Dear CEO: The PRA warns that risk management dies in silos

Pete McIntyre, the liquidity expert

Written by Nick Nicholls

March 18, 2024

A good portion of the art of banking is resilience. This is the focus of the Dear CEO letter from the Prudential Regulation Authority (PRA) to PRA-regulated international banks active in the UK. So that’s the foundation. But the keyword in the PRA letter is sudden – abrupt, unforeseen, or unusual. 

This CEO letter from the PRA was for international banks and financial institutions based in the UK, but it should apply to all institutions as sound practices.

The letter says: “The events of 2023 show that firms can experience a sudden loss of customer, counterparty or market confidence, with damaging implications that can require regulatory intervention. Firms … need to ensure they operate with an appropriate risk culture to promote safety and soundness.”

What the PRA means is that financial stress doesn’t wait for business hours. Firms around the world are grappling with market volatility, and the increasