdictions and may hamper the
comparability of risk-based capital ratios across internationally active
banks during the parallel run period.
Read more at Number 1 below. Welcome to the Top 10 list.
Best Regards,
George Lekatis
President of the IARCP
General Manager, Compliance LLC
1200 G Street NW Suite 800,
Washington DC 20005, USA
Tel: (202) 449-9750
Email: [email protected]
Web: www.risk-compliance-association.com
HQ: 1220 N. Market Street Suite 804,
Wilmington DE 19801, USA
Tel: (302) 342-8828
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |4
Basel Committee on Banking Supervision
Regulatory Consistency Assessment Programme
(RCAP), Assessment of Basel III regulations –
United States of America
The Basel Committee on Banking Supervision sets a high priority on the
implementation of regulatory standards underpinning the Basel III
framework.
The prudential benefits of the agreed global reforms can fully accrue only if
the Basel minimum requirements are incorporated into member
jurisdictions’ regulatory frameworks and implemented appropriately and
consistently.
Non-financial corporations from emerging market
economies and capital flows
Stefan Avdjiev, Michael Chui and Hyun Song Shin
Non-financial corporations from emerging market
economies (EMEs) have increased their external borrowing
significantly through the offshore issuance of debt securities.
Having obtained funds abroad, the foreign affiliate of a non-financial
corporation could transfer funds to its home country via three channels: it
could lend directly to its headquarters (within-company flows), extend
credit to unrelated companies (between-company flows) or make a
cross-border deposit in a bank (corporate deposit flows).
[Exposure Draft] Japan’s
Corporate Governance Code
Seeking Sustainable Corporate
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |5
Growth and Increased Corporate Value over the Mid- to
Long-Term
In this Corporate Governance Code, “corporate governance” means a
structure for transparent, fair, timely and decisive decision-making by
companies, with due attention to the needs and perspectives of
shareholders and also customers, employees and local communities.
This Corporate Governance Code establishes fundamental principles for
effective corporate governance at listed companies in Japan.
Public Service: An Obligation and
Opportunity for Lawyers
Chair Mary Jo White
Association of American Law Schools Annual
Meeting, Showcase Speaker Program,
Washington D.C.
“And the theme of this year’s annual meeting –
“Legal Education at the Crossroads” – is an apt
description of the critical juncture we are facing in 2015.”
Cybersecurity: Enhancing Coordination to
Protect the Financial Sector
Written testimony of NPPD Deputy Under Secretary
for Cybersecurity Dr. Phyllis Schneck for a Senate
Committee on Banking, Housing, and Urban Affairs
hearing
“Chairman Johnson, Ranking member Crapo, and distinguished Members
of the Committee, I am pleased to appear today to discuss the work of the
Department of Homeland Security (DHS) National Protection and
Programs Directorate (NPPD) to address persistent and emerging cyber
threats to the U.S. homeland.”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |6
Five Things to Know: The
Administration's Priorities on
Cybersecurity
“America’s economic prosperity,
national security, and our individual
liberties depend on our commitment to
securing cyberspace and maintaining
an open, interoperable, secure, and reliable Internet. Our critical
infrastructure continues to be at risk from threats in cyberspace, and our
economy is harmed by the theft of our intellectual property. Although the
threats are serious and they constantly evolve, I believe that if we address
them effectively, we can ensure that the Internet remains an engine for
economic growth and a platform for the free exchange of ideas.” - President
Obama
FINMA publishes revised
circular on auditing
The Swiss Financial Market
Supervisory Authority FINMA
has published its partially
revised circular on auditing
(FINMA-Circ. 2013/3).
Following the transfer of supervision of audit firms from FINMA to the
Federal Audit Oversight Authority (FAOA), adjustment of the legal basis
was necessary.
After the consultation in the third quarter, FINMA’s circular, “Auditing”,
has thus been partially revised.
It enters into force on 1 January 2015.
Two years ago, both authorities decided to pool supervisory competences
and to transfer the supervision of audit firms from FINMA to the FAOA.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |7
Bank business models
Rungporn Roengpitya, Nikola Tarashev and Kostas
Tsatsaronis
“We identify three business models using balance sheet
characteristics of 222 international banks and a data-driven
procedure.
We find that institutions engaging mainly in commercial banking activities
have lower costs and more stable profits than those more heavily involved
in capital market activities, mainly trading.
We also find that retail banking has gained ground post-crisis, reversing a
pre-crisis trend.”
Monetary Policy Report,
December 2014
“Deterioration of external conditions in September – early December 2014
presented a new challenge for the monetary policy.
Decline in oil price continued against the backdrop of its excess demand in
the world market and US dollar appreciation.
Under the existing financial sanctions imposed on Russian companies the
domestic foreign exchange market demonstrated growing demand for
foreign currency.”
This brought about a considerable depreciation of the ruble against major
world currencies, the ruble’s volatility grew, depreciation and inflation
expectations increased, and there was a significant rise in inflation risks
and risks to financial stability.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |8
Financial Stability Report,
December 2014
Opening Remarks by the
Governor
“Over the past 18 months, the FPC has been working systematically to
address the most important risks to UK financial stability.
These risks have principally been domestic.
In 2013 we reinforced the capital position of major banks, encouraging
them to raise £27bn of new capital.
Alongside this, the FPC has developed the capital framework for UK banks.
This year we have taken action to mitigate the biggest domestic risks, those
related to housing.
First, in June, we took steps to insure against a significant increase in the
number of highly indebted households.”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Page |9
Basel Committee on Banking Supervision
Regulatory Consistency Assessment Programme
(RCAP), Assessment of Basel III regulations –
United States of America
Preface
The Basel Committee on Banking Supervision sets a high priority on the
implementation of regulatory standards underpinning the Basel III
framework.
The prudential benefits of the agreed global reforms can fully accrue only if
the Basel minimum requirements are incorporated into member
jurisdictions’ regulatory frameworks and implemented appropriately and
consistently.
In 2011, the Basel Committee established the Regulatory Consistency
Assessment Programme (RCAP) to monitor, assess and evaluate its
members’ implementation of the Basel framework.
This report presents the findings of the RCAP assessment team on the
domestic adoption of the Basel risk-based capital standards in the United
States and those standards’ consistency with the Basel III framework.
The assessment focuses on the adoption of Basel standards applied to the
large internationally active US banks, ie the “core banks” of the US banking
system.
As a sequel to the 2007–08 global financial crisis, US regulatory agencies
have undertaken several noteworthy initiatives designed to strengthen the
prudential framework relating to bank capital.
The agencies issued the final rule on Basel III risk-based capital in July
2013 and brought it into force on 1 January 2014.
A significant number of new rules and policies have also been put in place
as a result of the Dodd-Frank Wall Street Reform and Consumer Protection
Act.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 10
Given the structural features of the US banking system, including the
presence of several large globally and systemically important banks, these
are important steps towards ensuring financial stability.
The RCAP assessment team was led by Mark Branson, CEO of the Swiss
Financial Market Supervisory Authority (FINMA).
Michael Schoch, Head of Banking Supervision Department of FINMA,
acted as deputy team leader.
The assessment team consisted of seven technical experts drawn from
China, the European Commission, Germany, Italy, Japan, Sweden and the
United Kingdom.
The main US counterpart for the assessment was the Federal Reserve Board
(FRB).
The Federal Deposit Insurance Corporation (FDIC) and the Office of the
Comptroller of the Currency (OCC) were also engaged in the assessment
process.
The overall work was coordinated by the Basel Committee Secretariat with
support from FINMA staff.
The assessment relied upon the data, information and materiality
computations provided by the US agencies.
The report’s findings are based primarily on an understanding of the
current processes in the United States as explained by the counterpart staff
and the expert view of the assessment team on the documents and data
reviewed.
The assessment began in January 2014 and used data available up to 11 July
2014.
It consisted of three phases:
(i) completion of an RCAP questionnaire (a self-assessment) by the US
agencies (September 2013 to January 2014);
(ii) an off- and on-site assessment phase (February to June 2014); and
(iii) a post-assessment review phase (June to mid-November 2014).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 11
The off-and on-site phases included two on-site visits for discussions with
the US counterparts and representatives of two US global systemically
important banks (G-SIBs).
These exchanges gave the assessment team a deeper understanding of the
implementation of the Basel risk-based capital standards in the United
States.
The third phase consisted of a two-stage technical review of the assessment
findings: first by a separate RCAP review team and feedback from the Basel
Committee’s Supervision and Implementation Group; and secondly, by the
RCAP Peer Review Board and the Basel Committee.
This two-step review is a key instrument of the RCAP process to provide
quality control and ensure integrity of the assessment findings.
The focus of the assessment was limited to the consistency and
completeness of the domestic regulations in the United States with the
Basel minimum requirements.
Issues relating to the integrity of prudential outcomes, capital levels of
individual banks, the adequacy of loan classification practices or the US
authorities’ supervisory effectiveness were not in the scope of this RCAP
assessment exercise.
Where domestic regulations and provisions were identified as not
conforming with the Basel framework, those deviations were evaluated for
their current and potential impact (or negligible impact) on the reported
capital ratios for a sample of internationally active US banks.
The assessment also identified some areas where follow-up actions could
be taken.
This report has three sections and a set of annexes:
(i) an executive summary with the statement from the US agencies on the
material findings;
(ii) the context, scope and methodology, and the main set of assessment
findings; and
(iii) details of the deviations and their materiality along with other
assessment-related observations.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 12
The RCAP assessment team is grateful for the professional cooperation it
received from all the US counterparts throughout the assessment process.
In particular, the team sincerely thanks Michael Gibson, Art Lindo and the
staff of the FRB for playing an instrumental role in coordinating the RCAP
exercise.
The assessment team would also like to thank the staff of the FDIC and the
OCC involved with the RCAP assessment work.
The series of comprehensive briefings and clarifications provided by the US
counterparts helped the RCAP experts to arrive at their opinions.
The team hopes that this RCAP assessment exercise will add to the good
initiatives that have already been undertaken by the US agencies and help
to further strengthen the prudential effectiveness and full implementation
of the various post-crisis reform measures in the US.
Executive summary
The US agencies’ new framework for bank risk-based capital requirements
came into force on 1 January 2014 via the US final rule.
This marked a significant post-crisis strengthening of the US capital
regime.
Many other initiatives are being developed or are in the early stages of
implementation.
While the US has implemented a single comprehensive capital framework,
different elements of the US risk-based final rule on capital apply to
different banking organisations based on their size and international
activity.
As a general principle, the Basel standards designed for “internationally
active” banks have been adopted in the US using the concept of “core
banks”, which are required to adopt the advanced Basel approaches.
Overall, and given the planned adoption and implementation of some
amendments described in this report that the US regulatory agencies
agreed to take and proposed publically, the assessment team finds the
risk-based capital requirements in the US to be largely compliant with the
minimum standards agreed under the Basel framework.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 13
The significance of the reforms undertaken in the US in recent years – some
of which are still under way – is evidenced by the assessment team’s view
that 11 out of 13 components of the US capital framework comply or largely
comply with the Basel framework.
These components include scope of application and transitional
arrangements, definition of capital, credit risk, operational risk, and Pillar 2
and 3 requirements relevant for consistent implementation.
The assessment team notes the US authorities’ continuing efforts to further
strengthen and align the capital rules to the Basel III framework.
Likewise, in several areas, the team noted a super-equivalent
implementation of the Basel framework.
These are detailed in the report but, in accordance with the RCAP
assessment methodology approved by the Basel Committee, aspects where
US requirements are stricter than the Basel standards were not taken into
account in evaluating consistency and in assigning assessment grades.
While the team regards the US rules to be largely compliant overall,
material deviations were identified in a number of areas.
Two of the 13 Basel components are assessed as materially non-compliant:
the securitisation framework and the Standardised Approach for market
risk.
Regarding the securitisation framework, a number of divergences were
identified that for some US core banks lead to materially lower
securitisation RWA outcomes than the Basel standard.
These differences are mainly related to the prohibition on the use of ratings
in the US rules.
Pursuant to the Dodd-Frank Act, the US rules cannot include provisions
related to the Basel framework’s Ratings-Based Approach (RBA) for
securitisations, so the rules provide alternative treatments.
The US agencies note that their alternative approaches are, on average,
more conservative than the Basel standards, and are consistent with the
G20 objectives of reducing mechanistic reliance on external credit ratings.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 14
The assessment team notes that while the securitisation framework
represents a deviation at present, the Basel Committee is reviewing it and is
likely to approve a framework that should potentially mitigate this
deviation.
The team acknowledges the US agencies’ agreement to expeditiously
consider an amendment to the US securitisation rules once the Basel
Committee issues the revised securitisation framework.
The assessment team welcomes this agreement and recommends a
follow-up assessment once the US rules have been updated.
Regarding the Standardised Approach for market risk, the assessment team
found that the US rules implement on a permanent basis a transitional rule
in the Basel framework for securitisations in the trading book.
This deviation has a material impact on the capital ratio of a few US core
banks.
The US agencies indicated that the rule was kept beyond the expiry date,
because of the Basel Committee’s fundamental review of the trading book
regime.
The US agencies agreed to consider changes to the US market risk
framework as expeditiously as possible once the BCBS’s fundamental
review of the trading book is complete.
For other Basel components, a number of potentially material deviations
have been identified, including for the US implementation of the Internal
Ratings-Based (IRB) approach for credit risk.
This is due in part to reliance on measurement concepts of US GAAP
beyond what is consistent with Basel standards.
Also, the US regulatory approach relies substantially on US supervisory
processes rather than explicitly incorporating all of the detailed Basel
minimum requirements in the formal corpus of regulatory instruments.
As a consequence, in several cases the US rules do not incorporate the
specific Basel minimum requirements, in particular for the IRB approach,
where the Basel framework explicitly requires demonstration that these
minimum requirements have been met.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 15
After the assessment was completed, the US agencies publically proposed
amendments to the final rule which address a number of missing minimum
requirements for the IRB framework.
The amendments to the final rule are likely to be finalised in the second
quarter of 2015.
The US agencies also plan to publish complementary supervisory
examination “work programmes” for banks that detail additional
clarifications that are not included in the final rule.
These additional regulatory initiatives considerably improved the level of
compliance with the Basel IRB minimum standards.
In their absence, the assessment of the IRB component would have led to a
more conservative result.
The assessment also pointed out some deviations across other aspects of
the Basel framework.
Most notably, a number of US core banks, including one G-SIB, are still in
so-called “parallel run” and therefore report capital ratios that do not
include a separate capital charge for operational risk and credit valuation
adjustment (CVA).
The parallel run is a period during which a bank must show to the
satisfaction of its supervisor that it can comply with the relevant standards
of the advanced approaches, while the advanced approaches are not yet the
basis for determining the capital requirements.
While the assessment team acknowledges that the Basel framework does
not explicitly prescribe the parallel run approach and that approval to
report under an advanced approach following the parallel run should not be
given lightly, it considers that the US approach leads to a protracted period
of time during which the capital ratio of some large internationally active
US banks is not comparable with those of banks in other jurisdictions.
The team listed a few issues for further guidance from the Basel Committee,
including with regard to the definition of capital and the treatment of
instruments issued under foreign law.
Also, with regard to credit risk, a difference of views emerged on the Basel
treatment of fair value assets under the IRB approach.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 16
The team would like to ask the Basel Committee to clarify its interpretation
of these issues.
Looking ahead, the assessment team recommends that the Basel
Committee reassess the grading of the US securitisation approach and – to
the extent impacted – the overall assessment grading once the US agencies
have revised their requirements to meet the new securitisation framework
that the Basel Committee adopts.
The team also suggests that the US agencies periodically review the impact
of some of the deviations pointed out in the report as part of the Basel
Committee’s post-RCAP annual follow-up.
Such a follow-up process would review progress made and steps taken to
further improve consistency in the implementation of the Basel framework
in the US and to ensure that deviations that are currently not material and
not rectified do not grow in prudential significance.
Further, the assessment team suggests that the IRB requirements be
followed up through the post-RCAP follow-up or when another RCAP
assessment is undertaken to ensure that they do not assume materiality.
Further, the assessment team suggests that the IRB requirements are
followed up through the post RCAP follow–up – or when another RCAP
assessment is undertaken – to ensure that they do not assume materiality.
Response from United States
The US banking agencies welcome the opportunity to respond to the Basel
Committee on the report’s findings concerning the US implementation of
the Basel framework as well as to express our sincere thanks to Mr Mark
Branson, Mr Michael Schoch and the Assessment Team for their
professionalism and integrity throughout this process.
We strongly support the implementation of a globally consistent Basel
framework in which member jurisdictions adhere to standards as strong, or
stronger than the agreed minimum requirements.
In an effort to further promote the Basel framework’s international
implementation as well as to clarify existing US standards, the US agencies
have published on 18 November 2014 a proposed rule that would revise
elements of the US IRB approach.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 17
In addition, the US agencies plan to publish supervisory examination work
programmes for banks that clarify supervisory expectations with regard to
the implementation of the US IRB approach.
The US agencies concur with the report’s overall rating of largely compliant
as well as each of the subcomponent ratings of compliant and largely
compliant.
These findings indicate that, in the view of the Basel Committee, all
provisions of the Basel framework have been satisfied with regard to
compliant ratings, or only minor provisions have not been satisfied with
regard to the largely compliant ratings.
The overall largely compliant rating also confirms that there are no
differences that could materially impact financial stability or the
international level playing field.
The US agencies accept, but do not fully agree with, the report’s finding
concerning the US securitisation framework, which is primarily the result
of a US statutory prohibition against any reliance on external ratings in US
banking regulations.
While this prohibition results in a deviation from the Basel framework, the
agencies note that, on average, the US Simplified Supervisory Formula
Approach (SSFA) results in a higher capital requirement for US firms than
under the Basel RBA.
The assessment team noted the:
(1) Basel securitisation treatment is currently being revised to implement
an approach similar to the US SSFA and
(2) US SSFA is consistent with the Financial Stability Board’s (FSB) stated
directive of eliminating mechanistic reliance on credit ratings.
However, these factors were not taken into account in the subcomponent
rating.
Similarly, the US agencies do not fully agree with the finding regarding the
US market risk framework.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 18
The Basel Committee has been working to significantly revise the market
risk framework and the work was expected to be completed prior to the US
assessment.
The US agencies relied on the Basel Committee to complete its review and
revise the framework in a timely manner, which was the primary basis for
the US agencies retention of the transitional provisions.
Overall, the US agencies believe assessments of this type promote the level
playing field among Basel member jurisdictions and improve transparency.
Moreover, they can reveal areas where there are opportunities for
improvement in national regulations.
We recognise that Basel member jurisdictions are sometimes unable to
implement Basel Committee standards to the letter, but we believe it is,
nonetheless, important for all member jurisdictions to strive to achieve
outcomes that are consistent with, or super-equivalent to, the substance of
the Basel framework.
The assessment shows that the US agencies have achieved a robust
application of the Basel framework in the United States.
1 Context, scope and main assessment findings
1.1 Context
Status of implementation
In July 2013, the Federal Reserve System (Federal Reserve) and the Office
of the Comptroller of the Currency (OCC) issued final rules to implement in
the United States the Basel III risk-based capital regulatory reforms and
certain changes required by the Dodd-Frank Wall Street Reform and
Consumer Protection Act (Dodd-Frank Act).
The Federal Deposit Insurance Corporation (FDIC) issued a comparable
interim final rule in July 2013 and finalised that rule in April 2014.
The US agencies have generally chosen to implement the advanced
approaches of the Basel framework only for their “core banks”.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 19
Currently, there are 15 core banks, ie banks that exceed the threshold of
USD 250 billion in total assets or USD 10 billion in on-balance sheet foreign
exposures.
Eight of the 15 core banks have been designated as global systemically
important banks (G-SIBs).
The core banks account for approximately 75% of US banking assets and
nearly all of US banks’ foreign exposures.
These banks are required to implement the Basel advanced approaches.
Non-core banks can “opt in” to adopt the Basel advanced approaches.
The core banks are required to work towards implementation of the Basel
advanced approaches and become subject to them after they receive
approval from the US agencies.
On 21 February 2014, eight core banks received permission to use the
advanced Basel approaches in the calculation of their capital requirements.
Until 1 January 2015, the remaining seven core banks continue to base their
capital requirements on the Basel I approach while they await approval.
Basel I uses a small number of prescribed risk weights to compute
risk-weighted assets.
All US banks adopting the advanced approaches are subject to a permanent
capital floor using 100% of risk-weighted assets.
The floor is currently based on the US general risk-based capital rules,
which are based on Basel I standards (including the Basel III definition of
capital).
From 1 January 2015, the floor will be 100% of risk-weighted assets based
on the new US standardised approach for credit risk, which is more in line
with the Basel standardised approach.
However, the US standardised approach excludes a capital charge for
operational risk and CVA.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 20
Regulatory system and model of supervision
The United States operates under a dual banking system in which a bank
may choose to be chartered by the federal government or by a state.
Banks chartered at the state level are subject to supervision by both federal
and state supervisors.
Every US bank is subject to regulation, supervision and examination by a
primary federal banking supervisor:
• for national banks and federal savings banks: the OCC
• for state banks that choose to be members of the Federal Reserve System
(state member banks) and bank holding companies: the Federal Reserve
• for state banks that choose not to become members of the Federal Reserve
System (non-member banks): the FDIC
1.2 Structure, enforceability and binding nature of prudential
regulations
The US federal banking agencies have the authority to regulate and
supervise banks and bank holding companies subject to their jurisdiction.
The hierarchy of prudential regulation in the United States is as follows:
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 21
(i) Federal statutes and legislative mandates, authorising the federal
banking agencies to establish minimum capital requirements, capital
adequacy standards (both for risk-based and leverage capital
requirements), and safety and soundness standards.
(ii) Regulations and reporting requirements that set out the capital
adequacy rules and safety and soundness requirements issued by the
federal banking agencies.
(iii) Policy statements, interpretations, supervisory guidance and manuals
that address significant prudential policy and procedural matters.
The agencies also use supervisory examination work programmes to help
ensure that examiner assessments are consistently developed.
These programmes provide more specific direction on how the standards
and principles set forth in regulations, regulatory preambles or public
guidance should be implemented.
Certain Basel principles and requirements are therefore articulated in these
work programmes because they are considered more appropriately
reviewed and enforced during the examination process by the federal
banking agencies.
These documents are generally not public, but are often shared with
banking organisations in order to make firms aware of supervisory
expectations and to assist them in complying with the minimum regulatory
requirements.
The assessment team examined the binding nature of the various
regulatory documents issued by US agencies using the criteria applied in
RCAP assessments.
As a general principle, RCAP assessments only take into consideration
documents that implement the Basel framework and set the Basel
standards out in a manner that provides a formal basis for regulators, banks
and associated third parties to ensure compliance with the minimum
requirements.
This also helps promote a level playing field and a consistent approach
across Basel Committee members.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 22
Based on the assessment of these criteria, the assessment team concluded
that the regulatory documents mentioned above, other than the work
programmes, are eligible for the purpose of this assessment.
1.3 Scope of the assessment
Scope
The assessment team has considered all documents that effectively
implement the risk-based Basel capital framework in the United States as of
end-November 2014.
This includes the notice of proposed rulemaking rectifying some of the
assessment findings issued by US agencies on 18 November 2014.
The assessment focused on two dimensions:
• a comparison of domestic regulations with the capital standards under the
Basel framework to ascertain that all the required provisions have been
adopted (completeness of the US domestic regulation); and
• differences in substance between the domestic regulations and the capital
standards under the Basel framework and their significance (consistency of
the US regulation).
Importantly, the assessment did not evaluate the adequacy of capital or
resilience of the banking system in the United States, or the US agencies’
supervisory effectiveness.
Identified deviations were assessed for their materiality (current and
potential, or having an insignificant impact) using both quantitative and
qualitative information.
For potential materiality, in addition to the available data, the assessment
used expert judgement on whether the domestic regulations met the Basel
framework in letter and spirit.
Bank coverage
For the assessment of materiality of identified deviations, the US agencies
provided data and materiality computations covering the 15 US core banks
on a best efforts basis, and focusing on those banks for which the identified
deviations are most relevant.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 23
The team assessed that these banks cover more than 95% of total foreign
exposures and deposits held by US banks (Annex 8).
Assessment grading and methodology
As per the RCAP methodology approved by the Basel Committee, the
outcome of the assessment was summarised using a four-grade scale, both
at the level of each of the 14 key components of the Basel framework and as
an overall assessment of compliance: compliant, largely compliant,
materially non-compliant or non-compliant.
The materiality of the deviations was assessed in terms of their current or,
where applicable, potential future impact (or negligible impact) on the
banks’ capital ratios.
The quantification was, however, limited to the agreed population of
internationally active banks.
Wherever relevant and feasible, the assessment team, together with the US
authorities, attempted to quantify the impact based on data collected from
US banks in the agreed sample of banks.
The non-quantifiable aspects of identified deviations were discussed and
reviewed in the context of the prevailing regulatory practices and processes
with the US authorities.
Ultimately, the assignment of the assessment grades was guided by the
assessment team’s collective expert judgement.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 24
In assigning grades, the assessment team relied on the general principle
that the burden of proof rests with the assessed jurisdiction to show that a
finding is not material or not potentially material.
In a number of areas, the US rules go beyond the minimum Basel
standards.
Although these elements provide for a more rigorous implementation of the
Basel framework in some respects, they have not been taken into account
for the assessment of compliance under the RCAP methodology as per the
agreed assessment methodology.
1.4 Main findings
The US agencies have made – and continue to make – significant progress
in introducing strengthened requirements that apply to their large,
internationally active banks.
Overall, the US requirements largely meet the Basel minimum standards.
That said, the assessment team identified some material departures from
the Basel framework as well as many other deviations that are minor in
terms of materiality.
Of the 13 components assessed, two are graded as materially
non-compliant, namely the securitisation framework and the Standardised
Approach for market risk.
Four components are graded as largely compliant, and seven components
as compliant. One component was not applicable to the US (see details and
other assessment observations in Section 2).
In determining the overall grade, the assessment team also took account of
the follow-up actions and agreements made by the US agencies to further
harmonise the US rules with the Basel standards.
In particular, the US agencies have undertaken a comprehensive response
that will help increase consistency of implementation with the Basel IRB
standards.
The clarification of a number of IRB minimum requirements in the US
rules text will help make explicit several aspects that are being
implemented through non-public supervisory work programmes.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 25
The publication of two key supervisory work programmes in the first half of
2015 will be another meaningful step towards improving the transparency
and predictability of US IRB requirements.
The proposed rules text amendments – which are public – have the
agreement of the US agencies and are expected to become effective shortly
after the agencies complete their due process requirements in 2015.
Based on these – and given the nature of the deviations – the team has
taken a view that the US IRB framework is “largely compliant.”
In the absence of the steps taken by the US agencies which will come on
stream during 2015, the assessment team would have taken a more
conservative position.
The team has identified the IRB requirements for follow-up by the RCAP.
Further, the agencies agreed to consider changes as soon as possible to the
US securitisation framework upon finalisation of the new standard by the
Basel Committee.
The assessment team used both quantitative impact data and expert
judgement to derive the assessment grades.
Based on data received from US regulatory agencies, material deviations
were identified regarding the securitisation framework and market risk
Standardised Approach.
The impact is mainly driven by findings related to the approaches US
agencies have introduced as alternatives to the use of external credit ratings
(see below) and the permanent use of a transitional arrangement for
securitisation positions in the trading book.
In addition, a number of potentially material deviations have been
identified with regard to the definition of capital and the US agencies’
adoption of the IRB standards.
A considerable number of non-quantifiable deviations have also been
identified which, taken together, are considered to render a potentially
material impact on the calculation of capital ratios by US core banks.
The main findings are summarised below.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 26
These should be read along with the list of detailed findings and
observations in Section 2.
The gaps rectified during the assessment process are listed in Annex 6.
14 Regulatory Consistency Assessment Programme – United
States
Main findings by component
Scope of application
The Basel standards have been designed for “internationally active” banks.
However, the term “internationally active” is not specifically defined in the
Basel text, leaving its implementation to the discretion of national
authorities.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 27
In the United States, the agencies require “core banks” (as described above)
to adopt the advanced Basel standards.
Other banks may request to adopt the Basel advanced approaches (such
banks are referred to as “opt-in banks”).
All banks in the United States remain subject to the general US risk-based
capital rules.
The definition of core banks includes:
First, any depository institution (DI) meeting either of the following two
criteria:
(i) consolidated total assets of USD 250 billion or more; or
(ii) consolidated total on-balance sheet foreign exposure of USD 10 billion
or more.
Second, any US-chartered bank holding company (BHC) meeting any of the
following three criteria:
(i) consolidated total assets (excluding assets held by an insurance
underwriting subsidiary) of USD 250 billion or more;
(ii) consolidated total on-balance sheet foreign exposure of USD 10 billion
or more; or
(iii) having a subsidiary DI that is a core bank or opt-in bank.
Finally, any DI that is a subsidiary of a core or opt-in bank holding company
is also considered a core bank.
According to information provided by the US regulatory agencies, the
banking organisations subject to Basel standards account for nearly all of
the international exposures held by US banking organisations.
This holds for foreign exposures, foreign deposits, foreign liabilities,
number of foreign offices and assets under management held in foreign
offices.
Therefore, the team considers the US scope of application of Basel
standards to be compliant with the Basel Committee’s intended scope of
application.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 28
Transitional arrangements
The Basel framework prescribes a capital floor based on 80% of the Basel I
approach for banks that apply the advanced approaches for calculating
capital requirements for credit risk (IRB) and operational risk (AMA).
The US core banks that have exited parallel run are required to calculate a
floor based on 100% of the new US standardised approach.
The US agencies have explained that for a typical US bank the US floor will
be at least as conservative as the Basel I floor.
While it cannot be excluded that under extraordinary circumstances the US
floor may be less conservative than the Basel floor, taking into account the
enhanced quality and volume of regulatory capital of Basel III relative to
Basel I as well as the improved general conservatism of the calculation of
RWA, the assessment team agrees with the US regulatory agencies that this
is unlikely to happen in practice.
The team also notes that Basel II paragraph 49 states that “supervisors
should have the flexibility to develop appropriate bank-by-bank floors that
are consistent with the principles outlined in this paragraph.”
The US rules are assessed as compliant with the overall Basel III
transitional arrangements.
Definition of capital
A key element of Basel III was the set of changes made to the standards that
define the eligible components of regulatory capital.
While a number of deviations are identified in the context of definition of
capital, the data provided by US agencies suggest a relatively limited impact
on the capital ratios.
Overall, the US rules on the definition of capital are assessed as largely
compliant with the Basel framework.
(i) Treatment of defined benefit pension fund assets
The Basel framework allows banks to risk-weight defined benefit pension
fund assets when banks have unrestricted and unfettered access to these
assets.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 29
Otherwise, the assets need to be deducted from Common Equity Tier 1
(CET1) capital.
The US rule implements this requirement consistently, with one exception.
The US rule allows FDIC-insured banks to risk-weight these assets and not
deduct them from CET1 capital, without the condition of unrestricted and
unfettered access.
The US agencies explained that the FDIC has unrestricted and unfettered
access to such assets in the event of a resolution of an insured depository
institution, and that this ensures that the assets are available for the
protection of depositors and other creditors of a bank (as per Basel III para
77).
The team considers that the US treatment does not necessarily prevent
FDIC-insured banks from including defined benefit pension fund assets in
CET1 capital to which the bank would not have unrestricted and unfettered
access.
The US agencies clarified that bank holding companies are not
FDIC-insured entities and therefore cannot make use of this exemption.
The US agencies further explained that all internationally active core banks
are part of bank holding companies, and that the vast majority of the
pension fund assets are held at the holding company level and are fully
deducted.
As bank holding companies represent the highest level of consolidation for
US core banks, the team considers the impact of the finding to be limited.
The assessment team therefore considers the deviation as not material at
present, but listed the finding for future follow-up assessments (Annex 12).
(ii) Treatment of deferred tax assets
The Basel standards require deduction of deferred tax assets (DTAs) that
rely on the future profitability of banks.
However, DTAs that result from temporary differences may be subject to
threshold deductions.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 30
The US rules do not explicitly require the deduction of DTAs that rely on
future profitability, but allow risk weighting (100%) of DTAs that result
from temporary differences and that could be realised through net
operating loss carrybacks.
The US agencies explained that these DTAs do not rely on the future
profitability of banks but rather on past profitability.
The US agencies further clarified that the amount of these DTAs does not
exceed the amount of taxes previously paid that could be recovered through
net operating loss carrybacks.
The assessment team agrees that such DTAs do not depend on future
profitability.
The assessment team notes that the Basel standards do not explicitly
describe the treatment of DTAs arising from timing differences that the
bank could realise through net operating loss carrybacks.
The team also notes that the Basel Committee is considering further
clarification on this point, which it agrees is needed to avoid the risk of
inconsistent treatment across jurisdictions of the term “rely on the future
profitability of the bank to be realised”.
(iii) Definition of general provisions
Basel III carries forward the Basel II treatment that permits the inclusion of
“general provisions/general loan-loss reserves” in Tier 2 (up to a limit) for
banks on the standardised approach for credit risk.
However, it clarifies that they should not be included where they have been
created “in respect of an identified deterioration in the value of any asset or
group of subsets of assets” (Basel II para 49(vii)), noting that in such cases
“they are not freely available to meet unidentified losses which may
subsequently arise elsewhere in the portfolio and do not possess an
essential characteristic of capital.”
Under the US standardised approach, banks are permitted to include
allowances for loan and lease losses (ALLL) in Tier 2 (subject to limits that
are consistent with Basel standards).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 31
According to the preamble of the US rules, ALLL are intended to cover
“estimated, incurred losses as of the balance sheet date, rather than
unexpected losses”.
The US agencies have further clarified that loans that are determined to be
impaired (ie where it is probable that the creditor will be unable to collect
all amounts due) are required to be charged off (ie deducted from the
allowance).
In most cases, the lag between the recognition of impairment and the
associated charge-off will not be more than 90 days.
The US agencies also indicated that the entire ALLL are freely available to
cover charge-offs on loans and leases regardless of where they fall in banks’
portfolios.
Although the ALLL are intended to cover charge-offs of losses that were
estimated to have been incurred as of the balance sheet date, the ALLL are
available to cover charge-offs of credit losses on loan and lease losses that
were previously unidentified (ie unexpected); however, if charge-offs of
previously unidentified losses result in an inappropriately low ALLL level,
banks are expected to replenish their ALLL to appropriate levels through
provisioning.
The team considers that the US rules do not explicitly prohibit inclusion of
allowances in Tier 2 capital where they cover an identified deterioration of
particular assets or known liabilities, whether individual or grouped.
While data suggest that for a number of US core banks ALLL form a
substantial part of Tier 2 capital, the assessment team considers that under
the US rules, loans that are considered impaired are required to be charged
off without a significant lag, which ensures that ALLL are substantially
available to cover unexpected losses.
While a timing difference between impairment and charge-off could
potentially have a material effect on Tier 2 and the total capital ratio for
banks that are in parallel run (which is based on the US standardised
approach), as well as on the capital floor for US banks that have exited
parallel run, the team judges the deviation as unlikely to be material.
(iv) Treatment of insurance subsidiaries
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 32
The Basel standards permit banks to consolidate significant investments in
insurance entities as an alternative to the deduction approach on the
condition that the method of consolidation results in a minimum capital
standard that is at least as conservative as that which would apply under the
deduction approach.
The consolidation is for regulatory, and not for accounting, purposes.
This treatment has been specified in the Basel III definition of capital FAQs.
The US agencies’ capital treatment of significant investments in
unconsolidated insurance subsidiaries of bank holding companies is
consistent with the Basel approach, as these investments are required to be
deducted.
However, for insurance subsidiaries that are consolidated for accounting
purposes the US approach is to risk weight the insurance entity’s assets and
liabilities and deduct its minimum capital requirement.
The US agencies’ treatment does not require that the outcome be at least as
conservative as the Basel deduction approach.
The US agencies take the view that the Basel treatment for insurance
subsidiaries does not apply in the case where an insurance subsidiary is
consolidated for accounting purposes.
However, the assessment team holds the view that the Basel treatment
applies to “fully owned insurance subsidiaries that are consolidated for
regulatory capital purposes”.
The data provided by the US agencies show that investments in insurance
subsidiaries are generally not material for the 10 largest US bank holding
companies (eg the weighted average of the net assets of insurance
subsidiaries accounted for less than 0.3% of the parents’ RWA).
The team considers that the deviation could become potentially material
were a US core bank to acquire a large insurance company, as has happened
in the past.
(v) Implementation of point of non-viability criterion
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 33
The Basel standards require a contractual principal loss absorption
mechanism for all non-common Tier 1 (AT1) and Tier 2 instruments, unless
the governing jurisdiction of the bank has in place laws that
(i) require such Tier 1 and Tier 2 instruments to be written off upon such
event; or
(ii) otherwise require such instruments to fully absorb losses before
taxpayers are exposed to loss.
In addition, the Basel Committee has clarified that the relevant authority
must have the power to trigger writedown/conversion of the instrument
issued by a foreign subsidiary in addition to the relevant authority in the
foreign jurisdiction.
The US rules do not include this latter specification because the US is
implementing the statutory approach, and the US agencies believe this
requirement does not apply to jurisdictions that adopt that approach.
The assessment team understands that one of the purposes of the point of
non-viability (PON) press release is to ensure loss-absorbing capacity of the
foreign subsidiary under the gone-concern scenario in cases where capital
instruments issued by the subsidiary are included in the consolidated
capital of the banking group.
The team also notes that the PON press release states that the Committee’s
objective could only be met through a statutory approach “if it produces
equivalent outcomes to the contractual approach”.
The team considers that capital instruments issued by US banks under
foreign law (either directly or via foreign branches or subsidiaries) may not
necessarily allow the US authorities to trigger these instruments without
contractual arrangements.
The legal enforceability of the statutory approach outside the home
jurisdiction is uncertain and has not been demonstrated.
AT1 and Tier 2 instruments issued under foreign law would therefore, in the
assessment team’s view, not qualify as regulatory capital at the group’s
consolidated level, unless PON loss absorbency is implemented
contractually in compliance with the Basel PON standards, or the
authorities demonstrate they have the statutory powers to trigger these
instruments.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 34
Data suggest that the amount of AT1 and Tier 2 instruments issued by
non-US subsidiaries is currently very small.
Therefore, since the funding by US core banks is principally conducted in
the United States, the assessment team considers the finding as not
material at present, but listed it as an item for future follow-up
assessments.
Capital buffers (conservation and countercyclical)
Basel III established a capital conservation buffer above the minimum
capital requirements.
When a bank’s CET1 ratio falls into the buffer range, that bank becomes
subject to a restriction on the distribution of future earnings.
The US rule includes requirements for the capital conservation buffer and
countercyclical buffer, and associated restrictions on distributions,
consistent with the Basel III requirements.
The US framework is therefore assessed to be compliant with the Basel
buffer requirements.
The countercyclical buffer regime of Basel III works by extending the size of
the capital conservation buffer when excess aggregate credit growth is
judged to be associated with a build-up of system-wide risk.
Here too, the US framework is consistent with the Basel expectations for
the countercyclical buffer.
Credit risk: Standardised Approach
In the US rule, all banking organisations are required to apply the
Standardised Approach starting from 1 January 2015.
For advanced approaches core banks that have exited parallel run, the
Standardised Approach will be used as a floor for calculating minimum
capital ratios.
As indicated above, in accordance with the Dodd-Frank Act the US rules do
not reference external credit ratings.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 35
The team does not consider this to be a deviation per se from the Basel
framework, but the assessment team’s focus has been on the potential for
differences in regulatory outcome in comparison to the Basel standards.
All of the findings mentioned below relate to this issue.
First, for claims on sovereigns, public sector entities (PSEs) and banks
according to the OECD’s country risk classification (CRC), the US rule
assigns risk weights instead of external credit ratings.
For domestic exposures the information and data received suggest that
virtually all US public debt held by US banks is denominated in US dollars,
and that a US downgrade (particularly below AA–) is highly unlikely over
the assessment horizon (three to five years).
For non-US exposures, based on a comparison of the US rule with those
under a ratings-based approach, the assessment team judges that the
deviations are unlikely to become material.
Second, for credit risk mitigation (CRM) the Basel standards use minimum
external credit ratings to determine the eligibility of financial collateral.
In contrast, the US rules accept “investment grade” securities, defined as
having “adequate capacity to meet financial commitments for the projected
life of the asset or exposure” and “adequate capacity to meet financial
commitments if the risk of its default is low and the full and timely
repayment of principal and interest is expected”.
As this is without reference to credit ratings, the possibility remains that US
banks could use certain financial collateral that does not meet the Basel
standards, such as unrated securities issued by non-bank firms or
non-eligible unrated bank securities.
In addition, it is possible that the “investment grade” criterion may expand
the scope of eligible guarantors beyond the Basel approach.
While the US rule does not refer to external ratings when defining
“investment grade” collateral, the team’s dialogue with the industry
suggests that in practice US banks often use external ratings, among other
market factors and internal analysis, to determine whether collateral is of
“investment grade” quality.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 36
Although under the US rule an “investment grade” credit rating for a
particular debt security does not necessarily mean that the bank can
recognise the security as collateral for CRM purposes, the extent to which
US banks use “investment grade” collateral that would not qualify under
the Basel standards is not clear.
Finally, the US rule assigns supervisory haircuts for collateral based on the
OECD’s CRC instead of on external credit ratings under the Basel
standards.
While in some cases the standard supervisory haircuts in the US rule are
more conservative than those contained in the Basel text, for sovereign
issuers the US haircut on collateral may be different from the Basel
approach, as high-income OECD members and other high-income euro
zone countries that no longer receive CRC scores are risk-weighted 0%
irrespective of their external credit ratings, as long as they remain
non-default.
Differences may also exist in the resulting haircuts for non-sovereign
issuers.
Based on information and data provided by the US agencies, the
assessment team finds that the US approach does not materially deviate
from the Basel standards at present.
However, if external credit ratings were to deteriorate, the team considers
that a difference in outcomes with the Basel approach could result in less
conservative CRM treatment and potentially become material.
Overall, the US agencies’ implementation of the credit risk standardised
approach framework is therefore considered to be largely compliant.
Credit risk: Internal Ratings-Based approach
The US rules are assessed as largely compliant with the Basel framework.
The assessment team identified four areas of non-conformance with the
Basel requirements:
(i) reliance on accounting valuation;
(ii) specific IRB minimum requirements;
(iii) capital requirements for certain types of exposures; and
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 37
(iv) recourse to standardised approach parameters.
An overview is provided below; for details, see Section 2.3.4 of the detailed
assessment findings.
(i). Reliance on accounting valuation
The Basel IRB framework determines capital charges both for unexpected
(UL) and expected losses (EL) independent of accounting standards, to
ensure consistency between and comparability of resulting capital adequacy
measures across jurisdictions.
UL and EL are based on risk parameter estimates for probability of default
(PD), loss-given-default (LGD) and, in particular, exposure at default
(EAD) determined according to the IRB minimum requirements.
Accordingly, the Basel LGD estimates are based on an economic loss
concept relative to EAD, and EAD is measured gross of specific provisions,
partial write-offs and discounts.
The Basel definition of default is broader than the accounting impairment
concept (as it considers the likeliness of timely payment by the obligor
without considering potential recoveries, which are instead reflected by the
LGD).
However, there is recognition of (eligible) accounting-based general and
specific provisions against the IRB-based expected loss estimate EL = PD*
LGD* EAD.
That is, the Basel IRB framework recognises the extent to which expected
losses are covered by accounting standards-based CET1 capital reductions
for credit risk, and allows limited recognition of excess reductions as Tier 2
capital.
The US rules rely on accounting valuation beyond what is allowed under
Basel standards.
The assessment team has identified that this can lead to the following:
(a) Delayed recognition or potential non-recognition of default events for
retail exposures resulting in lower total EL and RWA where a default event
is not (yet) recognised.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 38
(b) Lower EAD for exposures with credit risk-related CET1 reductions
(including fair value reductions) or discounts.
The lower EAD reduces both RWA and EL amounts for non-defaulted and
defaulted exposures, and also allows recognition of accounting-based CET1
reductions for credit risk where these exceed total EL amounts.
The US rules do fully recognise such excess accounting reductions via an
EAD that is net of all accounting reductions to CET1 capital.
This effectively treats excess accounting reductions as if they covered a
portion of the RWA, ie the US rules treat excess accounting reductions as if
they were added back into CET1 capital.
This allows full recognition of excess accounting reductions for all three
capital ratios, whereas the Basel standards limit recognition of such
reductions to 0.6% of RWA as Tier 2 capital and do not allow any
recognition for the CET1 and Tier 1 capital ratio.
(c) Lower EL amounts for non-defaulted fair-valued exposures where total
fair value reductions do not exceed total EL amounts (PD*LGD*EAD) for
fair-valued exposures.
For non-defaulted exposures, the US rules determine IRB risk weights for
unexpected loss correctly by subtracting the PD*LGD*EAD figure for
expected loss as in the Basel risk weight function.
However, unlike the Basel framework, US rules do not consistently
determine EL for fair-valued exposures by this PD*LGD*EAD figure.
EL for non-defaulted fair-valued exposures is set to zero for the
comparison of total eligible provisions with total EL amounts.
As a consequence, coverage of expected loss is limited to the extent of fair
value reductions under US GAAP.
Where total fair value reductions are less than total EL amounts
determined by PD*LGD*EAD for fair-valued exposures, the US
implementation creates a gap in coverage of credit risk compared to Basel
standards.
This gap is equal to the difference between the sum of EL amounts
(PD*LGD*EAD) for fair-valued exposures and total fair value reductions.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 39
Data provided suggest that, currently, the fair value reductions of most US
banks significantly exceed EL amounts for fair-valued exposures.
Five US banks report significantly more conservative capital ratios than
those that would be calculated under the Basel standards.
For eight US banks, the approach appears less conservative than the Basel
standards, but currently does not result in materially lower capital ratios.
The assessment team concludes that the potential overestimation of capital
ratios by the US treatment of fair-valued exposures is currently not material
because of relatively high fair value reductions, but the situation could
change if these fair value reductions were to decrease in the future.
Also, fair value adjustments consider factors other than changes in
creditworthiness, such as changes in interest rates and liquidity.
Given the number of variables that contribute to the difference between fair
value and amortised cost, including changes in the composition of fair value
exposures that a bank holds which are subject to change for various
reasons, the assessment team considers the deviation potentially material.
(d) The EL will also be lower for defaulted exposures where
accounting-based loss assumptions do not consider all economic loss
contributions.
Further, the US approach may result in higher recognition of general
allowances as eligible provisions as it does not exclude the portion related
to Standardised Approach risk weights.
The US approach can thus result in lower CET1 capital deductions for EL or
excessive recognition of accounting-based CET1 reductions as Tier 2
capital.
The overall effect is that CET1 and Tier 1 capital ratios of US banks may be
higher than when Basel standards are applied.
The same is true for total capital ratios, except in those specific cases where
total fair value reductions together with total other eligible provisions
exceed total EL amounts (determined by the Basel standards) to an extent
that the effect of not increasing Tier 2 capital in the numerator of the US
ratio by excess fair value reductions is stronger than the effect of reducing
EAD in the denominator of the US ratio.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 40
The limited data available suggest that the impact on capital ratios of US
banks is, on average, not material at present.
However, since the extended reliance on accounting valuation can result in
lower capital requirements for expected and unexpected losses related to
credit risk and in lower deductions from CET1 capital, this deviation is
considered potentially material.
The US agencies have raised concerns that the Basel approach can create
disincentives to using fair value accounting compared to holding assets at
amortised cost.
The assessment team believes these disincentives are limited since fair
value reductions are treated as partial write-offs and therefore qualify as
eligible provisions.
Given the potential material impact on bank capital ratios, the assessment
team requests that the Basel Committee confirm this interpretation.
(ii) Non-inclusion of certain IRB minimum requirements
The US regulations set targets for rating systems, rating assignments and
risk parameter estimates that are consistent with the overarching principle
behind the IRB minimum requirements in the Basel framework.
This includes being accurate, reliable, consistent and appropriately
conservative.
Further, data must be relevant, processes and systems must be consistent
with internal use, etc.
These targets are supplemented by more specific requirements in the US
rules text itself, in the preambles to the final rule and the 2007 rules, and in
other published documents such as supervisory letters that implement
many of the specific IRB minimum requirements in a binding manner.
However, the US regulations do not specify certain of these targets in the
full depth required by the Basel standards.
The US authorities have taken the position that while these detailed
requirements are not explicitly articulated in the US rule text,
implementation of the specific provisions of the Basel framework is
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 41
achieved through robust supervisory oversight, and note that US
supervisors ask for much more than what is reflected in the rule text alone.
As evidence of the sufficiency of their enforcement of these requirements
and to highlight the robustness of their supervisory process, the US
agencies have referred to studies by the Basel Committee which suggest
that RWA for low-default portfolios are more conservative than in other
jurisdictions.
Following completion of the assessment, the US agencies issued a proposed
rule that would incorporate and clarify a number of minimum requirements
into the final rule.
The amendment is likely to be finalised in the second quarter of 2015. In
addition, the US agencies committed to issue the supervisory examination
work programmes that also clarify a further number of IRB minimum
requirements.
The amendment of the final rule addresses those missing minimum
requirements that the US agencies identified as most relevant to US
markets and banks.
In particular, the requirements provide more clarity regarding the
information, data and systems that must be used by banking organisations
to estimate IRB risk parameters.
The assessment team welcomes the rectifications, which further align the
US final rule with the Basel standards.
A number of missing IRB minimum requirements remain that may assume
significance in the future.
The assessment team recommends reviewing these missing minimum
requirements through the post-RCAP follow-up assessment or when
another RCAP assessment is undertaken to ensure that they do not assume
materiality.
(iii) Capital requirements for certain types of exposures
For certain exposures, the US agencies’ implementation of IRB minimum
capital requirements deviates in the following aspects from the Basel
standards.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 42
This may result in lower IRB capital requirements. Deviations relate to:
• extended scopes for
(i) a waiver for 0.03% PD floor;
(ii) double default recognition;
(iii) treatment as retail; and
(iv) risk weights for qualifying revolving retail;
• a narrower definition of equity exposures;
• missing recognition of high-volatility commercial real estate in other
jurisdictions;
• missing prohibition of reflecting double default effects in PD/LGD for
guaranteed retail exposures;
• potentially lower RWA for corporate leases where these expose the bank
to residual value risk;
• potentially insufficient capital requirements for purchased receivables
(zero for material dilution risk / potentially lower for credit risk); and
• a deviating approach to EAD for retail foreign exchange and interest rate
commitments.
The US authorities have provided data indicating that for some types of
exposures the deviations are currently not material.
Further, the US authorities have confirmed in writing that based on their
knowledge and available data the overall impact at present is not material.
In the view of the assessment team, while lower capital requirements under
specific circumstances have not represented a material deviation to date for
a typical internationally active bank with a diversified portfolio and an
average risk profile, the deviation may become material if a bank increases
its exposure to such products.
Comparably lower capital requirements can create incentives for shifts in
banks’ portfolios towards these products.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 43
The assessment team considers these deviations taken together as
potentially material because of the broad range of products to which they
relate.
(iv) Recourse to Standardised Approach parameters
The US rules take recourse to Standardised Approach parameters beyond
the limits set by the Basel standards for:
(a) equity exposures where 0%, 20% and 100% risk weights may be applied
beyond the limits of 10% capital and additional 10% capital for eligible
legislated programmes;
(b) cash items in the process of collection to which fixed 20% risk weights
are applied instead of risk-sensitive IRB risk weights for exposures to banks
or central banks; and
(c) fixed risk weights of 100% for defaulted assets applied solely to the
portion of the exposure not yet written off where the Basel standards
require assigning an LGD that reflects unexpected losses during the
recovery period on a risk-sensitive basis to the full EAD.
The deviation for equity exposures is assessed as potentially material.
While data provided by the US agencies show that the current volume of
20% and 100% risk-weighted equity exposures is still within the 10% capital
limit for legislative programmes, the assessment team notes that this limit
is nearly exhausted for the most affected bank.
The missing limit has thus not represented a material deviation to date, but
could become relevant in the future.
In the view of the assessment team, the large difference in risk weights
compared to the 300% or 400% under the simple risk weight method of the
Basel standards can further incentivise US banks to increase the share of
such equity exposures.
In addition, the team finds that – in contrast to the Basel standards – debt
exposures with the economic substance of equity holdings might not always
be required to be classified as equity under US regulations.
This deviation is therefore considered potentially material.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 44
The deviation for cash items in the process of collection is not currently
material, but could assume significance if US banks were to substantially
increase the share of these exposures, in particular with high-risk
counterparts.
The assessment team therefore recommends listing this finding for a
follow-up RCAP assessment.
Regarding defaulted assets, data provided by the US agencies show that the
finding is, on average, not material at present for the capital ratio of US
banks.
For most banks, the impact is limited and for some banks the result is even
considerably more conservative than under the Basel standards.
However, there is also a bank that reports a benefit of approximately 19 bps
on the normalised capital ratio.
The impact of using a fixed risk weight may increase if unexpected losses
increase.
This deviation is therefore considered potentially material.
Securitisation framework
The US agencies have implemented a securitisation framework that is, on
average, more conservative than the Basel standards.
Nevertheless, the assessment team has identified a number of divergences
between the US rules and the Basel standards that for some US banks lead
to materially lower securitisation RWA outcomes than the Basel standards,
both for securitisations held in the banking book and those held in the
trading book.
Overall, based on the materiality of the deviations identified by the
assessment team, the US implementation of the securitisation framework is
considered to be materially non-compliant.
These differences are mainly related to the prohibition on the use of ratings
in the US rules.
Pursuant to the Dodd-Frank Act, the US rules cannot include provisions
related to the Basel RBA, and accordingly provide alternative treatments
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 45
(such as the SSFA under both the credit risk and market risk aspects of the
US rules) and a hierarchy of approaches that differs from the Basel
provisions.
Although the assessment team understands that the US agencies calibrated
the SSFA to produce risk weights largely comparable on a portfolio basis to
those under the Basel RBA, estimates and analysis provided by the agencies
show that the SSFA has a material impact on the securitisation RWA of
several US banks.
With regard to the credit risk framework, on average, the SSFA is more
conservative than the RBA and relative to the RBA results in a weighted
average
(i) decrease in the normalised capital ratios of 6 bps and
(ii) increase of 14.5% in securitisation RWA for the nine sample banks.
However, for three banks the alternative approaches result in more than a
30% reduction in securitisation RWA (up to 52% for one bank).
With regard to the market risk framework, for the sample of US banks, the
deviation results in a maximum reduction in market risk RWA of 24.5%,
and an average reduction of 9.1%.
In capital ratio terms, the deviation results in a maximum change of 78.9
bps and an average change of 14 bps across banks in the sample.
Overall, the US approach produces a material impact for a limited number
of banks.
Historical data provided by the US agencies for securitisation issuances
from 2005 and 2006 show that the SSFA typically results in a more
conservative RWA than the RBA for all asset classes except for senior
residential mortgage-backed securities (RMBS).
For three of the banks in the sample, RMBS represent more than 1% of total
assets.
Data provided by US agencies suggest that the differences in risk weights of
senior RMBS may be attributed to external rating downgrades of AAA
securities observed after 2009.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 46
Based on a paper provided by the US agencies, the average regulatory
capital requirement under the SSFA is more conservative than the RBA for
mezzanine RMBS positions, while it is significantly less conservative for
senior RMBS exposures.
The potential future impact on capital ratios and the international level
playing field of the deviations identified depends on several factors,
including the asset class mix of individual bank portfolios, the risk of the
underlying securitised exposures and the seniority of the securitisation
exposure.
As the analysis provided by the US agencies was based on a very specific
pre-crisis vintage, and given the fact that the conservatism of the SSFA is
directly connected to the delinquency rate, it is not clear whether the SSFA
would deliver similar (conservative) results for more recent, post-crisis
vintages.
This aspect could be verified once a longer and more robust time series on
securitisation asset classes is available.
The assessment team has also noted that the regulatory approach for
securitisation is currently under revision by the Basel Committee, and that
future amendment to the Basel securitisation framework will probably
include a version of the SSFA derived from the one currently applied by the
US agencies.
The agencies note that these alternative approaches are consistent with the
FSB and BCBS objectives of reducing mechanistic reliance on external
credit ratings.
Further, the agencies agreed to consider amendments to the US
securitisation rules once the Basel Committee issues the revised
securitisation framework (Annex 6).
The assessment team welcomes this agreement and recommends a
follow-up assessment once the US rules have been updated (Annex 12).
Counterparty credit risk framework
In general, the US implementation of the counterparty credit risk (CCR)
requirements is broadly in line with the Basel framework.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 47
However, the assessment team identified a number of deviations, one of
which has a material impact on the capital ratio of at least one US bank.
The main deviation from the Basel framework is in the determination of
counterparty weights applied in the standardised approach for CVA.
In the Basel framework, credit ratings are used for this purpose, whereas
the US requirements replace the direct references to credit ratings with
probabilities of default due to the prohibition on the use of external credit
ratings in the US regulations.
Based on data received from the US authorities, although on average the
impact on CCR RWA of this approach compared to the Basel standard is
low, the impact is material for at least one US core bank.
For that bank, the US approach results in CCR RWA that are 12.3% lower
than would be the case under the Basel approach.
Further, as noted in Section 1.1, the US agencies have not incorporated the
CVA capital charge in the new US standardised approach. US core banks
that remain in parallel run will therefore not be subject to a separate CVA
capital charge.
The assessment team acknowledges that the Basel framework does not
explicitly prescribe the implementation of the parallel run, and understands
the view of the US regulatory agencies that the internal model approval
process cannot be compromised.
The team also considers that the issue will disappear once the remaining
core banks have received approval to exit parallel run.
At the same time, the team finds that the US approach results in a number
of core banks not being subject to a separate capital charge for CVA risk for
a protracted amount of time, which is considered not in line with the spirit
of the Basel standards.
With respect to CCP-related requirements, no material deviations were
identified.
The most significant (but still not material) deviation identified was that the
US rules allow banks which are clients (ie that clear their transactions
through a clearing member) to apply the 2% risk weight to trade exposures
in cases where client collateral is held in omnibus accounts.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 48
The Basel framework allows this application of a 2% risk weight in cases
where certain conditions relating to segregation and portability of collateral
are met.
In the case of US omnibus accounts, the condition is not fully met; however,
based on data from the US agencies on the size of exposures to which this
deviation relates, the deviation is considered to be currently not material.
The assessment team also considers that the deviation is unlikely to become
material in the future.
Overall, based on the deviations identified by the assessment team, and
their materiality, the US implementation of the CCR framework is
considered to be largely compliant.
Market risk: Standardised Measurement Method
The US market risk rule implements only certain provisions of the
standardised market risk measurement method of the Basel framework: the
equity- and interest rate-specific risk provisions and the securitisation
provisions.
The Standardised Measurement Method for general risk has not been
implemented as US rules instead require general risk to be measured using
the Internal Models Approach (IMA).
Given that the scope of application of the US rule is large banks, which the
Basel framework envisages would use the IMA, this is not considered by the
assessment team to be a deviation.
The assessment team identified one deviation from the Basel framework
with a material impact in regard to the treatment of non-modelled
securitisation positions.
Specifically, the US rules implement on a permanent basis a transitional
rule in the Basel framework for securitisations in the trading book that
permitted capital requirements to be based on the maximum of the capital
requirement that would be held against either the sum of the bank’s net
long or net short non-modelled securitisation positions (rather than the
capital requirement being the sum of the long and short requirements).
The US agencies indicated that the provision was adopted in this manner in
anticipation of the Basel Committee’s completion of the fundamental
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 49
review of the trading book, which, though still in development, aims to
improve risk sensitivity in part by allowing for increased recognition of
hedging under the Standardised Approach.
Notwithstanding the status of the fundamental review, this provision
represents a material deviation from the Basel requirements.
For the most affected banks, this deviation resulted in an 11% decrease in
market risk RWA and a 23 bp increase in the capital ratio (relative to
application of the Basel standards).
On average, across the sample of US banks the deviations result in a 6%
decrease in market risk RWA and a 6 bp increase in capital ratios.
The assessment team is concerned that the impact may increase further
over time.
Overall, taking into account the above deviation, the assessment team
considers the US implementation of the market risk standardised approach
to be materially non-compliant.
Market risk: Internal Models Approach
The US agencies have implemented all elements of the Basel standard
related to the market risk IMA.
In a number of areas, some of the detailed specifications set out in the
standard are not fully incorporated (eg specification of the risk factors to be
included in VaR, or details of stress testing requirements); however, where
this is the case there is always an overarching requirement which
substantively addresses these details.
Therefore, overall the US requirements for the IMA for market risk are
considered to be compliant with the Basel framework.
Operational risk: Basic Indicator Approach, Standardised
Approach and Advanced Measurement Approaches
Of the available approaches for operational risk in the Basel framework
(Basic Indicator Approach, Standardised Approach; Advanced
Measurement Approaches) the US agencies have implemented only the
Advanced Measurement Approaches (AMA).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 50
As already highlighted under the transitional arrangements, for core banks
that are in parallel run and report Basel I capital ratios, no explicit capital
requirements for operational risk apply.
In the view of the assessment team, this implementation differs from that
in most other Basel Committee jurisdictions and may hamper the
comparability of risk-based capital ratios across internationally active
banks during the parallel run period.
The US rules implementing the AMA are considered compliant with the
Basel framework.
While the US rules in general implement the requirements for operational
risk in a manner consistent with the Basel framework, there are a few
findings (mostly concerning some detailed technical criteria/requirements)
which are not likely to have a material impact on the capital ratios.
In particular, the US rules do not explicitly include some qualitative and
quantitative requirements for the use of the AMA.
To a certain extent, this reflects the fact that in a number of instances the
US rules contain only the broad principles, while the details are left to
supervisory guidance and practice.
The assessment team considered these deviations as to be not material.
In addition to the above-mentioned findings concerning technical
criteria/requirements, two deviations concerning the recognition of risk
mitigants in the context of the AMA were found.
The first concerns one of the eligibility criteria for using insurance: since
US rules cannot refer to credit ratings, the Basel criterion that the insurance
provider must have a credit rating of at least A (or equivalent) was changed
to a criterion stipulating that the probability of default of the insurance
provider cannot exceed 10 bps.
While this deviation is currently not material (no bank using the AMA is
using insurance for risk mitigation purposes at present), the assessment
team considers that it could become material in the future.
The second deviation concerns the possibility for supervisors to allow banks
to use risk mitigants other than insurance under the AMA.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 51
Under the Basel framework, only insurance is currently allowed.
However, so far US banks have not been allowed to use this type of
additional risk mitigant, which makes this deviation not material at
present.
The assessment team also considers that it is unlikely that it will become
material in the future.
Supervisory review process
US adoption of the Pillar 2 framework is considered to be compliant with
the Basel standards.
Rules, Supervision and Regulation Letters, and guidance issued by the US
agencies cover a wide range of supervisory review issues.
For example, the US rule does not explicitly require banks to have in place
and regularly review their CRM policies to control residual credit risk and
to take immediate remedial action when needed.
However, the assessment team finds high-level principles and requirements
in certain related guidance that substantially cover this requirement, and
therefore considers the finding as not material.
Disclosure requirements
The US requirements for disclosure requirements are considered to be
compliant with the Basel framework.
The disclosure requirements for advanced approaches banks that
completed the parallel run are mostly consistent with the Basel Pillar 3
requirements, albeit with a few exceptions.
First, the disclosure rules do not require banks to disclose quantitative
information on investments in insurance entities where banks apply the
“alternative approach” instead of the deduction approach.
Due to the limited importance of insurance entities for US banks (see also
the section on the definition of capital), this deviation has been judged as
not material at present.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 52
Second, US agencies decided not to adopt certain disclosure templates for
capital instruments (ie the main features template and the transitional
template), since this information is already available in other public and
regulatory filings (eg 10-K, 10-Q) on banks’ websites.
This deviation has also been judged as not material.
Further, the team notes that certain disclosure requirements are not
applied to core banks that are in parallel run.
For example, there is no disclosure of operational risk by core banks in
parallel run that report capital ratios based on Basel I until year-end 2014
and based on the new US standardised approach from 1 January 2015.
Only those US core banks that have exited parallel run are fully subject to
Pillar 3 requirements for advanced approaches banks.
The US agencies did not implement the Pillar 3 disclosure requirements for
remuneration, although the US agencies have confirmed that rules are
being prepared.
The agencies also noted that a number of disclosures relating to
remuneration have to be made under SEC rules, specifically Regulation
S-K. Since all the banks in the sample are publicly listed companies, they
are subject to those disclosures.
However, while Regulation S-K mandates a number of requirements that
match those mandated by the Basel framework in terms of substance, it has
a more limited scope, as it covers remuneration of senior management but
does not explicitly include remuneration of other material risk-takers.
Nevertheless, the assessment team considered this deviation as unlikely to
be material.
Annex : Details of the RCAP assessment process
A. Off-site evaluation
(i) Completion of a self-assessment questionnaire by US authorities
(ii) Evaluation of the self-assessment by the RCAP assessment team
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 53
(iii) Independent comparison and evaluation of the domestic regulations
issued by US authorities with corresponding Basel III standards issued by
the BCBS
(iv) Identification of observations
(v) Refinement of the list of observations based on clarifications provided
by US authorities
(vi) Assessment of materiality of deviations for all quantifiable deviations
based on data and non-quantifiable deviations based on expert judgement
(vii) Forwarding of the list of observations to US authorities
B. On-site assessment
(viii) Discussion of individual observations with US authorities
(ix) Meeting with selected US banks, accounting firms and a credit rating
agency
(x) Discussion with US authorities and revision of findings to reflect
additional information received
(xi) Assignment of component grades and overall grade
(xii) Submission of the detailed findings to US authorities with grades
(xiii) Receipt of comments on the detailed findings from US authorities
C. Review and finalisation of the RCAP report
(xiv) Review of comments by the RCAP assessment team, finalisation of the
draft report and forwarding to US authorities for comments
(xv) Review of US authorities’ comments by the RCAP assessment team
(xvi) Review of the draft report by the RCAP review team
(xvii) Review of the draft report by the Peer Review Board
(xviii) Reporting of findings to SIG by the team leader
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 54
RCAP sample of banks
The following 15 US core banks were selected for the RCAP sample for the
quantitative materiality testing.
These banks cover approximately 75% of total banking assets in the United
States and nearly all of the relevant international exposures of the US
banking sector.
• JPMorgan Chase (G-SIB)
• Bank of America (G-SIB)
• Citigroup (G-SIB)
• Wells Fargo (G-SIB)
• Goldman Sachs (G-SIB)
• Morgan Stanley (G-SIB)
• Bank of New York Mellon (G-SIB)
• US Bancorp
• HSBC North America
• Capital One
• PNC Financial Services Group
• State Street (G-SIB)
• TD Bank US
• American Express
• Northern Trust
Annex: Areas where US requirements are regarded to be higher
than the Basel standards
In several places, the US authorities have adopted a stricter approach than
the minimum standards prescribed by Basel or have simplified or
generalised an approach in a way that does not necessarily result in stricter
requirements under all circumstances but never results in less rigorous
requirements than the Basel standards.
The following list provides an overview of these areas.
The information in this annex has been provided by US regulatory agencies
and has not been cross-checked or assessed by the RCAP assessment team.
It should be noted that these areas have not been taken into account as
mitigants for the overall assessment of compliance.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 55
Transitional arrangements
• The US rules removed the transitional floors and adopted a permanent
floor based on the US standardised approach, as imposed by US statute,
which represents an additional requirement that is not currently included
in the Basel standards.
The floor imposed in the United States will generally be more conservative
than the Basel approach, as the US floor is 100% of the US standardised
approach while the Basel floor is 80% of the Basel I approach.
Additional stringency is provided by the calibration of the US standardised
approach, which was designed to be more conservative on a framework to
framework basis than the general risk-based capital requirements that were
based on the Basel I standards.
Definition of capital
• The US rules are more conservative than Basel III with respect to the
definition of additional tier 1 capital – Basel III allows the inclusion of
liabilities in additional tier 1 capital while the US rules only allow
accounting equity instruments in additional tier 1 capital.
Credit risk: Standardised Approach
• The Basel text allows PSEs to be risk-weighted at the same level as the
PSE’s sovereign.
Under the Basel Standardised Approach, the US agencies could justify a 0%
risk weight for these exposures, but apply a more conservative risk weight
of 20%.
• The US rules did not adopt the 75% risk weight for retail exposures. Such
exposures are risk-weighted at 100%.
• The Basel text allows claims secured by residential property to be
risk-weighted at 35%.
The US rule sets a 50% (rather than 35%) risk weight floor on residential
mortgages or a risk weight of 100% for those mortgage that do not qualify
for a 50% risk weight.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 56
• The Basel standardised text does not provide a specific treatment for
HVCRE exposures, meaning such exposures receive a 100% risk weight.
The US standardised approach sets 150% risk weight for HVCRE exposures.
• The Basel standardised text does not provide a specific treatment for
equity exposures, meaning such exposures receive a 100% risk weight.
Under the US standardised approach, most equity exposures are subject to
risk weights ranging from 100% to 600%.
Equity exposures to investment funds can receive a 1250% risk weight.
• While the US rules are prohibited by statute from referring to external
ratings, the US agencies apply a definition of investment grade that requires
firms to consider a variety of factors, including: available external credit
ratings, market data such as credit default swap spreads, financial
information published by the issuer of the debt instrument, external credit
assessments other than credit ratings, and internal analysis.
Firms, therefore, have a greater burden to support their determination that
a debt security is investment grade if one factor is contradicted by another
factor.
Hence, an investment grade credit rating for a particular debt security does
not necessarily mean the security qualifies as investment grade per the US
rules.
Credit risk: Internal Ratings-Based approach
• The US rules do not recognise SMEs, therefore, are super-equivalent to
the Basel text because they do not lower capital requirements via the
correlation adjustment for SMEs.
• The US advanced approaches rules do not allow for partial use because of
concern with cherry picking and because the US agencies believe that full
use of the advanced approaches is consistent with risk management
expectations for large, internationally active banks, and that their
implementation of Basel II is super-equivalent to the Accord.
• The US agencies did not implement the slotting criteria.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 57
For A-IRB banks, US rules are super-equivalent because they require full
implementation of PD/LGD.
• The capital requirement for defaulted exposures is EAD times 8%, rather
than the difference between LGD and the bank’s best estimate of expected
loss.
Under Basel paragraph 272, the capital requirement on a defaulted retail
exposure may be zero where all of the economic loss is already captured by
the best estimate of expected loss under current economic conditions (eg
where unexpected losses cannot further increase under more adverse
economic conditions) and therefore is instead deducted from CET1 capital
rather than being included in RWA.
The agencies believe this is imprudent, and instead require a fixed 100%
risk weight or a 20% risk weight where covered by an eligible guarantee
from the US government.
This is more rigorous in those cases where unexpected losses are lower than
8% (or 1.6% if guaranteed by the U.S. government) of that percentage of the
exposure that is not yet written off.
• Under Basel II, the capital requirement for a defaulted exposure is the
difference between LGD and best estimate of expected loss.
The US rule applies a capital requirement of EAD times 0.08.
Given the US agencies’ charge-off policy for defaulted retail loans, the
capital requirement on a defaulted retail exposure may be zero and often
would be zero or near zero for US banks if the US agencies adopted Basel
paragraph 328.
In particular, as described in the Uniform Retail Credit Classification
Guidance, a bank must charge off defaulted retail exposures to their
expected recoverable value less the cost to sell, so the loss-given-default
after charge-off should be zero.
The agencies believe this is imprudent, and instead require a more
conservative 100% risk weight.
The US rule is more conservative than Basel II with respect to those hedged
equity exposures where the remaining maturity is longer than one year by
requiring a 100% risk weight on the matched portion of a hedged
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 58
transaction (as opposed to full offset) and has requirements on the
effectiveness of the hedge. Also note the word “offset” in paragraph 345.
That implies a zero capital charge on the matched portion of a hedged
equity position.
The US treatment is more conservative because the agencies require USD 8
of capital for every USD 100 of the matched portion of a hedged equity
position.
In contrast to Basel II, the US agencies also require an ex ante and ex post
statistical demonstration of the effectiveness of the hedge and describe
alternative metrics that a bank must use.
Basel II requires no such test of the effectiveness (ie correlation between the
two sides of the two-part transaction).
The measures of association specified in the US rule are conventional
measures used by practitioners.
Thus, the US treatment, in that it requires a 100% risk weight on a perfectly
matched transaction, is much more conservative than the Basel II
treatment, which will assign a zero charge to many hedged equity positions
where fully matched.
Market risk
• The US rules provide for a surcharge of 8% on modelled correlation
positions taking into account the fact that many banking organisations
continue to have a limited ability to perform robust validation of their
comprehensive risk model using standard backtesting methods.
This provision exceeds the Basel framework requirements, and the
inclusion of a surcharge is appropriate as a prudential measure for banking
organisations to adequately validate comprehensive risk models and also
incentivises banking organisations to improve models on an ongoing basis.
Leverage Ratio
• The US rules incorporate a pillar 1 leverage requirement for all banking
organisations.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 59
• The US rule applies a pillar 1 supplementary leverage requirement to
advanced approaches banking organisations beginning in 2018.
In addition, the largest, most systemic banking organisations will be
required to meet a supplementary leverage ratio well above the 3%
minimum standard.
Covered bank holding companies will be required to hold a 2% leverage
buffer, for a total of a 5% supplementary leverage ratio requirement.
Insured depository institutions of covered bank holding companies will be
required to meet a 6% supplementary leverage ratio requirement in order
to be considered well-capitalised under the US prompt correction action
framework.
Currently, this enhanced supplementary leverage ratio requirement applies
to eight US banking organisations designated as globally systemically
important banks.
Annex: List of Basel approaches not allowed by US regulatory
framework
The following list provides an overview of approaches that the US
authorities have not made available to banks through the US regulatory
framework.
Where the Basel standards explicitly request certain approaches to be
implemented under specific circumstances, the missing approaches have
been taken into account in the assessment.
However, where the Basel standards do not require jurisdictions to
implement these approaches, they have been implicitly treated as “not
applicable” for the assessment.
Operational risk
• Basic Indicator Approach and Standardised Approach
Counterparty credit risk
• Standardised Method
Annex: List of issues for post-RCAP assessment follow-up
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 60
The assessment team identified the following issues for post-RCAP
assessment follow-up and for future RCAP assessments of the United
States:
1. Treatment of defined benefit pension fund assets held by FDIC-insured
banks.
2. Treatment of insurance entities in the definition of capital.
3. Additional Tier 1 and Tier 2 capital instruments issued by US banks and
their subsidiaries under foreign law and their treatment under the US
statutory approach.
4. For the IRB approach:
A broader quantification of differences stemming from reliance on
accounting valuation for EAD, EL and retail definition of default; and the
volume and difference in capital requirements for those exposures where
capital requirements under US rules are lower than Basel standards or
where fixed risk weights as in the Standardised Approach are used beyond
the limits allowed by the Basel standards for partial use, including for cash
items in the process of collection; a follow-up assessment of the impact of
missing minimum requirements not covered by the draft amendment
issued by the US agencies.
5. Follow-up assessment of the US securitisation framework.
Annex: Areas for further guidance from the Basel Committee
The assessment team listed the following issues for further guidance from
the Basel Committee. Additional detail is provided in Section 1.4 of the
report.
• Definition of capital: the treatment of DTAs that could be recovered
through operation loss carrybacks.
• Credit risk: the calculation of EAD and the application of the EL
excess/shortfall mechanism for fair value exposures under the IRB
approach.
Annex: US agencies’ summary of their Pillar 2 supervisory review
process
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 61
1. Understanding of Pillar 2 and relevance for the overall
supervisory activity
In the United States, Pillar 2 is the process for the supervisory review under
the advanced approaches rule.
These reviews are intended to help ensure a firm’s overall capital adequacy
by:
• confirming a banking organisation’s compliance with regulatory capital
requirements;
• addressing the limitations of minimum risk-based capital requirements as
a measure of a firm’s full risk profile – including risks not covered or not
adequately addressed or quantified in the Pillar 1 capital charges;
• ensuring that each banking organisation is able to assess its own capital
adequacy (beyond minimum risk-based capital requirements) based on its
risk profile and business model; and
• encouraging banking organisations to develop and use better techniques
to identify and measure risk.
Pillar 2 work is part of the overall US supervisory review process.
The US agencies use a risk-based supervisory philosophy focused on
evaluating risk, identifying material and emerging problems, and ensuring
that individual banking organisations take corrective action before
problems compromise their safety and soundness.
An integral part of the supervisory process is determining a banking
organisation’s composite rating under the Uniform Financial Institutions
Rating System (UFIRS) or “CAMELS” ratings from six component areas:
Capital adequacy, Asset quality, Management, Earnings, Liquidity and
Sensitivity to market risk.
2. Requirements for banking organisations
In the United States, the requirements for advanced approaches banking
organisations have been established by the prior and revised regulatory
capital rules and supplemented by the public document: Supervisory
Guidance: Supervisory Review Process of Capital Adequacy (Pillar 2)
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 62
Related to the Implementation of the Basel II Advanced Capital
Framework. The guidance covers three main areas:
(i) comprehensive supervisory review of capital adequacy;
(ii) compliance with regulatory capital requirements; and
(iii) internal capital adequacy assessment process.
3. Supervisory assessment
Examiners work full-time at large and complex financial institutions,
including advanced approaches banking organisations.
This enables the US agencies to maintain an ongoing programme of risk
assessment, monitoring and communications with firm management and
directors.
Objectives are designed to:
• Determine the condition of the banking organisation and the risks
associated with current and planned activities, including relevant risks
originating in subsidiaries and affiliates.
• Evaluate the overall integrity and effectiveness of risk management
systems, using periodic validation through transaction testing.
• Determine compliance with laws and regulations.
• Communicate findings, recommendations and requirements to firm
management and directors in a clear and timely manner, and obtain
informal or formal commitments to correct significant deficiencies.
• Verify the effectiveness of corrective actions, or, if actions have not been
undertaken or accomplished, pursue timely resolution through more
aggressive supervision or enforcement actions.
4. Capital expectation
Minimum capital requirements as set by the statutory prompt corrective
action (PCA) framework, which requires the US agencies to define separate
capital levels for well capitalised, adequately capitalised, undercapitalised,
significantly undercapitalised and critically undercapitalised institutions.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 63
Under the PCA framework, banking organisations face consequences and
restrictions of increasing severity as their capital levels fall.
The regulatory minimum capital ratios are standards that address only a
subset of risks faced by firms.
Therefore, a banking organisation should maintain capital well above
regulatory minimum capital ratios, especially during expansionary periods
when the economy may be growing robustly and earnings are strong but the
inherent risks in a banking organisation’s operations and balance sheet may
be increasing.
Equally emphasised is that a banking organisation at the “well capitalised”
level under the PCA rule should not automatically assume that it has
sufficient capital to cover all of its risks.
For advanced approaches banking organisations, the regulators’
assessment of a firm’s capital adequacy includes a review of the firm’s own
capital assessment and planning process.
Moreover, firm and supervisory stress testing have become key inputs to
capital planning at the largest banking organisations and to supervisory
assessments of firms’ capital adequacy.
Examiners evaluate the banking organisation’s approach to identifying and
measuring material risks, assessing capital adequacy, identifying capital
sources, raising capital when necessary, and preparing for contingencies.
Examiners also consider management’s capital assessment processes and
oversight by the board of directors.
Under the Federal Reserve Board’s (FRB) Comprehensive Capital Analysis
and Review (CCAR) programme, the FRB approves a bank holding
company’s capital actions (eg planned dividends, issuances and
repurchases as provided in the firm’s baseline scenario) on an annual basis.
These capital plan reviews are informed by stress tests conducted at large
banks under requirements established by the US banking agencies as part
of the Dodd-Frank Wall Street Reform and Consumer Protection Act, as
well as by the Dodd-Frank supervisory stress tests conducted by the FRB,
the OCC and the FDIC.
Additionally the OCC, FDIC and Federal Reserve recently published rules
requiring financial companies with more than USD 10 billion in assets to
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 64
conduct annual company-run stress tests using scenarios provided by the
agencies that reflect a minimum of three sets of economic and financial
conditions, including baseline, adverse and severely adverse scenarios.
5. Supervisory intervention measures
The US regulatory agencies use their supervisory and enforcement
authorities to ensure that financial intuitions operate in a safe and sound
manner and in compliance with the law.
There is a broad range of supervisory and enforcement tools to achieve this
purpose.
When the normal supervisory process is insufficient or inappropriate to
effect bank compliance with the law and the correction of unsafe or
unsound practices, or circumstances otherwise warrant a heightened
enforcement response, the agencies have a broad range of enforcement
tools.
Enforcement actions range from informal actions to formal actions.
Where a banking organisation’s capital is impaired, the agencies may issue
a Capital Directive or a PCA Directive, when authorised by law.
Annex: US floor for banks using advanced Basel approaches
The risk-based capital ratio floor calculation based on the US standardised
approach is imposed by statute.
The floor is 100% of the US standardised approach ratio, and is considered
more stringent than the Basel framework capital floor, which is 80% of
Basel I requirements.
It may be noted that additional stringency is provided by the calibration of
the US standardised approach, which was designed to be more conservative
on a framework to framework basis than the preceding general risk-based
capital requirements that were based on the Basel I standards. Such a
comparison is necessary to comply with certain statutory requirements
under section 171 of the Dodd-Frank Act.
The floor is implemented as follows: under the US rule in order to
determine its minimum risk-based capital requirements, an advanced
approaches banking organisation that has completed the parallel run
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 65
process and that has received notification from its primary federal
supervisor, must determine its minimum risk-based capital requirements
by calculating the three risk-based capital ratios using total risk-weighted
assets under the Standardised Approach and, separately, total
risk-weighted assets under the advanced approaches.
The lower ratio for each risk-based capital requirement is the ratio the
banking organisation must use to determine its compliance with the
minimum capital requirement.
For both ratios the capital definition is the same for CET1 and Tier 1.
For the Total Capital ratio, however, the advanced approach excludes the
general provisions included in Tier 2 (up to limit of 1.25% of standardised
credit RWA) and includes excess provisions over expected losses (up to
limit of 0.6% of credit RWA).
With respect to inclusion of risks in RWA, the differences between the US
standardised and advanced approach capital ratios include:
• CVA risk is not included in standardised RWA.
• Operational risk is not included separately in standardised RWA.
• Market risk RWA: the standardised and advanced approaches are
substantially identical.
However, under the standardised approach the bank must use SSFA to
determine the specific risk add-on for securitisation positions, whereas
under the advanced approach the bank may use SFA (if permitted by the
federal regulator).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 66
Non-financial corporations from emerging market
economies and capital flows
Stefan Avdjiev, Michael Chui and Hyun Song Shin
Non-financial corporations from emerging market economies
(EMEs) have increased their external borrowing significantly
through the offshore issuance of debt securities.
Having obtained funds abroad, the foreign affiliate of a non-financial
corporation could transfer funds to its home country via three channels: it
could lend directly to its headquarters (within-company flows), extend
credit to unrelated companies (between-company flows) or make a
cross-border deposit in a bank (corporate deposit flows).
Cross-border capital flows to EMEs associated with all three of the above
channels have grown considerably over the past few years, as balance of
payments data reveal.
To the extent that these flows are driven by financial operations rather than
real activities, they could give rise to financial stability concerns.
__________________________________
The pattern of cross-border financial intermediation has undergone
far-reaching changes in recent years, from one that relied overwhelmingly
on bank-intermediated finance to one that places a greater weight on direct
financing through the bond market.
In the process, non-financial firms have taken on a prominent role in
cross-border financial flows.
They have increased their external borrowing significantly through the
issuance of debt securities, with a significant part of the issuance taking
place offshore.
Between 2009 and 2013, emerging market non-bank private corporations
issued $554 billion of international debt securities.
Nearly half of that amount ($252 billion) was issued by their offshore
affiliates (Chui et al (2014)).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 67
An important question is whether this increased corporate external
borrowing can be a source of wider financial instability for emerging market
economies and, if so, which channels of financing flows give rise to
concerns.
The large increase in issuance by their overseas affiliates shows that EME
firms' financing activities straddle national borders.
Hence, measurement of external debts based on the residence principle can
be problematic.
In particular, external debt based on the residence principle may
understate the true economic exposures of a firm that has borrowed
through its affiliates abroad.
If the firm's headquarters has guaranteed the debt taken on by its affiliate,
then the affiliate's debt should rightly be seen as part of the firm's overall
debt exposure.
Even in the absence of an explicit guarantee, the firm's consolidated
balance sheet will be of relevance in understanding the firm's actions.
While this point has been well recognised in the realm of international
banking (Cecchetti et al (2010)), it had not received much attention in the
context of non-financial corporates until recently (Gruić et al (2014a)).
The practice of using overseas affiliates as financing vehicles has a long
history. Borio et al (2014) describe how in the 1920s German industrial
companies used their Swiss and Dutch subsidiaries as financing arms of the
firm to borrow in local markets and then repatriate the funds to Germany.
As old as such practices are, they have become the centre of attention again
in recent years due to the increasingly common practice of EME
non-financial corporates borrowing abroad through debt securities issued
by their affiliates abroad.
If the proceeds of the bond issuance are used for acquiring foreign assets,
the money stays outside and there are no cross-border capital movements.
However, we will be focusing on the case where the firm transfers the
proceeds of the bond issuance back to its home country, either to finance a
local (headquarters) project, or to be held as a financial claim on an
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 68
unrelated home resident - say, by being deposited in a bank or by being lent
to another non-bank entity.
If the overseas bond proceeds are repatriated onshore to invest in domestic
projects with little foreign currency revenue, the firm will face currency
risk.
If the proceeds are first swapped into local currency, then the firm's
activities are likely to have an impact on financial conditions (Box 1).
In either case, the economic risks may be underestimated if external
exposures are measured according to the conventional residence basis.
Having obtained funds abroad (by issuing bonds offshore), the foreign
affiliate of a non-financial corporation could act as a surrogate intermediary
by repatriating funds (Chung et al (2014), Shin and Zhao (2013)).
It can do that via thee main channels (Graph 1).
First, it could lend directly to its headquarters (within -company flows).
Second, it could extend credit to unrelated companies (between -company
flows).
Finally, it could make a cross-border deposit in a bank (corporate deposit
flows).
A practical question is how best to monitor these non-bank capital flows
under the existing measurement framework organised according to the
residence principle.
The balance of payments (BoP) accounting framework lists broad
categories such as foreign direct investment (FDI) and portfolio flows, but it
does not separate out the flows associated with corporate activity from
those of the financial sector.
However, a little detective work can reveal a wealth of information.
This article explores how the BoP data and some key items buried deep
within the broad categories of direct investment and other investment can
be used to shed light on cross-border capital flows through non-financial
corporate activities (Table 1).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 69
Box 1
International bond issuance, cross-currency swaps and capital
flows
When an EME company issues a US dollar-denominated bond in overseas
capital markets and then repatriates the proceeds, one would expect that to
show up as capital inflows in US dollars.
However, this need not always be the case.
The company or its overseas subsidiary can issue the bond and swap the
proceeds into domestic currency before transferring the funds back to the
headquarters.
Obviously, there will be a similar increase in the headquarters' liabilities,
but only the company's consolidated balance sheet would show an increase
in foreign currency liabilities.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 70
For instance, Chinese firms have primarily issued US dollar-denominated
bonds abroad, whereas non-Chinese companies account for a sizeable
proportion of offshore renminbi bond (CNH) issuance (Graph A).
Very often, these non-Chinese entities will swap their CNH proceeds into
US dollars.
In doing so, they are taking advantage of the cross-currency swap markets
to obtain US dollar funding at lower costs than by issuing US dollar bonds
(HKMA (2014)).
Similarly, cross-currency swaps offer Chinese firms a channel to get around
the tight liquidity conditions in China by swapping their US dollar proceeds
from bond issuance into renminbi and remitting to their headquarters.
In the rest of this article, we present evidence that capital flows to EMEs
associated with non-financial corporations have indeed increased markedly
over the past few years through three different channels.
First, we demonstrate that transfers between firms' headquarters and their
offshore affiliates have surged.
Next, we show that "non-bank" trade credit flows to EMEs have increased
significantly.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 71
Finally, we demonstrate that the amount of external loan and deposit
financing to EMEs provided by non-banks has grown considerably.
Within-company credit
An accounting convention in the balance of payments deems borrowing and
lending between affiliated entities of the same non-financial corporate to be
"direct investment".
Specifically, such transactions are classified under the "debt instruments"
sub-item of direct investment.
In contrast, borrowing and lending between unrelated parties are classified
as either a portfolio investment or under the "other" category.
The rationale behind treating within-firm transactions as direct investment
is that the overall profitability of a multinational corporation depends on
advantages gained by deploying available resources efficiently to each unit
in the group.
For example, tax considerations could drive the choice between equity and
within-company debt, and behaviourally such debt can be, and often is,
written down in adverse circumstances.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 72
Classifying the transfer onshore of funds obtained offshore as FDI raises
questions about the traditional view that FDI is a stable or "good" form of
capital flow (CGFS (2009)).
This may be true for FDI in the form of large equity stakes associated with
greenfield investment or foreign acquisitions.
But within-company loans, especially if invested in the domestic financial
sector, could turn out to be "hot money", which can be withdrawn at short
notice.
Thus, to the extent that within-company loans are financed through the
offshore issuance of debt securities, they could be viewed as portfolio flows
masked as FDI.
Quantitatively, for most EMEs, within-company lending has been modest
when compared with purchases of stakes in other companies (Graph 2,
left-hand panel).
However, there have been sizeable increases in within-company flows in
Brazil, China and Russia, amounting to more than $20 billion per quarter
for these three countries combined (Graph 2, right-hand panel), which was
broadly similar to the size of total portfolio inflows to the three countries
during this period.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 73
Between-company trade credit
The second mode of capital flow generated by non-financial firms' activities
is through trade credit.
The term "trade credit" has a narrower meaning in the balance of payments
than in everyday use.
Instead of encompassing trade financing more broadly such as guarantees
through banks and letters of credit, the trade credit category under the BoP
accounts refers only to claims or liabilities arising from the direct extension
of credit by suppliers for transactions in goods and services, under a
residual item known as "other investment".
Bank-provided trade financing, such as letters of credit, is recorded
separately under "loans".
Typically, trade credit flows between companies are small and account for a
small proportion of total other investment flows in most instances.
Direct credit extension between exporters and importers could be seen as
much riskier than arranging trade financing through banks.
However, trade credit flows to EMEs have increased since the global
financial crisis (Graph 3, left-hand panel), and the increase was driven, to a
certain extent, by China (Graph 3, right-hand panel).
In fact, the share of trade credit inflows in total other investment in China
in recent years has been much larger than that in other EMEs.
While these trade credit flows to China may reflect Chinese companies'
growing importance and credibility in world trade, trade credit could be
another route through which the proceeds of offshore funding can be
transferred to headquarters and/or unrelated companies onshore.
Between-company loans and corporate deposits
Despite the limitations of the existing data frameworks discussed above, it
is possible to combine BoP statistics with the BIS international banking
statistics (IBS) to shed some light on the growing importance of non-bank
corporates in providing cross-border loans and deposits to EMEs.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 74
From the lender perspective, the IBS capture the cross-border positions of
internationally active banks.
As a consequence, the IBS could be used to measure the amount of
cross-border loans that banks provide to residents (both banks and
non-banks) of a given country.
From the borrower perspective, a couple of (liability) categories in the BoP
data provide information on the amount of cross-border financing that the
residents of a given country obtain in the form of deposits and loans.
More specifically, "deposit liabilities" capture the standard contract
liabilities of all deposit-taking institutions in a given reporting jurisdiction
to both banks (interbank positions) and non-banks (transferable accounts
and deposits).
Meanwhile, "loan liabilities" cover liabilities that are created when a
creditor lends funds directly to a debtor, and are documented by claims that
are not negotiable.
Table 2 illustrates how BoP and IBS can be brought together to estimate the
amount of non-bank finance to EME residents.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 75
The two BoP categories discussed above capture the cross-border liabilities
of (bank and non-bank) residents of a given country to all (bank and
non-bank) creditors (represented by cells A, B, C and D).
By contrast, the IBS capture solely the cross-border liabilities to offshore
banks (cells A and B).
Thus, in principle, the difference between the two series could be used as a
rough proxy for the amount of non-bank external financing to the residents
of a country (cells C and D).
This difference used to be small but has been increasing rapidly in recent
years (Graph 4, left-hand panel).
Up until 2007, the two series moved fairly in sync, suggesting that BoP
deposits and loan flows were dominated by banks.
However, the gap between the two series has been steadily growing and
currently stands at approximately $270 billion (which amounts to 17% of
cumulative BoP flows since Q1 2005).
The growing gap between the BoP and IBS series could be interpreted as
evidence of the increasing weight of non-banks in providing external loan
and deposit financing to residents of emerging market economies.
A more detailed examination of the data suggests that the role of non-banks
might be even greater than the above estimates imply.
Assuming positive gross inflows from non-banks, the BoP external loan and
deposit estimates should exceed the respective IBS estimates for each
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 76
country in our sample (since, as discussed above, the former include
external lending by non-banks, whereas the latter do not).
However, we find that the exact opposite is true for several EMEs, such as
Brazil, China, Indonesia, the Philippines and Thailand (Graph 4, centre
panel).
In theory, this finding could be explained by negative cumulative non-bank
flows to each of those countries.
In practice, it is highly unlikely that this was the case during the time period
we examine.
A much more plausible explanation could be related to inconsistencies in
the reporting of external liabilities.
Box 2
Interpreting FDI flows under the new balance of payments
template
The rapid pace of financial globalisation over the past few decades has
changed many aspects of international capital flows.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 77
To improve the understanding of these capital movements, in 2009 the
IMF and its members agreed on a new template for collecting international
financial transactions data: the sixth edition of the IMF's Balance of
Payments and International Investment Position Manual (BPM6).
From January 2015, the IMF will only accept data submissions under
BPM6.
In the transition period, some countries will still be publishing their BoP
data under the previous template (BPM5, introduced in 1993) and the IMF
will simply convert those "old" data to the new standard.
Using Brazil as an example, this box illustrates how the conversion between
BPM5 and BPM6 affects the interpretation of FDI flows.
Data published under the two formats reflect somewhat different
treatments of within-company loans, resulting in differences in reported
gross FDI inflows and outflows (Graph B, left-hand and centre panels),
even though net FDI flows remain unchanged.
This is because, under BPM5, FDI transactions between affiliates are
recorded on a residence versus non-residence basis, whereas BPM6
differentiates between the net acquisition of assets and the net incurrence
of liabilities.
Simply put, under BPM5, both headquarter lending to affiliates (which
increases claims) and borrowing from affiliates (which increases liabilities)
are counted as gross outflows, albeit with opposite signs.
Under BPM6, by contrast, the two activities will fall into different
categories.
While headquarter lending to affiliates will continue to count as capital
outflow, borrowing from affiliates will be counted as net incurrence of
liabilities (capital inflow).
Using the notation in Graph B (right-hand panel), net acquisition of debt
claims under BPM6 (item 6.1.2) will be the sum of items 5.1.2 and 5.2.2
under BPM5.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 78
While the above finding is intriguing in its own right, it also has important
implications for the main question that we examine in this article.
Namely, it suggests that, for the remaining EMEs in our sample, the
aggregate size of the gap between the BoP and IBS series is considerably
larger than the one implied by the estimates for the full sample.
Indeed, as the right-hand panel of Graph 4 illustrates, the wedge between
the BoP and IBS series is considerably larger for the latter set of EMEs (ie
Chile, the Czech Republic, Hungary, India, Korea, Mexico, Poland, Russia,
South Africa and Turkey).
At the end of 2013, the BoP-implied external loan and deposit series for that
group of countries exceeded its IBS counterpart by over $550 billion (51%
of cumulative BoP flows since Q1 2005).
This presents further evidence of the importance of non-banks in providing
external loan and deposit financing to EMEs.
Conclusion
The shift away from bank-intermediated financing to market financing over
the past few years has coincided with a sharp increase in international bond
issuance by EME non-financial corporations.
This trend could have important financial stability implications.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 79
Yet, analysis of it is hindered by conceptual difficulties associated with
statistical conventions on the measurement of cross-border flows.
In this article, we utilise several key BoP data items to shed light on
cross-border capital flows through non-financial corporate activities.
We find that capital flows associated with non-financial corporations have
indeed increased markedly over the past few years through three different
channels. First, within-firm transfers have surged.
Second, trade credit flows to EMEs have increased significantly.
Finally, the amount of external loan and deposit financing to EMEs
provided by non-banks has grown considerably.
We interpret those findings as evidence that the offshore subsidiaries of
EME non-financial corporates are increasingly acting as surrogate
intermediaries, obtaining funds from global investors through bond
issuance and repatriating the proceeds to their home country through the
above three channels.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 80
[Exposure Draft]
Japan’s Corporate Governance
Code
Seeking Sustainable Corporate Growth and Increased Corporate
Value over the Mid- to Long-Term
In this Corporate Governance Code, “corporate governance” means a
structure for transparent, fair, timely and decisive decision-making by
companies, with due attention to the needs and perspectives of
shareholders and also customers, employees and local communities.
This Corporate Governance Code establishes fundamental principles for
effective corporate governance at listed companies in Japan.
It is expected that the Code’s appropriate implementation will contribute to
the development and success of companies, investors and the Japanese
economy as a whole through individual companies’ self-motivated actions
so as to achieve sustainable growth and increase corporate value over the
mid- to long-term.
Background
1.
Japan's initiatives for the corporate governance system have
significantly accelerated in recent years.
2.
The Japan Revitalization Strategy approved by the Cabinet in June
2013 specified as one of its measures the “preparation of principles (a
Japanese version of the Stewardship Code) for institutional investors in
order to fulfill their stewardship responsibilities, such as promoting the
mid- to long-term growth of companies through dialogue.”
This led to discussions starting in August 2013 by the Council of Experts
Concerning the Japanese Version of the Stewardship Code established
under the Financial Services Agency, which drafted and released the
“Principles for Responsible Institutional Investors (Japan’s Stewardship
Code)” (hereinafter, “Japan’s Stewardship Code”) in February 2014.
Japan’s Stewardship Code is currently in effect.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 81
In addition, the Legislative Council of the Ministry of Justice adopted the
“Outlines for the Revision of the Companies Act” in September 2012.
Subsequently, a bill was submitted to the Diet as an amendment to the
Companies Act, including a provision requiring companies to explain if they
do not appoint outside directors.
The bill was passed in the Diet and became law in June 2014.
3.
Another measure specified in the Japan Revitalization Strategy was
the encouragement of “securities exchanges in Japan to take measures that
lead to the enhancement of corporate governance, for example, by
clarifying listing rules concerning the appointment of outside directors and
developing new indices for companies that are highly evaluated for their
profitability and management.”
This led to the establishment by the Japan Exchange Group, Inc. of the
JPX-Nikkei Index 400, a new stock index composed of “companies with
high appeal for investors, which meet the requirement of global investment
standards, such as the efficient use of capital and investor-focused
management perspectives.”
The operation of this index began in January 6, 2014.
4.
In this context, the Japan Revitalization Strategy (Revised in 2014)
approved by the Cabinet in June 2014 specified as one of its measures the
establishment of “a council of experts of which the Tokyo Stock Exchange
and the Financial Services Agency will act as joint secretariat, aiming to
prepare the key elements of the Corporate Governance Code by around
autumn 2014 for the Tokyo Stock Exchange to newly prepare the Corporate
Governance Code in time for the 2015 season of general shareholder
meetings.”
This led to the formation of the Council of Experts Concerning the
Corporate Governance Code (hereinafter, the “Council of Experts”) in
August 2014, with the Financial Services Agency and the Tokyo Stock
Exchange serving as joint secretariat.
The Council of Experts met eight times since August, and developed its
basic thought on a corporate governance code as the “Corporate
Governance Code [Exposure Draft]” (hereinafter, the “Code”).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 82
The Japan Revitalization Strategy (Revised in 2014) also specified that the
formulation of a corporate governance code should be based on the OECD
Principles of Corporate Governance.
The Council of Experts thus engaged in their discussions by giving due
reference to the OECD Principles, and the content of the Code is based on
them.
5.
The Code is scheduled to receive broad public comments, both
domestic and global.
Then, in accordance with the Japan Revitalization Strategy (Revised in
2014), the Tokyo Stock Exchange is expected to revise its listing rules and
related regulations and formulate a corporate governance code, which is
expected to have the same content as the Code.
Objectives of the Code
6.
The Code has its foundation in the Japan Revitalization Strategy
(Revised in 2014 ), and is formulated as part of Japan’s economic growth
strategy.
As noted above, in the Code corporate governance means a structure for
transparent, fair, timely and decisive decision-making by companies, with
due attention to the needs and perspectives of shareholders and also
customers, employees and local communities.
On this basis, the Code establishes fundamental principles for effective
corporate governance.
7.
It is important that companies operate manage themselves with the
full recognition of responsibilities to a range of stakeholders, starting with
fiduciary responsibility to shareholders who have entrusted the
management.
The Code seeks “growth-oriented governance” by promoting timely and
decisive decision-making based upon transparent and fair decision-making
through the fulfillment of companies’ accountability in relation to
responsibilities to shareholders and stakeholders.
The Code does not place excessive emphasis on avoiding and limiting risk
or the prevention of corporate scandals.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 83
Rather, its primary purpose is to stimulate healthy corporate
entrepreneurship, support sustainable corporate growth and increase
corporate value over the mid- to long-term.
Recognizing the board’s fiduciary responsibilities to shareholders and other
stakeholder responsibilities, the Code includes language that calls for a
certain measure of corporate self-discipline.
It would not be appropriate, however, to view them as limits on companies’
business prerogatives and activities. Indeed, quite the opposite: without
appropriately functioning corporate governance, the reasonableness of
management’s decision-making processes cannot be secured.
In such a case, the management may become risk-avoiding due to concerns
that their responsibility with respect to business decisions may be put in
question. Such a situation would significantly restrict decisive
decision-making and companies’ business activities.
By calling for appropriate corporate governance disciplines at Japanese
companies, the Code aims to have the management free from such
restrictions and establish an environment where healthy entrepreneurship
can flourish and where the management’s capabilities can be given full
force.
8.
Given the concerns regularly perceived about the growth of
short-term investment activities in capital markets, it is hoped that the
Code will also have the effect of promoting mid- to long-term investing.
Market participants who have the strongest expectations for the
improvement of corporate governance are usually shareholders with midto long-term holdings, and they usually wait until the improvements of
corporate governance are achieved.
Notwithstanding recent concerns over the growth of short-termism in the
market place, such shareholders have the potential to become important
partners for companies.
The Code asks companies to examine whether there are issues in their
corporate governance in light of the aim and spirit of the principles of the
Code, and take self-motivated actions in response to those issues.
Such efforts by companies will make possible further corporate governance
improvements, supported by purposeful dialogue with shareholders
(institutional investors) based on Japan’s Stewardship Code.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 84
In this sense, the Code and Japan’s Stewardship Code are "the two wheels
of a cart", and it is hoped that they will work appropriately and together so
as to achieve effective corporate governance in Japan.
“Principles-Based Approach” and “Comply-or-Explain Approach”
9.
The Code specifies General Principles, Principles and Supplementary
Principles.
The manner of their implementation may vary depending on industry,
company size, business characteristics, company organization and the
environment surrounding the company.
The Code’s principles should be applied in accordance with each company’s
particular situation.
10. Given the above, the Code does not adopt a rule-based approach, in
which the actions to be taken by companies are specified in detail.
Rather, it adopts a principles-based approach so as to achieve effective
corporate governance in accordance with each company’s particular
situation.
This principles-based approach has already been adopted in Japan’s
Stewardship Code.
The significance of this approach is found in having parties confirm and
share the aim and spirit of the principles and review their activities against
the aim and spirit, not against the literal wording of the principles, even
where the principles may look abstract and broad on the surface.
For this reason, the terminology used in the Code is not strictly defined as is
the case with laws and regulations.
It is anticipated that companies that are accountable to shareholders and
other stakeholders will apply appropriate interpretations of the
terminology in accordance with the aim and spirit of the Code.
Shareholders and other stakeholders are also expected to fully
understand the significance of this principles-based approach in their
dialogue with companies.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 85
11.
Moreover, unlike laws and regulations the Code is not legally
binding.
The approach it adopts for implementation is “comply or explain” (either
comply with a principle or, if not, explain the reasons why not to do so).
In other words, the Code assumes that if a company finds specific principles
(General Principles, Principles and Supplementary Principles)
inappropriate to comply with in view of their individual circumstances, they
need not be complied with, provided that the company explains fully the
reasons why it does not comply.
12.
While this comply-or-explain approach is also adopted in Japan’s
Stewardship Code, it is an approach that may not yet be well known in
Japan.
It is necessary to bear fully in mind that companies subject to the Code are
not required to comply with all of its principles uniformly.
Shareholders and other stakeholders should also understand the aim of this
approach and should fully respect the particular circumstances of
individual companies.
In particular, it would not be appropriate to consider the literal wording of
each principle of the Code superficially and conclude automatically that
effective corporate governance is not realized by a company on the ground
that the company does not comply with some of the principles.
Of course, when companies explain their reasons for non-compliance, they
should do so by explaining the measures they have taken or they will take
for those non-compliant principles in a manner that non-compliance will
gain full understanding from shareholders and other stakeholders.
Offering a superficial explanation using boiler-plate expressions would be
inconsistent with the concept of “comply or explain.”
Implementation of the Code
13.
The Code is applicable to all companies listed on securities exchanges
in Japan (hereinafter, “companies”).
For the application of the Code to the companies listed in the markets other
than the main market (namely, the Tokyo Stock Exchange First and Second
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 86
Sections), some consideration may need to be given to the size and
characteristics of such companies with respect to the applicability of
principles such as governance structure and disclosure.
In this respect, it is expected that the Tokyo Stock Exchange will clarify
what sorts of consideration will need to be given to which parts of the Code
for the companies listed in the markets other than the main market.
14.
Companies in Japan may choose one of the following three forms of
corporate organization: Company with Kansayaku Board, Company with
Three Committees (Nomination, Audit and Remuneration), or Company
with Supervisory Committee.
The Code does not express a view on any of these forms of company
organization.
It specifies fundamental principles for corporate governance that should be
applicable to whichever form of organization a company may choose.
Given that most Japanese companies are Companies with Kansayaku
Board, a number of principles specified in the Code are drafted under the
assumption that the form of Company with Kansayaku Board is chosen.
It is anticipated that companies that take a form other than Company with
Kansayaku Board will apply these principles by making necessary
adjustments in accordance with their form of company organization.
15.
It is expected that the Code will enter into force on June 1, 2015, after
the Tokyo Stock Exchange takes necessary institutional steps.
Depending on their situation, there may be companies that will find it
difficult to fully implement certain principles of the Code from the
implementation date noted above even if they desire to do so, such as the
principles on governance structures.
In such situations, if companies undertake serious investigations and
preparations for the commencement of the Code’s application but still find
immediate full compliance difficult, these companies’ provision of clear
explanations on their plans and conceivable schedule for future compliance
should not be ruled out as being against the Code.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 87
Moreover, some principles in the Code call for disclosure or explanation,
including cases where companies are asked to “explain” the reasons for
non-compliance.
Since it would be desirable that companies disclose and explain some of
these matters in a standardized framework (for example, through the
Corporate Governance Report submitted to the Tokyo Stock Exchange), it is
expected that the Tokyo Stock Exchange will offer clarification for handling
this matter.
Future Revisions of the Code
16.
As noted above, while the Code establishes fundamental principles
for effective corporate governance, these principles do not remain
unchanged. Under rapidly changing economic and social circumstances, in
order to ensure that the Code continues to achieve its objectives, the
Council of Experts expects that the Code will be periodically reviewed for
possible revisions.
General Principles
Securing the Rights and Equal Treatment of Shareholders
1.
Companies should take appropriate measures to fully secure
shareholder rights and develop an environment in which shareholders can
exercise their rights appropriately and effectively.
In addition, companies should secure effective equal treatment of
shareholders.
Given their particular sensitivities, adequate consideration should be given
to the issues and concerns of minority shareholders and foreign
shareholders for the effective exercise of shareholder rights and effective
equal treatment of shareholders.
Appropriate Cooperation with Stakeholders Other Than
Shareholders
2.
Companies should fully recognize that their sustainable growth and
the creation of mid- to long-term corporate value are brought as a result of
the provision of resources and contributions made by a range of
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 88
stakeholders, including employees, customers, business partners, creditors
and local communities.
As such, companies should endeavor to appropriately cooperate with these
stakeholders.
The board and the management should exercise their leadership in
establishing a corporate culture where the rights and positions of
stakeholders are respected and sound business ethics are ensured.
Ensuring Appropriate Information Disclosure and Transparency
3.
Companies should appropriately make information disclosure in
compliance with the relevant laws and regulations, but should also strive to
actively provide information beyond that required by law.
This includes both financial information, such as financial standing and
operating results, and non-financial information, such as business
strategies and business issues, risk, and governance.
The board should recognize that disclosed information will serve as the
basis for constructive dialogue with shareholders, and therefore ensure that
such information, particularly non-financial information, is accurate, clear
and useful.
Responsibilities of the Board
4.
Given its fiduciary responsibility and accountability to shareholders,
in order to promote sustainable corporate growth and the increase of
corporate value over the mid- to long-term and enhance earnings power
and capital efficiency, the board should appropriately fulfill its roles and
responsibilities, including:
(1)
Setting the broad direction of corporate strategy;
(2) Establishing an environment where appropriate risk-taking by the
senior management is supported; and
(3) Carrying out effective oversight of directors and the management
(including shikkoyaku and so-called shikkoyakuin) from an independent
and objective standpoint.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 89
Such roles and responsibilities should be equally and appropriately fulfilled
regardless of the form of corporate organization – i.e., Company with
Kansayaku Board (where a part of these roles and responsibilities are
performed by kansayaku and the kansayaku board), Company with Three
Committees (Nomination, Audit and Remuneration), or Company with
Supervisory Committee.
Dialogue with Shareholders
5.
In order to contribute to sustainable growth and the increase of
corporate value over the mid- to long-term, companies should engage in
constructive dialogue with shareholders even outside the general
shareholder meeting.
During such dialogue, senior management and directors, including outside
directors, should listen to the views of shareholders and pay due attention
to their interests and concerns, clearly explain business policies to
shareholders in an understandable manner so as to gain their support, and
work for developing a balanced understanding of the positions of
shareholders and other stakeholders and acting accordingly.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 90
Public Service: An Obligation and
Opportunity for Lawyers
Chair Mary Jo White
Association of American Law Schools Annual
Meeting, Showcase Speaker Program,
Washington D.C.
Thank you, for that excellent introduction.
I am truly honored to have been asked to be the inaugural speaker in your
Showcase Speaker Program.
This is an impressive forum for a serious discussion of the most important
issues affecting law schools and the legal profession.
And the theme of this year’s annual meeting – “Legal Education at the
Crossroads” – is an apt description of the critical juncture we are facing in
2015.
Many of the challenges confronting law schools today are well-known.
Enrollment of first-year law students has not been this low since 1973, the
year before I graduated from law school.
And while the job market for law school graduates has improved over the
last few years, the financial crisis resulted in fundamental structural and
market changes to more than just our financial system.
There have been lasting changes to the legal job market that may, in the
long-run, affect the educational choices of college graduates and the
economic models of many of our law schools.
I know you are studying these changes carefully and strategizing for the
“new normal” and the financial challenges that come with it – for both
students and your institutions.
One positive by-product of the market changes, however, has been the
steady, perhaps slightly increased, number of recent law graduates
employed in the public and public interest sectors.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 91
And the graduates going into public service roles are increasingly
subsidized in some fashion by the law schools -- indeed, about a quarter of
such jobs are supported by law school grants.
This is a far cry from what was happening when I graduated from Columbia
Law School in 1974.
At that time, it seemed like the vast majority of students exclusively sought
employment in large law firms.
There were no clinical programs to speak of, let alone financial subsidies
and loan forgiveness programs to support public interest work.
Those changes are very good ones -- very good for students, the legal
profession and society.
I think we would all like to see these programs, and the opportunities that
come with them, expand in the years to come.
My remarks tonight are inspired by the public service “silver lining” that is
emerging in the current environment.
What I will talk about is the overarching public service obligation of lawyers
and the opportunities and benefits that public service jobs provide.
As an initial matter, I believe that, as lawyers, we should broaden our
perspective on our public service obligation and deepen our commitment to
public service, irrespective of the particular job we currently hold.
More of us should consider careers in public service or at least aim to work
in the public sector at various stages of our professional lives.
And, more broadly, we should view our public service obligation as a
long-term, continuous responsibility that guides how we conduct ourselves
– whether working in the public or private sectors.
I will begin, as lawyers often do, by defining some terms.
What do I mean, in the broadest sense, by the “public service obligation” of
lawyers?
I will offer my view that the public service obligation is something that
should permeate everything we do as lawyers.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 92
Next, I will discuss some of the unique and significant benefits of public
service.
And, finally, I will encourage you in the legal academy to continue teaching
and emphasizing the importance of the lawyer’s public service obligation
and its benefits, to raise the bar for lawyer performance and to inspire an
interest in a broader set of career choices for your students.
A Lawyer’s Public Service Obligation
Law is a service business, with the emphasis on service.
Our responsibilities as lawyers indeed center on our ethical obligations
related to the services we provide to our clients, to the profession and to the
rule of law.
And, as Ben Heineman, William Lee and David Wilkins recently wrote in
their very thoughtful piece on “Lawyers as Professionals and Citizens,”
there is a fourth ethical responsibility or dimension for lawyers that
requires us to generally provide our services “in the public interest” in
furtherance of a “safe, fair and just society.”
To be sure, some lawyers have “pure” public service and public interest
jobs, whether in government agencies, the military, the legal academy,
public interest organizations, or non-profit work of various kinds.
In those positions, the duty of public service is the essence of the job
description.
But this fourth ethical responsibility of public service for lawyers is by no
means limited to those of us in public service roles.
It applies to all lawyers throughout their careers, including private sector
lawyers advising private sector clients.
And it is an obligation that extends far beyond our still aspirational duty to
provide 50 hours of pro bono legal services each year.
As Roscoe Pound, the distinguished former Dean of Harvard Law School, so
eloquently captured it, private sector lawyers also have an obligation to
practice law “in the spirit of public service.”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 93
For me, that means that we are obligated to ask our clients the “should” or
“ought to” questions and include those considerations in the advice we give.
Or, as Archibald Cox put it in terms we can all understand – lawyers should
be willing to say to clients, “Yes, the law lets you do that, but don’t do it.
It’s a rotten thing to do.”
Cox’s point is obviously that our role as lawyers transcends the technical -it requires us to consider the public’s welfare in addition to the interests of a
private client.
That is how it should be.
Perhaps if lawyers were better at fulfilling this aspect of our public service
obligation, we could elevate our collective reputation, and finally make the
list of most admired professions -- a list where teachers and members of our
military always rightfully do well.
Lawyers, on the other hand, tend to trail way behind, sometimes barely
ahead of telemarketers and lobbyists.
But this was not always the case.
Lawyers, for example, played a central role in the founding of our nation
and enshrining the values that guide our country today.
Thomas Jefferson was a lawyer, as was Abraham Lincoln.
There are more modern day heroes too.
A number from my field, for example, have been singled out, including
former SEC Chairman Manny Cohen – who rose from staff member to
Chairman and brought about changes to allow SEC staff lawyers to provide
pro bono legal services – and former Director of Corporation Finance,
Linda Quinn, who was both a giant of the securities bar and the first woman
to lead the Division.
And there are, of course, other heroes from our ranks: Justices Thurgood
Marshall, Sandra Day O’Connor and Ruth Bader Ginsberg.
Their careers, before they joined the Court, centered on championing the
civil rights of minorities and women, as well as a commitment to legal
education and other public service.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 94
A 2013 survey by the Pew Research Center’s Religion and Public Life
Project, however, paints a bleak picture of how our profession as a whole is
regarded today.
It asked how much certain professions contribute to society’s well-being.
Not surprisingly, 78% said members of the military contribute “a lot,” and
72% said teachers do as well.
Lawyers, on the other hand, got a disappointing 18% endorsement, with
34% of those surveyed saying that lawyers contribute very little or nothing
to society.
That 34% hurts.
Our image as a profession clearly needs work.
Public service though is about much more than image. It is about lawyers
being good citizens as well as knowledgeable, well-trained practitioners.
Personally, it has been one of the most satisfying aspects of my career,
whether in the public or private sector.
And make no mistake, private practitioners, not just public sector lawyers,
need to absorb and live the public service mandate in order to raise the bar
on our real worth as a profession.
The “image part” will follow right behind.
Public Service Jobs
Government lawyers and public interest lawyers are also bound by the
public service obligation, but for them it is their core mandate.
I used to say to the young prosecutors who worked for me when I was the
U.S. Attorney for the Southern District of New York: “your conscience is
your client,” reminding them that, as representatives of the public, they
should always, always take the “high road,” both substantively and
procedurally, as they carry out their responsibilities.
The same applies to the SEC staff lawyers with whom I am now privileged
to work.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 95
The primary responsibility of government lawyers is to serve the public –
and that is also their primary source of job satisfaction.
I see that every day with the SEC staff and the high levels of professional
accomplishment and personal pride that comes from the work they do to
protect investors, safeguard our markets, and facilitate capital formation -the tripartite mission of the SEC.
Doing what you think is in the public’s best interest every day, and doing it
in the most principled way, is a sure path to professional and personal
fulfillment.
Very good work if you can get it.
The Rewards of Public Service
There are, of course, many other benefits and rewards that come from a
public service job.
I will highlight just three of them:
- exposure to an important segment of our profession that contributes
directly to the public welfare;
- hands-on training and greater responsibility as a young lawyer; and
- the opportunity to work on cutting edge issues.
When young lawyers ask me about a choice between a career in the public
or private sector, I invariably offer the following advice -- if possible, try to
spend time in both.
Even if you think you are destined to be a life-long government or public
interest lawyer, or to have a long career in private practice in a large law
firm, it is still invaluable to experience as many different slices of legal life
as you can.
As young lawyers begin their legal careers, they often have very little idea of
what will actually interest and engage them, so it is important to take
advantage of every available opportunity early on.
Exploring both the public and private sectors will steepen and broaden
their learning curves.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 96
Our careers as lawyers typically span many decades, often as many as 40 or
50 years –that gives us a lot of time to work with.
So it is possible for your graduates, over the course of their careers, to seize
any number of exciting and varied opportunities that come their way and
ignite their interest.
This last piece of curbside advice is for the long-term too.
More senior – or as I like to say “seasoned” – lawyers should look for
opportunities to follow their hearts and dreams, especially when they
involve providing public service on a more full-time basis. Both the lawyer
and the public will be the beneficiaries.
At the SEC, for example, we have made an effort over the last several years
to hire experts from the private sector, both lawyers and other market
specialists.
Our existing staff and the new private sector recruits learn from and
complement each other.
It unquestionably makes us a stronger agency and enhances our ability to
protect investors and strengthen our capital markets.
We also benefit enormously from those academics, market experts and
others with very busy day jobs who give of their time and talents to our
advisory committees.
For example, in the coming days we will announce the members of the
Market Structure Advisory Committee, a committee filled with market
experts and academics that will assist our staff and the Commission in the
very important work we are doing to comprehensively review the structure
of our equity markets to optimize them for the benefit of investors and
companies seeking to raise capital.
The opportunities are many.
Jobs in the government for lawyers range from short-term consultancies
and fellowships, to full-time positions and even Presidential appointments,
such as mine as Chair of the SEC and United States Attorney.
As a society, we need to attract talented, knowledgeable and genuinely
committed professionals to public service and work to remove barriers that
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 97
discourage giving back – whether the obstacles are financial, structural,
educational or something else.
Of course, a major benefit of public service jobs for young lawyers is
hands-on training and greater responsibility.
There simply is no substitute for “doing it” to grow your competence and
expertise.
Trying a case, however small, is qualitatively different than serving as one
of a dozen associates on the biggest antitrust or securities fraud case.
Having done both, I know that both can provide invaluable experience, but
I would argue that young lawyers find the most vertical learning curves in
the public sector -- where you can handle your own cases and where the
decisional “buck” often stops with you.
Some of my most meaningful, and memorable, learning occurred when I
was the one calling the shots as a young prosecutor.
Another significant benefit of public service jobs is the importance and
variety of the work.
Prosecutors who worked for me when I was U.S. Attorney tried and
convicted the terrorists who bombed the World Trade Center in 1993 and
our embassies in East Africa in 1998, indicted Osama bin Laden, and
investigated the terrorist attacks of 9/11.
Others indicted and convicted major financial institutions for securities and
other frauds.
Enforcement staff attorneys at the SEC root out fraudsters stealing millions
of dollars in complex Ponzi schemes and recover money for harmed
investors who count on their investments to fund their children’s education
or their own retirements.
Others at the agency develop policy initiatives that enhance the resiliency of
our equity markets and provide more useful information to investors before
they decide whether and where to invest their money.
In other areas of the public sector, lawyers work to overturn unjust laws,
exonerate the innocent, uphold our civil rights, or provide legal services to
those who cannot afford a lawyer.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 98
Motivation is almost never lacking in public service jobs. Indeed, the word
that almost always pops up in discussing public service jobs is “fun” – a
priority that has become far too elusive and scarce in our profession.
The late Judge Edward Weinfeld of the Southern District of New York, who
routinely arrived at the courthouse before 6 AM and worked twelve hour
days, put it this way – “What one enjoys is not work. It is joy.”
I have been very fortunate in my career to share Judge Weinfeld’s view.
Finally, trying hard not to sound like I am on a soapbox, when you engage
in public service, every day you go to work, you have a chance to make a real
difference in people’s lives.
As I said earlier, very good work if you can get it.
***
So, thus far, I have urged that all lawyers recognize our obligation to
conduct ourselves in furtherance of the public interest, whether directly
from the perch of a public service job or by practicing law “in the spirit of
public service” -- asking and advising on those “ought to” questions.
I have also made a shameless pitch for greater pursuit of public service jobs
throughout our legal careers.
That brings me to my final point -- close to home for this audience -- how I
believe law schools contribute so vitally to broadening law students’
perspectives and deepening their commitment to serving in the public
interest.
Role of the Law Schools
Let me hasten to say that I would not presume to lecture you on legal
education.
That is your expertise and one that I deeply respect.
Rather, I want to commend you for some of the steps law schools have
taken to foster and promote public service and legal practice “in the spirit of
public service.”
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 99
I will be brief and again mention just three:
- exposing students to opportunities and direct experience in public
service;
- providing encouragement and support for placement in public service
jobs; and
- teaching professional responsibility beyond specific courses as a
permeating guiding principle.
Law schools today offer a wide range of clinical programs, externships, and
other direct opportunities for students to obtain on-the-job public service
experience through working in government agencies and public interest
organizations.
I can tell you firsthand that the SEC has benefited greatly from these
programs as we typically have law school interns from many different law
schools working with us throughout the academic year -- last year, some
800 students from more than 130 law schools participated in the programs
we offer.
Our interns provide a real contribution to our work, becoming valuable
members of our teams – in enforcement, rulemaking and other areas of the
agency’s responsibility.
Most of our interns receive school credit, and many have come back to work
for us after graduation.
On top of providing such valuable direct experience while still in law school,
law schools have also instituted several important, and often creative,
programs to encourage and support their students’ placement in public
service jobs.
These programs range from student loan deferral or forgiveness,
fellowships and direct grants for a public service commitment after
graduation to career fairs, symposiums, placement assistance, and public
service mentorships.
More broadly, law schools have increasingly established centers focused on
ethics and professional responsibility to prepare students for the difficult
and important ethical issues they will invariably face during the course of
their careers.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 100
As typified by the Louis Stein Center for Law and Ethics at Fordham Law
School, these programs go far beyond ensuring that the curriculum has a
course or two on professional responsibility.
Rather, they teach what they call at Fordham “a life in noble lawyering.”
These programs are a critically important component of a law school
education that fosters a perspective that ethics and professional
responsibility can and must serve as a life-long guiding principle.
It is a public service perspective that reminds students that our profession
rightfully demands giving something back, which is important no matter
where law school graduates end up spending their professional careers.
The benefits of this greater public service emphasis thus extends far beyond
providing first-year jobs or a more diverse set of employment choices to law
school graduates.
The enhanced focus will return real dividends in training a new generation
of lawyers on the importance of public service in all of its forms and
fostering the critical values of a public service ethic.
All of this will have a positive impact on how graduates practice and how
the profession is perceived.
As you continue such efforts, it is important to keep in mind that a career in
public service should not be a hard sell to many of the millennials who
decide to attend law school.
There is a growing body of evidence suggesting that younger generations
are generally more civic-minded and interested in community service than
older -- by which I mean “my” and possibly your -- generations.
There is also a trend of more law school graduates working in jobs that do
not require passing the bar exam, including many in the public sector.
And some foresee a growing demand for individuals with a law school
education in the fields of health care, housing, elder care, international
commerce and digital security.
We should try to capitalize on all of these developments and opportunities
as we think about the future of legal education.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 101
Although easier said than done, surely it is possible to recalibrate our
economic models for legal education to harness the new normal for lawyers,
including, I hope, a greater emphasis on and participation in public service.
Conclusion
There is in my view, no higher calling for a lawyer than public service.
And each of you is actively engaged in perhaps the most important aspect of
public service for our profession – teaching, guiding and inspiring our
future lawyers.
You are the role models and primary drivers of how well lawyers will do in
fulfilling their public service obligation.
How well they do at that, in turn, will heavily influence what kind of society
we will have.
No pressure.
Just know how important you are and how important the decisions you
make about legal education at the crossroads will be.
Most importantly, know how much the profession admires what you do and
how grateful we are for the public service choice you have made for your
own careers.
Thank you.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 102
Cybersecurity: Enhancing Coordination to
Protect the Financial Sector
Written testimony of NPPD Deputy Under Secretary
for Cybersecurity Dr. Phyllis Schneck for a Senate
Committee on Banking, Housing, and Urban Affairs hearing
Introduction
Chairman Johnson, Ranking member Crapo, and distinguished Members
of the Committee, I am pleased to appear today to discuss the work of the
Department of Homeland Security (DHS) National Protection and
Programs Directorate (NPPD) to address persistent and emerging cyber
threats to the U.S. homeland.
On February 12, 2013, the President signed Executive Order (EO) 13636,
Improving Critical Infrastructure Cybersecurity and Presidential Policy
Directive (PPD) 21, Critical Infrastructure Security and Resilience.
These set out steps to strengthen the security and resilience of the Nation’s
critical infrastructure.
They reflect the increasing importance of integrating cybersecurity efforts
with traditional critical infrastructure protection.
The President highlighted the importance of government’s role in
encouraging innovation and economic prosperity while promoting safety,
security, business confidentiality, privacy, and civil liberties.
DHS partners closely with owners and operators to improve cybersecurity
information sharing and encourage implementation of risk-based
standards in order to meet the President’s objectives.
In my testimony today, I would like to highlight how DHS helps secure
cyber infrastructure and then discuss a few specific examples where we
prevented and responded to a variety of cybersecurity challenges.
DHS Cybersecurity Role
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 103
Based on our statutory and policy requirements, DHS undertakes three
broad areas of responsibility in cybersecurity:
(1) we coordinate the national protection, prevention, mitigation, response
and recovery in the event of significant cyber and communications
incidents;
(2) we disseminate domestic cyber threat and vulnerability analyses across
critical infrastructure sectors;
(3) we investigate cybercrime that falls under DHS’s jurisdiction.
DHS components actively involved in cybersecurity include NPPD, the
United States Secret Service, the U.S. Coast Guard, U.S. Customs and
Border Protection, Immigration and Customs Enforcement, the DHS Office
of the Chief Information Officer, the DHS Science and Technology
Directorate, and the DHS Office of Intelligence and Analysis (I&A), among
others.
In all of its activities, DHS coordinates its cybersecurity efforts with
governmental, private sector, and international partners.
The DHS National Cybersecurity & Communications Integration Center
(NCCIC) is a 24-7 cyber situational awareness and incident response and
management center that serves as a centralized location for the
coordination and integration of operational elements involved in
cybersecurity and communications reliability.
NCCIC partners include all federal departments and agencies; state, local,
tribal, and territorial governments (SLTT); the private sector; and
international entities.
The Center provides greater situational awareness of cybersecurity and
communications, and takes actions to address vulnerabilities, intrusions,
and incidents, including mitigation, information-sharing, and recovery.
The NCCIC is composed of the United States Computer Emergency
Readiness Team (US-CERT), the Industrial Control System Cyber
Emergency Response Team (ICS-CERT), the National Coordination Center
for Communications (NCC), and an Operations and Integration Team.
NCCIC operations are currently conducted from three states: Virginia,
Idaho, and Florida.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 104
During the first eleven months of 2014, the NCCIC has had 108,734
incidents reported to the center, issued over 11,514 actionable cyber-alerts,
and had over 219,805 partners subscribe to our cyber threat warning
sharing initiative.
NCCIC teams have also detected over 87,797 vulnerabilities and directly
aided in the mitigation of near 53,624 unique challenges.
Enhancing the Security of Cyber Infrastructure
The NCCIC actively collaborates with public and private sector partners
every day, including responding to and mitigating the impacts of attempted
disruptions to the Nation’s critical cyber and communications networks.
DHS also directly supports federal civilian departments and agencies in
developing capabilities that will improve their own cybersecurity postures.
Through the Continuous Diagnostics and Mitigation (CDM) program, led
by the NPPD Federal Network Resilience Branch, DHS enables Federal
agencies to more readily identify network security issues, including
unauthorized and unmanaged hardware and software; known
vulnerabilities; weak configuration settings; and potential insider attacks.
Agencies can then prioritize mitigation of these issues based upon potential
consequences or likelihood of exploitation by adversaries. The CDM
program provides diagnostic sensors, tools, and dashboards that provide
situational awareness to individual agencies and at a summary federal level.
Memoranda of Agreement between government entities and DHS to
provide the CDM program’s services encompass network security
protection for over 97 percent of all federal civilian personnel.
The National Cybersecurity Protection System (NCPS) complements these
efforts.
A key component of NCPS is referred to as EINSTEIN, an integrated
intrusion detection, analysis, information sharing, and
intrusion-prevention system.
EINSTEIN utilizes hardware, software, and other components to support
DHS’s protection of Federal civilian agency networks.
The program will expand intrusion prevention, information sharing, and
cyber analytic capabilities at Federal agencies.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 105
EINSTEIN 3 Accelerated (E3A) gives DHS an active role in defending .gov
network traffic.
At this time, E3A provides Domain Name System and/or email protection
services to thirty-three departments and agencies.
It reduces threat vectors available to actors seeking to infiltrate, control, or
harm Federal networks.
Securing the Homeland Against Persistent And Emerging Cyber
Threats
Cyber intrusions into critical infrastructure and government networks are
serious and sophisticated threats.
The complexity of emerging threat capabilities, the inextricable link
between the physical and cyber domains, and the diversity of cyber actors
present challenges to DHS and our customers.
As the private sector owns and operates over 85% of the Nation’s critical
infrastructure, information sharing and capability development
partnership becomes especially critical between the public and private
sectors.
Financial Sector Distributed Denial of Service (DDoS) Attacks
The continued stability of the U.S. financial sector is often discussed as an
area of concern, as U.S. banks are consistent targets of cyber-attacks.
There have been increasingly powerful DDoS incidents impacting leading
U.S. banking institutions in 2012 and 2013 and some high-profile media
coverage of financial sector cybersecurity issues in 2014.
US-CERT has a distinct role in responding to a DDoS: to disseminate victim
notifications to United States Federal Agencies, Critical Infrastructure
Partners, International CERTs, and US-based Internet Service Providers.
US-CERT has provided technical data and assistance, including identifying
600,000 DDoS related IP addresses and supporting contextual information
about the source of the attacks, the identity of the attacker, or other
associated details.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 106
This information helps financial institutions and their information
technology security service providers improve defensive capabilities.
In addition to sharing with relevant private sector entities, US-CERT
provided this information to over 120 international partners, many of
whom contributed to our mitigation efforts. US-CERT, along with the FBI
and other interagency partners, also deployed to affected entities on-site
technical assistance, or “boots on the ground.”
US-CERT works with federal civilian agencies to ensure that no USG
systems are vulnerable to take-over as a part of a botnet, since botnets are a
tool that cybercriminals use to deflect attribution in DDoS attacks.
During these attacks, our I&A partners bolstered long-term, consistent
threat engagements with the Department of Treasury and private sector
partners in the Financial Services Sector.
I&A analysts presented sector-specific unclassified briefings on the relevant
threat intelligence, including at the annual Financial Services Information
Sharing and Analysis Center (FS-ISAC) conference, alongside the Office of
the National Counterintelligence Executive and the U.S. Secret Service.
At the request of the Treasury and the Financial and Banking Information
Infrastructure Committee (FBIIC), I&A analysts provided classified
briefings on the malicious cyber threat actors to cleared individuals and
groups from several financial regulators, including the Federal Deposit
Insurance Corporation (FDIC), Securities and Exchange Commission
(SEC), and the Federal Reserve Board (FRB).
Additionally our Science & Technology organization coordinates priority
R&D programs in collaboration with the Financial Services Sector
Coordinating Council.
Point of Sale Compromises
On December 19, 2013, a major retailer publically announced it had
experienced unauthorized access to payment card data from the retailer’s
U.S. stores.
The information involved in this incident included customer names, credit
and debit card numbers, and the cards’ expiration dates and card
verification value security codes.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 107
The value security codes are three or four digit numbers that are usually on
the back of the card.
Separately, another retailer also reported a malware incident involving its
Point of Sale (POS) system on January 11, 2014, that resulted in the
apparent compromise of credit card and payment information.
In response to this activity, NCCIC/US-CERT analyzed the malware
identified by the Secret Service as well as other relevant technical data and
used those findings, in part, to create two information sharing products.
The first product, which is publically available and can be found on
US-CERT’s website, provides a non-technical overview of risks to POS
systems, along with recommendations for how businesses and individuals
can better protect themselves and mitigate their losses in the event an
incident has already occurred.
The second product provides more detailed technical analysis and
mitigation recommendations, and has been securely shared with industry
partners to enable their protection efforts. NCCIC’s goal is always to share
information as broadly as possible, including by producing products
tailored to specific audiences.
These efforts ensured that actionable details associated with a major cyber
incident were shared with the private sector partners who needed the
information in order to protect themselves and their customers quickly and
accurately, while also providing individuals with practical
recommendations for mitigating the risk associated with the compromise of
their personal information.
NCCIC especially benefited from close coordination with the private sector
Financial Services Information Sharing and Analysis Center during this
response.
Preparing for the Next Cyber Incident
DHS is taking a number of proactive measures to strengthen its
partnerships with the financial sector and increase shared understanding of
one another’s capabilities and cybersecurity response plans and
procedures.
These efforts include regularly exercising incident response procedures
together with interagency and private sector representatives; working
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 108
collaboratively with financial sector representatives to clarify and
streamline processes when requesting technical assistance from the
government; identifying barriers to information sharing and ways to reduce
those barriers; and implementing automated information sharing between
the financial services sector and government by expanding the use of
Structured Threat Information eXpression (STIX) and Trusted Automated
eXchange of Indicator Information (TAXII) programs, a free method for
machine-to-machine sharing of cyber threat indicators.
Also of significant note is our vision and direction moving forward to create
broad situational awareness of cyber threats and disseminate warning
information ahead of malicious attacks.
We recognize the need to change the profit model in cybercrime by making
networks more resilient and less appealing and rewarding for adversarial
attack or intrusion.
Just as the human body achieves resilience by fighting new viruses with
biological mechanisms that recognize when the body is under attack, DHS
is enabling similar mechanisms for networks using mathematical trend
analysis of cyber events.
We collect the data needed for this from the government agencies that we
protect, with full collaboration from our privacy and civil liberties experts,
and are creating a cyber “Weather Map,” to help visualize and inform
current cyber conditions.
The concept comprises the ability to view the current state of cybersecurity,
just as a traditional weather map provides a view of current weather.
Our goal is for networks and connected devices to know when to reject
incoming traffic or even refuse to execute specific computer instructions
because they are recognized as harmful due to their current behavior, even
if the exact computer “disease” has not been seen before.
This will help to create that resilience to deter many cyber threat actors.
DHS also recognizes that effective incident response requires plenty of
practice and close cooperation across government and with the private
sector.
To prepare for and ensure effective cooperation during a significant event,
DHS, in close coordination with the Department of the Treasury, private
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 109
sector representatives, financial sector regulatory bodies and other federal
government partners, has instituted an exercise program to periodically
test processes and procedures for responding to a significant cyber incident
impacting the financial sector.
The exercises help clarify roles and responsibilities, identify gaps in
response plans and capabilities, and assist with developing plans to address
those gaps.
The exercises result in valuable lessons learned and will help improve
existing processes and procedures and result in more effective cooperation
during an actual incident.
DHS Cybersecurity Authorities
We continue to seek legislation that clarifies and strengthens DHS
responsibilities and allows us to respond quickly to vulnerabilities like
Heartbleed, a vulnerability in the popular OpenSSL cryptographic software
library.
Legislative action is vital to ensuring the Department has the tools it needs
to carry out its mission.
DHS had to go “door to door” securing authorization from federal entities
to exercise our authority in responding to Heartbleed.
We urge Congress to continue efforts to modernize the Federal Information
Security Management Act to reflect the existing DHS role in agencies’
Federal network information security policies; clarify existing operational
responsibilities for DHS in cybersecurity by authorizing the NCCIC; and
provide DHS with hiring and other workforce authorities.
Conclusion
DHS will continue to work with our public and private partners to create
collaborative solutions to improve cybersecurity, particularly those that
reduce the likelihood of the highest-consequence cybersecurity incidents.
We work around the clock to ensure that the peace and security of the
American way of life will not be interrupted by degradation of systems or by
opportunist, enemy, or terrorist actors.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 110
Each incarnation of threat has some unique traits, and mitigation requires
agility and layered security.
Cybersecurity is a process of risk management in a time of constrained
resources, and we must ensure that our efforts achieve the highest level of
security as efficiently as possible.
DHS represents an integral piece of the national work in cybersecurity: we
are building a foundation of voluntary partnerships with private owners of
critical infrastructure and government partners working together to
safeguard stability.
While securing cyberspace has been identified as a core DHS mission since
the 2010 Quadrennial Homeland Security Review, the Department’s view of
cybersecurity has evolved to include a more holistic emphasis on critical
infrastructure which takes into account risks across the board.
The Department stands to be the core of integration and joint analysis, by
machines and by humans, of global cyber behavior, trends, malware
analysis and the powerful combination of data that only we can correlate
due to our unique role protecting civilian government systems with data
that often only the private sector gathers.
We are working to further enable the NCCIC to receive information at
“machine speed.”
This capability will begin to enable networks to be more self-healing, as
they use mathematics and analytics to better recognize and block threats
before they reach their targets, thus deflating the profit model of cyber
adversaries and taking botnet response from hours to seconds in some
cases.
DHS forms a crucial underpinning for ensuring the ongoing protection of
our infrastructures, services and way of life. We look forward to continuing
the conversation and continuing to serve the American goals of peace and
stability, and we rely upon your continued support.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 111
Five Things to Know: The
Administration's Priorities on
Cybersecurity
“America’s economic prosperity,
national security, and our individual
liberties depend on our commitment
to securing cyberspace and maintaining an open, interoperable, secure, and
reliable Internet. Our critical infrastructure continues to be at risk from
threats in cyberspace, and our economy is harmed by the theft of our
intellectual property. Although the threats are serious and they constantly
evolve, I believe that if we address them effectively, we can ensure that the
Internet remains an engine for economic growth and a platform for the free
exchange of ideas.” - President Obama
Five Things to Know:
1. Protecting the country's critical infrastructure — our most important
information systems — from cyber threats.
2. Improving our ability to identify and report cyber incidents so that we
can respond in a timely manner.
3. Engaging with international partners to promote internet freedom and
build support for an open, interoperable, secure, and reliable cyberspace.
4. Securing federal networks by setting clear security targets and holding
agencies accountable for meeting those targets.
5. Shaping a cyber-savvy workforce and moving beyond passwords in
partnership with the private sector.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 112
Cyberspace touches nearly every part of our daily lives.
It's the broadband networks beneath us and the wireless signals around us,
the local networks in our schools and hospitals and businesses, and the
massive grids that power our nation.
It's the classified military and intelligence networks that keep us safe, and
the World Wide Web that has made us more interconnected than at any
time in human history.
We must secure our cyberspace to ensure that we can continue to grow the
nation’s economy and protect our way of life.
The Administration is employing the following principles in its approach to
strengthen cybersecurity:
- Whole-of-government approach
- Network defense first
- Protection of privacy and civil liberties
- Public-private collaboration
- International cooperation and engagement
On February 12, 2013, President Obama signed Executive Order 13636,
“Improving Critical Infrastructure Cybersecurity.”
Protect Critical Infrastructure
The government must work collaboratively with critical infrastructure
owners and operators to protect our nation’s most sensitive infrastructure
from cybersecurity threats.
Specifically, we are working with industry to increase the sharing of
actionable threat information and warnings between the private sector and
the U.S. Government and to spread industry-led cybersecurity standards
and best practices to the most vulnerable critical infrastructure companies
and assets.
The Administration issued E.O. 13636, Improving Critical Infrastructure
Cybersecurity, in 2013
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 113
The Administration launched a follow-on Cybersecurity Framework, a
guide developed collaboratively with the private sector for private industry
to enhance their cybersecurity, in 2014
Improve Incident Reporting and Response
We must enhance our ability to detect and characterize cyber incidents,
share information about them, and respond in a timely manner.
These efforts encompass network defense, law enforcement, and
intelligence collection initiatives, so we can better understand our potential
adversaries in cyberspace.
Awareness of a cyber threat or incident - and quickly acting on that
information - are critical prerequisites to effective incident response.
As directed in E.O. 13636, the U.S. Government has developed systems and
procedures to increase the timeliness and quality of cyber threat
information shared with at-risk private sector entities.
We are placing great emphasis on unity of effort by agencies with a
domestic response mission
Engage Internationally
Because cyberspace crosses every international boundary, we must engage
with our international partners.
We will work to create incentives for, and build consensus around, an
international environment where states recognize the value of an open,
interoperable, secure, and reliable cyberspace.
We will oppose efforts to restrict internet freedoms, eliminate the
multi-stakeholder approach to internet governance, or impose political and
bureaucratic layers unable to keep up with the speed of technological
change.
An open, transparent, secure, and stable cyberspace is critical to the success
of the global economy.
We are continuing to pursue the policy objectives laid out in the U.S.
International Strategy for Cyberspace including:
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 114
- Developing international norms of behavior in cyberspace
- Promoting collaboration in cybercrime investigations (Mutual Legal
Assistance Treaty modernization)
- International cybersecurity capacity building
Secure Federal Networks
We must improve the security of all federal networks by setting clear targets
for agencies and then hold them accountable to achieve those targets.
We are also deploying improved technology to enable more rapid discovery
of and response to threats to federal data, systems, and networks.
The Cybersecurity Cross Agency Priority (CAP) Goal represents the
Administration's highest cybersecurity priorities for securing unclassified
federal networks.
Shape the Future Cyber Environment
We are also looking to the future.
We are working to develop a cyber-savvy workforce and ultimately to make
cyberspace inherently more secure.
We will prioritize research, development, and technology transition and
harness private sector innovation while ensuring our activities continue to
respect the privacy, civil liberties and rights of everyone.
The federal government is partnering with the private sector and academia
to encourage and support the innovation needed to make cyberspace
inherently more secure.
Cybersecurity Policies and Initiatives
Presidential Policy Directive 28 (PPD-28)
Executive Order (E.o.) 13636
Presidential Policy Directive 21 (PPD-21)
Presidential Policy Directive 8 (PPD-8)
Cyberspace Policy Review
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 115
FINMA publishes revised
circular on auditing
The Swiss Financial Market
Supervisory Authority FINMA
has published its partially
revised circular on auditing (FINMA-Circ. 2013/3).
Following the transfer of supervision of audit firms from FINMA to the
Federal Audit Oversight Authority (FAOA), adjustment of the legal basis
was necessary.
After the consultation in the third quarter, FINMA’s circular, “Auditing”,
has thus been partially revised.
It enters into force on 1 January 2015.
Two years ago, both authorities decided to pool supervisory competences
and to transfer the supervision of audit firms from FINMA to the FAOA.
Parliament has thus adjusted the legal basis, and the revised Financial
Market Auditing Ordinance (FMAO) will be put into effect by the Federal
Council as of 1 January 2015.
Certain provisions and principles previously prescribed in FINMA’s
circular, “Auditing” have now been set out at ordinance level.
This required partial revision of the circular and the opening of a
consultation.
Overall, consultation respondents were in favour of the proposed changes.
FINMA accepted some minor changes - for instance, keeping the term
"financial audits".
Some of the respondents brought up the subject of risk analysis and
certain activities that are not compatible with an audit mandate.
Here, however, no material changes will be made and the communicated
practice will be maintained.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 116
The revised circular enters into force on 1 January 2015.
The FINMA circular, “Audit firms and lead auditors” (FINMA-Circ.
2013/4) will be repealed at the end of 2014 and not replaced.
Following the transfer of supervisory competences from FINMA to the
FAOA, the licensing requirements prescribed in that circular will now be
governed by the Auditor Oversight Ordinance (AOO).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 117
Bank business models
Rungporn Roengpitya, Nikola Tarashev and Kostas
Tsatsaronis
We identify three business models using balance sheet
characteristics of 222 international banks and a
data-driven procedure.
We find that institutions engaging mainly in commercial banking activities
have lower costs and more stable profits than those more heavily involved
in capital market activities, mainly trading.
We also find that retail banking has gained ground post-crisis, reversing a
pre-crisis trend.
_________________________________________
Banks choose to be different from one another.
They engage strategically in different intermediation activities and select
their balance sheet structure to fit their business objectives.
In a competitive pursuit of growth opportunities, banks choose a business
model to leverage the strengths of their organisation.
This article has three objectives.
The first is to define and characterise banks' business models.
We identify a small set of key ratios that differentiate banks' business
profiles and use a broader set of variables to provide a more complete
characterisation of these profiles.
The second objective is to analyse the performance of these business
models in terms of profitability and operating costs.
The final objective is to track how banks changed their business models
before and after the recent crisis.
We identify three business models: a retail-funded commercial bank, a
wholesale-funded commercial bank and a capital markets-oriented bank.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 118
The first two models differ mainly in terms of banks' funding mix, while the
third category stands out primarily because of banks' greater engagement in
trading activities.
On average, retail-focused commercial banks exhibit the least volatile
earnings, while wholesale funded commercial banks are the most efficient.
On the other hand, trading banks struggle to consistently outperform the
other two business types.
Banks' profiles evolve over time in response to changes in the economic
environment and to new rules and regulations.
We find that transition patterns changed around the recent financial crisis.
While several banks increased their reliance on wholesale funding prior to
the crisis, in its wake more banks have adopted more traditional business
profiles geared towards commercial banking.
The rest of this article is organised in four sections. In the first section, we
lay out the methodology we employ to classify banks into distinct business
models.
In the second section, we characterise the three business models in terms of
banks' balance sheet composition, while in the third we highlight
systematic differences in the performance of banks in different business
model groups.
In the last section, we look into the transitions of banks across the three
groups.
Classifying banks: the methodology
The procedure we use to classify banks into distinct business models is
primarily driven by data but incorporates judgmental elements.
It shares many technical aspects with the procedure employed by Ayadi and
de Groen (2014), but differs in terms of the judgmental elements and the
data used.
In contrast to their analysis, which focuses exclusively on European banks,
we use annual data for 222 individual banks from 34 countries, covering
the period between 2005 and 2013.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 119
The unit of our analysis (ie a data point) is a bank in a given year (bank/year
pair).
Given that the available data do not cover the entire period for each bank,
we work with 1,299 bank/year observations.
By focusing on bank/year pairs our approach allows institutions to switch
between business models at any point in the period of analysis (an aspect
that we explore in the last section).
In this section we provide a description of the classification methodology,
leaving the more technical details for the box.
The inputs to the classification are bank characteristics.
These are balance sheet ratios, which we interpret as reflecting strategic
management choices.
We use eight ratios expressed in terms of balance sheet size and evenly split
between the asset and liability sides of the ledger.
They relate to the share of loans, traded securities, deposits and wholesale
debt, as well as the interbank activity of the firm.
We distinguish this set of variables from other variables that we use in the
third section to characterise the performance of different business models.
We view these other variables, which capture profitability, income
composition, leverage and cost efficiency, as reflecting the interaction
between banks' strategic choices and the market environment.
We thus treat them as variables that relate to outcomes as opposed to
choices.
The core of the methodology is a statistical clustering algorithm. Based on a
pre-specified set of input variables, the algorithm partitions the 1,299
bank/year observations into distinct groups.
We select inputs from the set of choice variables.
The idea is that banks with similar business model strategies have made
similar choices regarding the composition of their assets and liabilities.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 120
We make no a priori decisions as to which choice variables are more
important in defining business models or as to the general profile of these
models.
In that sense, the methodology is data-driven.
We rely on the repeated use of the clustering algorithm and a
goodness-of-fit metric (the F-index, which is described in the box) to guide
the selection of the most appropriate partitioning of the observations
universe into a small number of distinct business model groups.
Using statistical clustering to identify business models
This box more precisely defines the variables used as inputs and discusses
the more technical aspects of the statistical classification (clustering)
procedure.
The eight input variables from which we selected the key characteristics of
the business models are evenly split between the asset and liability sides of
the balance sheet.
All ratios are expressed as a share of total assets net of derivatives positions.
The reason for this is to avoid distortions of the metrics related by
differences in the applicable accounting standards in different jurisdictions.
The asset side ratios relate to:
(i) total loans;
(ii) securities (measured as the sum of trading assets and liabilities net of
derivatives);
(iii) the size of the trading book (measured as the sum of trading securities
and fair value through income book); and
(iv) interbank lending (measured as the sum of loans and advances to
banks, reverse repos and cash collateral).
The liability side ratios relate to:
(i) customer deposits;
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 121
(ii) wholesale debt (measured as the sum of other deposits, short-term
borrowing and long-term funding);
(iii) stable funding (measured as the sum of total customer deposits and
long-term funding); and
(iv) interbank borrowing (measured as deposits from banks plus repos and
cash collateral).
We employ the statistical classification algorithm proposed by Ward (1963).
The algorithm is a hierarchical classification method that can be applied to
a universe of individual observations (in our case, these are the bank/year
pairs).
Each observation is described by a set of scores (in our case, the balance
sheet ratios).
This is an agglomerative algorithm, which starts from individual
observations and successively builds up groups (clusters) by joining
observations that are closest to each other.
It proceeds by forming progressively larger groups (ie partitioning the
universe of observations more coarsely), maximising the similarities of any
two observations within each group and maximising the differences across
groups.
The algorithm measures the distance between two observations by the sum
of squared differences of their scores.
One could present the results of the hierarchical classification in the form of
the roots of a tree.
The single observations would be automatically the most homogeneous
groups at the bottom of the hierarchy. The algorithm first groups individual
observations on the basis of the closeness of their scores.
These small groups are successively merged with each other, forming fewer
and larger groups at higher levels of the hierarchy, with the universe being a
single group at the very top.
Which partition (ie step in the hierarchy) represents a good compromise
between the homogeneity within each group and the number of groups?
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 122
There are no hard rules for determining this.
We use the pseudo F-index proposed by Calinśki and Harabasz (1974) to
help us decide.
The index balances parsimony (ie a small number of groups) with the
ability to discriminate (ie the groups have sufficiently distinct
characteristics from each other).
It increases when observations are more alike within a group (ie their
scores are closer together) but more distinct across groups, and decreases
as the number of groups gets larger.
The closeness of observations is measured by the ratio of the average
distance between bank/years that belong to different groups to the
corresponding average of observations that belong to the same group.
The number of groups is penalised based on the ratio of the total number of
observations to that of groups in the particular partition.
The criterion is similar in spirit to the Akaike and Schwarz information
criteria that are often used to select the appropriate number of lags in time
series regressions.
The clustering algorithm is run for all combinations of at least three choice
variables from the set of eight.
If we had considered all their combinations, there would have been 325
runs.
We reduce this number by ignoring subsets that include two choice
variables that are highly correlated because the simultaneous presence of
these variables provides little additional information.
We impose a threshold for the correlation coefficient of 60% (in absolute
value), which means that we do not examine sets of input variables that
include simultaneously the securities and trading book variables, or the
wholesale debt and stable funding variables.
___________________________________________
At various stages, our approach incorporates judgmental elements in order
to help narrow down the search for a robust, intuitive and parsimonious
classification of banks into distinct business models.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 123
The general strategy is as follows.
We run the clustering algorithm for each subset of at least three choice
variables, ignoring all subsets that include simultaneously pairs of variables
that are very highly correlated with each other, hence providing little
independent information.
The clustering algorithm produces a hierarchy of partitions ranging from
the very coarse (ie few groups) to the very fine (ie many small groups).
We select the partition in this hierarchy with the highest F-index.
This becomes the candidate partition for this run (ie this subset of choice
variables).
We use judgmental criteria to eliminate candidates that do not represent
clear and easily interpretable groups (ie distinct bank business models).
One such criterion is to eliminate candidates that produce fewer than three
or more than five groups as fewer than three do not allow for a meaningful
differentiation of banks and more than five are difficult to interpret.
The other criterion is to focus only on partitions that are "clear winners"
among all other partitions based on the same set of choice variables.
To this effect we require that the top scoring partition has an associated
F-index score at least 15% higher than that of the partition with the second
highest score within the same hierarchy (ie the same set of input variables).
We dropped candidates that failed this test.
This elimination procedure leaves us with five partitions (ie five different
sets of groups) based on five different subsets of the choice variables.
To these five groups we apply a final judgmental criterion that seeks to
capture the stability of outcomes over time.
For each of the five combinations of choice variables we create two
partitions of the banks in the universe.
We first partition banks using only data up to 2012, and then using all
available data.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 124
We then calculate the share of observations that are classified in the same
group in both partitions over the overlapping period.
We select the partition with the highest overlap ratio, which is 85%.
This partition classifies the 1,299 bank/year observations into three groups,
which we refer to as bank business models.
We next characterise these models in terms of the whole set of eight choice
variables.
Three distinct business models: the characteristics that matter
The classification process identifies three distinct business models and
selects three ratios as the key differentiating choice variables: the share of
loans, the share of non-deposit debt and the share of interbank liabilities to
total assets (net of derivatives exposures).
This partition satisfies our criteria of robustness, parsimony and stability.
The share of gross loans is the only variable relating to the composition of
the banks' assets.
The other two ratios differentiate banks in terms of their funding structure.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 125
Table 1 characterises the three business model profiles in terms of all eight
choice variables (rows).
The cells report the average ratio for all banks that were classified in the
corresponding business model (columns).
For comparison, the last column provides the average value of the
corresponding ratio for the universe of observations.
The first business model group we label commercial "retail-funded", and it
is characterised by a high share of loans on the balance sheet and high
reliance on stable funding sources including deposits.
In fact, customer deposits are about two thirds of the overall liabilities of
the average bank in this group.
This is the largest group in our universe with 737 bank/year observations
over the entire period.
The second business model group we label commercial "wholesale-funded".
The average bank in this group has an asset profile that is remarkably
similar to the profile of the retail funded banks in the first group.
The main differences between the two relate to the funding mix.
Wholesale-funded banks have a higher share of interbank liabilities (13.8%
versus 7.8%) and a much higher share of wholesale debt (36.7% versus
10.8%), with the balance being a lower reliance on customer deposits
(35.6% versus 66.7%).
There are half as many observations in the wholesale-funded group
compared to the retail-funded group.
The third group is more capital markets-oriented.
Banks in this category hold half of their assets in the form of tradable
securities and are predominately funded in wholesale markets.
In fact, the average bank in this group is most active in the interbank
market, with related assets and liabilities accounting for about one fifth of
the balance sheet.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 126
We label this business model "trading bank".
It is the smallest group in terms of observations (203 bank/years) in our
sample.
By comparison, Ayadi and de Groen (2014) classify European banks into
four business models, which they label as investment banks, wholesale
banks, diversified retail and focused retail.
Drawing rough parallels with the classification in this paper, which involves
a more global universe of banks, their investment bank model corresponds
to our trading model, the two wholesale models correspond to each other,
and the diversified and focused retail models together correspond to our
retail-funded model.
That said, an exact comparison would require comparing individual banks
in the two universes.
We find that the popularity of business models differs with banks'
nationality (Table 2).
Looking only at the last year of our data (2013), the North American banks
in our universe had either a retail-funded or trading profile; none belonged
to the wholesale-funded group.
At the same time, one third of the European banks had a wholesale-funded
model.
In turn, banks domiciled in emerging market economies (EMEs) clearly
preferred the retail-funded model (90%).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 127
We also look at the distribution of global systemically important banks
(G-SIBs) across business models (Table 2).
Our data for 2013 cover 28 firms that were part of the banking
organisations designated as G-SIBs by international policymakers
(Financial Stability Board (2014)).
The list - which includes institutions from both advanced and emerging
market economies - was roughly equally split between the retail-funded and
trading models.
Business models and bank performance
Are there systematic differences in the performance of banks with different
business models?
The question is pertinent for understanding the impact of banks' choices on
shareholder value but also on financial stability, which depends on
sustainable performance by financial intermediaries.
In this section we examine the performance of banks in the different
business model categories both in a cross section and over time.
In analysing the performance of different bank models, we use what we
label "outcome" variables.
In contrast to the choice variables that we used to define the business
models, we interpret outcome variables as the result of the interaction
between the strategic choices made by the bank in terms of business area
focus and the market environment.
Examples of such variables are indicators of profitability, (for example,
banks' return-on-equity (RoE)), the composition of bank earnings (for
instance, the share of interest income in total income) and indicators of
efficiency (for example, the cost-to-income ratio).
Profitability and efficiency have varied markedly across models as well as
over time (Graph 1).
The outbreak of the recent crisis marked a steep drop in advanced economy
banks' RoE across all business models (Graph 1, left-hand panel).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 128
But while RoE stabilised for retail banks after 2009, it remained volatile for
trading and wholesale-funded banks. In fact, trading banks as a group show
the highest volatility of RoE across the three groups, swinging repeatedly
between the top and bottom of the relative ranking.
The story is qualitatively similar in terms of return-on-assets (RoA, not
reported here), an alternative metric of profitability that is insensitive to
leverage (see also Table 3).
All three business models show relatively stable costs in relation to income
(Graph 1, centre panel). A spike in the cost-to-income ratio around 2008 is
readily explained by the drop in earnings in the midst of the crisis.
Compared to the other two business models, trading banks had a
persistently high cost base throughout the period of analysis, despite their
more mixed record in terms of profitability.
Interestingly, high costs relative to income have persisted post-crisis
despite the decline in these banks' profitability.
A possible explanation can be found in staff remuneration rates, although
this would be difficult to decipher from our data.
Post-crisis markets appear rather sceptical about the prospects of all three
business models, judging from the price-to-book ratio of banks in advanced
economies (Graph 1, right-hand panel).
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 129
This ratio relates the banks' stock market capitalisation to the equity they
report in their financial accounts.
A value higher than unity suggests that the equity market has a more
positive view on the franchise value of the bank than what is recorded on
the basis of accounting rules.
A value below unity suggests the opposite.
The ratio declined dramatically around the crisis for banks in all three
business models.
In fact, it has been persistently below unity since 2009 for most advanced
economy banks, reflecting market scepticism about their prospects.
Banks domiciled in EMEs (dashed lines in Graph 1) remained largely
unscathed by the 2007-09 crisis.
These lenders are almost exclusively classified in the retail-funded model.
But even compared to their advanced economy peers with a similar
business model, they achieved a more stable performance.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 130
And while a more favourable macroeconomic environment has certainly
contributed to their higher profitability in recent years, the overall stability
of their performance is underpinned by greater cost efficiency, ie a lower
cost-to-income ratio.
In line with these results, market valuations are quite generous for EME
banks with price-to-book ratios persistently higher than unity, although
they are on a declining trend.
Table 3 compares the three business models in terms of a number of other
outcome variables across the entire sample period.
Besides RoA and RoE, which confirm the ranking from Graph 1, we also
calculate risk-adjusted versions of these profitability statistics, which
subtract from the earnings variable (the numerator of the ratio) the cost of
capital that is necessary to cover for the risk inherent to the activity of the
bank.
The approach follows closely the rationale of standard industry approaches
to calculate the risk-adjusted return on capital (or RAROC).
More specifically, we subtract from the bank's gross earnings the associated
operational expenses and losses (including credit losses and provisions) as
well as the cost of capital set aside to cover possible future losses.
This last component is the product of the quantity of capital held by the
bank (proxied by the regulatory capital requirement linked to risk-weighted
assets) multiplied by the cost of equity capital (estimated by a standard
capital asset pricing model).
Regardless of the profitability metric, the retail-funded model is the top
performer.
This is true in almost every year in our sample (not reported here).
Trading banks come in second place, with the exception of the risk-adjusted
RoE, which penalises the volatility of their earnings base. Trading banks
differ very significantly from their commercial bank peers in terms of the
source of revenue.
They collect about 44% of their total profit through fees, a share that is
almost double that of the average other bank.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 131
Wholesale-funded banks have the thinnest capital buffers among the three
business models, while they also have the lowest cost of equity.
Somewhat surprisingly, trading banks do not seem to be too different from
retail-funded banks in terms of these yardsticks.
However, they do stand out in terms of total asset size.
The average trading bank is more than twice as large as the average
commercial bank, even those that are primarily funded in the wholesale
markets.
Shifting popularity of bank business models
The crisis-driven reshaping of the banking sector has affected its
concentration and business model mix.
A number of institutions failed or were absorbed by others, thus increasing
the concentration in the sector despite tighter regulatory constraints on
banks with a large systemic footprint.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 132
And many of the surviving banks adjusted their strategies in line with the
business models' relative performance.
Table 4 presents a summary of banks' shifts across different business
models before and after the crisis.
Each cell reports the number of banks that started the period in the model
identified by the row heading and finished it in the model named in the
column heading.
The large numbers along the diagonal indicate that there is considerable
persistence in the classification of banks, as the majority of institutions
remain in the same business model group over time.
In recent years, most of the transitions have been between the retail- and
wholesale-funded models of commercial banks.
The group of trading-oriented banks is fairly constant throughout the
period.
The direction of change in bank business models, however, is very different
post-crisis from that prevailing prior to 2007.
During the boom period, market forces favoured wholesale funding, as
bankers tapped debt and interbank market sources of finance.
About one in six retail banks in our 2005 universe increased their capital
market funding share to the point that they could be reclassified as
wholesale-funded by 2007 (first row of Table 4).
The opposite trend characterises the post-crisis period.
About two fifths of the banks that entered the crisis in 2007 as
wholesale-funded or trading banks (ie 19 out of 50 institutions) ended up
with a retail-funded business model in 2013.
Meanwhile, only one bank switched from retail-funded to another business
model post-crisis, confirming the relative appeal of stable income and
funding sources.
While we observe transformations of banks in ways that result in their
reclassification under a different business model, we cannot pinpoint the
underlying economic drivers.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 133
We can, however, look at performance statistics to examine whether bank
shifts correlate with a turnaround of the firm.
We find that a change in bank business model actually hurts profitability,
but improves efficiency relative to the firm's peer group.
To do this, we select all the banks in our sample that switched models and
for which we have data for at least two years before and two years after the
switch.
We focus on two performance ratios: RoE and cost-to-income.
We benchmark the performance of the bank against a comparator group
that comprises all banks that belonged to the same business model as the
switching bank prior to the switch and remained in that model.
We determine that the switching bank outperformed its old peers if the
difference between its average post-switch and average pre-switch RoE is
greater than the difference between the corresponding averages in the
comparator group.
On the basis of this criterion, we find that only a third of the banks that
switched their business model outperformed their old peers in terms of
profitability.
The remaining two thirds underperformed.
However, applying the same criterion to the cost-to-income ratio reveals
that, among the banks that switched business model, two thirds registered
post-switch efficiency gains relative to their peers.
Conclusions
We identified bank business models that have had different experiences
over the past decade.
Given the consistently stable performance of retail-funded banks engaging
in traditional activities, it comes as little surprise that their model has
recently gained in popularity.
More surprising is the stability of the group of trading banks, which
exhibited sub-par return-on-equity over most of the sample, both in
absolute and risk-adjusted terms.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 134
While further analysis is needed to uncover the clear benefits to these
banks' shareholders, high cost-to-income ratios suggest outsize benefits to
their managers.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 135
Monetary Policy Report,
December 2014
Summary
Deterioration of external conditions in September – early December 2014
presented a new challenge for the monetary policy.
Decline in oil price continued against the backdrop of its excess demand in
the world market and US dollar appreciation.
Under the existing financial sanctions imposed on Russian companies the
domestic foreign exchange market demonstrated growing demand for
foreign currency.
This brought about a considerable depreciation of the ruble against major
world currencies, the ruble’s volatility grew, depreciation and inflation
expectations increased, and there was a significant rise in inflation risks
and risks to financial stability.
To stabilise foreign exchange market, the Bank of Russia adopted a set of
measures: it introduced refinancing facilities in foreign currency, employed
a conservative approach to manage banking sector liquidity, and, among
other things, set limits on ruble liquidity provision through FX swaps.
Besides, in November 2014, the Bank of Russia abolished its exchange rate
mechanism implying the conduct of regular interventions in line with
established rules, which, in fact, signified the transition to a floating
exchange rate regime.
In doing this, the Bank of Russia reserved the right to conduct interventions
in case of the emergence of any threats to financial stability.
In early December 2014, due to the ruble’s significant deviation from the
fundamental level and the excessing increase in its volatility posing a threat
to financial stability, the Bank of Russia intervened in the FX market on
several occasions.
Ruble depreciation observed in August-November 2014 led to a further
acceleration in consumer price growth.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 136
Restrictions on the import of certain food products imposed in August 2014
spurred inflation as well.
These factors caused consumer prices to increase year-on-year from 8.0%
in September to 9.1% in November.
In early December, the upward trend of the said factors remained.
According to Bank of Russia estimates, inflation will be about 10% at end2014, and the contribution of the accumulated ruble depreciation from
end-2013 to the annual consumer price growth might reach 2.6 percentage
points.
In October 2014, in order to limit the exchange rate pass-through, the Bank
of Russia decided to raise the key rate in October and December 2014 by the
total of 250 bp to 10.50% p.a.
The Bank of Russia stands ready to continue tightening the monetary policy
in case of the further aggravation of inflation risks.
Unfavourable external factors hampered the growth of the Russian
economy.
In view of existing economic uncertainty, restricted access to international
capital markets, escalating prices of imported investment goods and
tightening lending conditions, fixed capital investment also declined.
At the same time, exchange rate dynamics raised the competitiveness of
Russian products both in the external and domestic markets, and set the
ground for the import substitution.
Notwithstanding the drop in the growth rates of households’ real income
and retail lending, consumer activity demonstrated a slight increase.
This was driven by an enhanced demand for certain groups of consumer
goods, primarily durable ones, amid increased inflation expectations.
Labour force shortage persisted, whereas unemployment remained low due
to unfavourable demographic factors.
The Bank of Russia revised the medium-term macroeconomic forecast.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 137
The average annual oil price is expected to remain at $80 per barrel till
end-2017.
The access to foreign capital markets will be restricted for Russian
companies in the forthcoming three years.
In view of the above, there will be further reductions in the fixed capital
investment in 2015-2016.
Consumer activity will remain weak against the backdrop of declining
growth in real disposable income and consumer lending.
At the same time, exchange rate dynamics will counterbalance reduction in
export revenue, and weak domestic demand will bring down import growth
rates.
As a result, net export contribution to the economic growth will be positive.
In line with Bank of Russia forecasts, the annual economic growth will
remain close to zero in 2015-2016.
In 2017, as financing sources will diversify, import substitution will develop
and the competitiveness of Russian exports will improve, the annual
economic growth rates are expected to reach 1.0-1.2%.
The Bank of Russia forecasts the start of consumer inflation slowdown in
the second half of 2015.
Before that, inflation will stay at enhanced level.
Its decline will be facilitated by an exhausted impact of the
August-November ruble depreciation on prices, subdued aggregate
demand, drop in inflation expectations, and Bank of Russia measures
adopted in 2014.
According to Bank of Russia forecasts, inflation will decrease to the level
close to the target in 2017.
At the same time, there exist risks of more significant fall in oil prices.
Should oil prices remain at $60 per barrel till end-2017, GDP growth will
reduce to -4.5-(-4.7)% in 2015 and -0.9-(-1.1)% in 2016.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 138
Further ahead, as the economy will adapt to changes in external conditions,
partly facilitated by exchange rate dynamics, the economic growth rates are
expected to increase to 5.6-5.8% in 2017.
In 2015, inflation will be higher than the baseline scenario.
In future, inflation is expected to be under a considerable downward
pressure from the weak domestic demand.
As inflation and inflation expectations decrease, the transition to more
loose monetary policy will beсome possible.
According to Bank of Russia forecasts, consumer price growth will
decelerate to the level close to the target in 2017.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 139
Financial Stability Report,
December 2014
Opening Remarks by the
Governor
Over the past 18 months, the FPC has been working systematically to
address the most important risks to UK financial stability.
These risks have principally been domestic.
In 2013 we reinforced the capital position of major banks, encouraging
them to raise £27bn of new capital.
Alongside this, the FPC has developed the capital framework for UK banks.
This year we have taken action to mitigate the biggest domestic risks, those
related to housing.
First, in June, we took steps to insure against a significant increase in the
number of highly indebted households.
This insurance remains relevant despite the recent moderation in housing
market activity.
Momentum may return following, for example, recent falls in mortgage
rates and changes to stamp duty.
Second, we conducted a major stress test to assess the resilience of banks to
a severe housing shock.
The stress test completes our capital framework by informing judgments
about the appropriate size of capital buffers for individual firms and for the
system as a whole.
It is a major component of both our macro- and microprudential regimes.
As a joint exercise of PRA and FPC, it demonstrates the considerable
synergies possible across One Bank.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 140
We are publishing the stress test results today, and I will say more about
them in a moment.
Global Risks
But first, let me note that, while we are making progress on domestic risks
to financial stability, the FPC has remained vigilant to new risks, the most
important of which are now international.
The international economic outlook has weakened and global risks have
increased since June.
Financial stability in the UK could be affected if concerns about persistently
low nominal growth cause a sudden reappraisal of vulnerabilities in highly
indebted countries; or if a shift in global risk appetite triggers sharp
adjustments in financial markets, undermining business and household
confidence.
These adjustments will be more disruptive to the extent that investors’
pricing of liquidity risk does not fully reflect structural changes in market
liquidity.
The recent sharp fall in the oil price should support global and UK growth.
It is a positive development, but it is also one that entails some risks to
financial stability.
Geopolitical risks could intensify.
Inflation expectations could be further depressed in economies, such as the
euro area,
where core inflation is already weak, slowing nominal income growth and
increasing the burdens of debts.
The ability of some shale oil producers, who have been significant
high-yield bond issuers in recent years, to service their debts will be
reduced.
This could affect market sentiment more broadly.
To varying degrees, contagion from any of these risks could threaten
financial stability in the UK.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 141
Stress Test
Let me turn to the stress test concluded today.
The test builds on the recently-completed European test, which
incorporated weaker global growth and a snap back of global interest rates.
To this base, we have added a severe shock in the UK economy and housing
market.
In the Bank stress scenario, balance of payments pressures induce sharp
interest rate increases, a deep recession, rising unemployment and a 35%
fall in house prices. For banks, mortgage and corporate loan impairments
rise sharply.
Funding costs rise.
Over three years, bank profits are reduced by £90bn.
This is a demanding test. It is certainly not a forecast. Nor is it a simple
re-run of the recent financial crisis.
Rather it is a coherent, tail-risk scenario, most similar to the early 1990s
recession.
The test results demonstrate that the core of the banking system has
become significantly more resilient since the FPC’s 2013 capital exercise.
Most importantly, the results suggest that the banking system is strong
enough to continue to serve households and businesses during a severe
shock.
To be clear, the firms were not allowed to respond to the stress by cutting
the supply of lending.
Given this performance, the FPC judges that no system-wide
macroprudential actions are required.
In light of the stress, the PRA Board judged that the capitalisation of three
firms had to be strengthened relative to their position at end 2013.
Lloyds Banking Group has delivered positive financial results, as well as
strengthened and de-risked its balance sheet. As a consequence, no change
to its current plan was required.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 142
Royal Bank of Scotland Group has also made steady progress in building
the strength of its balance sheet and submitted a revised capital plan.
This includes substantial issuance of AT1 capital over the course of the next
year.
The PRA Board has accepted the latest capital plan.
And over the past year, Cooperative Bank (Co-op) has strengthened its
capital position, built resilience and achieved its capital targets.
The bank has been stabilised and now has a CET1 ratio of 11.5%.
It has always been clear that Co-op would have to do further work to build
buffers against stress.
This is not news.
Now with the stress test, we have a better perspective of what is required
over the medium term, and on that basis the PRA Board required a revised
plan to be submitted.
That plan has been accepted.
Co-op’s plan is to reduce its balance sheet and risk profile in order to reduce
its future capital requirements. If executed, the plan will deliver a level of
resilience commensurate with a bank of its future size and business model.
The PRA Board will monitor progress closely and hold Co-op to deliver this
plan.
Turning from individual firms back to the aggregate level, the test reveals
several features of the system that would be important determinants of its
response to stress.
First, the only management actions allowed during the stress were those
taken to reduce personnel costs and dividends.
And the latter were only allowed when there were clear published dividend
policies with quantified pay-out ranges.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 143
Second, the results underscore that it is important for investors to realise
that, as AT1 instruments could be triggered or coupons withheld in adverse
scenarios, they should be priced accordingly.
Third, the test revealed issues with the procyclicality in some banks’ capital
models and differences across firms in risk weights through the financial
cycle.
The Bank will undertake further work to explore this issue in more depth.
This underscores the benefit of judging capital adequacy against a leverage
requirement in addition to risk-based ratios, as will be the case in future
years.
Conclusion
Since the crisis, authorities have been working diligently to make the
financial system safer, fairer and simpler.
This year, we reached two crucial milestones in developing a more robust
prudential framework: agreement on total loss absorbing capacity
internationally and the publication of a proposed leverage ratio
domestically.
With these and other agreements, the design of the overall regulatory
framework is now set out.
To realise its full potential it must be implemented.
This is proceeding well.
UK banks have increased capital significantly over the last year and are
transitioning towards greater resilience ahead of the regulatory timetable.
The stress tests and associated capital plans suggest that growing
confidence in the resilience of the system is merited.
However, recent misconduct and operational failings have highlighted that
rebuilding confidence in the banking system requires more than financial
resilience.
In addition, changes to bank business models are expected to challenge
management capacity over the next few years.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 144
In this environment, strong, effective and well-informed governance and
management of banks will be essential.
The FPC will remain vigilant in an environment of evolving domestic and
global risks.
International risks are expected to figure prominently in next year’s stress
test.
We will continue to work closely with the PRA and the MPC to harness the
synergies from having monetary, macroprudential policy and
microprudential supervision together in a single institution.
In that way, we will promote strong, sustainable and balanced growth and
the good of the people of the United Kingdom.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 145
Disclaimer
The Association tries to enhance public access to information about risk and
compliance management.
Our goal is to keep this information timely and accurate. If errors are brought to
our attention, we will try to correct them.
This information:
is of a general nature only and is not intended to address the specific
circumstances of any particular individual or entity;
should not be relied on in the particular context of enforcement or similar
regulatory action;
-
is not necessarily comprehensive, complete, or up to date;
is sometimes linked to external sites over which the Association has no
control and for which the Association assumes no responsibility;
is not professional or legal advice (if you need specific advice, you should
always consult a suitably qualified professional);
-
is in no way constitutive of an interpretative document;
does not prejudge the position that the relevant authorities might decide to
take on the same matters if developments, including Court rulings, were to lead it
to revise some of the views expressed here;
does not prejudge the interpretation that the Courts might place on the
matters at issue.
Please note that it cannot be guaranteed that these information and documents
exactly reproduce officially adopted texts.
It is our goal to minimize disruption caused by technical errors.
However some data or information may have been created or structured in files or
formats that are not error-free and we cannot guarantee that our service will not
be interrupted or otherwise affected by such problems.
The Association accepts no responsibility with regard to such problems incurred
as a result of using this site or any linked external sites.
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 146
The International Association of Risk and Compliance
Professionals (IARCP)
You can explore what we offer to our members:
1. Membership – Become a standard, premium or lifetime member.
You may visit:
www.risk-compliance-association.com/How_to_become_member.htm
If you plan to continue to work as a risk and compliance management
expert, officer or director throughout the rest of your career, it makes
perfect sense to become a Life Member of the Association, and to continue
your journey without interruption and without renewal worries.
You will get a lifetime of benefits as well.
You can check the benefits at:
www.risk-compliance-association.com/Lifetime_Membership.htm
2. Weekly Updates - Subscribe to receive every Monday the Top 10 risk
and compliance management related news stories and world events that
(for better or for worse) shaped the week's agenda, and what is next:
http://forms.aweber.com/form/02/1254213302.htm
3. Training and Certification - Become
a Certified Risk and Compliance
Management Professional (CRCMP) or a
Certified Information Systems Risk and
Compliance Professional (CISRSP).
The Certified Risk and Compliance
Management Professional (CRCMP)
training and certification program has
become one of the most recognized
programs in risk management and compliance.
There are CRCMPs in 32 countries around the world.
Companies and organizations like IBM, Accenture, American Express,
USAA etc. consider the CRCMP a preferred certificate.
You can find more about the demand for CRCMPs at:
www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
P a g e | 147
You can find more information about the CRCMP program at:
www.risk-compliance-association.com/CRCMP_1.pdf
(It is better to save it and open it as an Adobe Acrobat document).
For the distance learning programs you may visit:
www.risk-compliance-association.com/Distance_Learning_and_Certificat
ion.htm
For instructor-led training, you may contact us. We can tailor all programs
to specific needs. We tailor presentations, awareness and training programs
for supervisors, boards of directors, service providers and consultants.
4. IARCP Authorized Certified Trainer
(IARCP-ACT) Program - Become a Certified Risk
and Compliance Management Professional Trainer
(CRCMPT) or Certified Information Systems Risk
and Compliance Professional Trainer (CISRCPT).
This is an additional advantage on your resume,
serving as a third-party endorsement to your knowledge and experience.
Certificates are important when being considered for a promotion or other
career opportunities. You give the necessary assurance that you have the
knowledge and skills to accept more responsibility.
To learn more you may visit:
www.risk-compliance-association.com/IARCP_ACT.html
5. Approved Training and Certification Centers
(IARCP-ATCCs) - In response to the increasing
demand for CRCMP training, the International
Association of Risk and Compliance Professionals is
developing a world-wide network of Approved Training
and Certification Centers (IARCP-ATCCs).
This will give the opportunity to risk and compliance managers, officers and
consultants to have access to instructor-led CRCMP and CISRCP training at
convenient locations that meet international standards.
ATCCs use IARCP approved course materials and have access to IARCP
Authorized Certified Trainers (IARCP-ACTs).
To learn more:
www.risk-compliance-association.com/Approved_Centers.html
_____________________________________________________________
International Association of Risk and Compliance Professionals (IARCP)
Fly UP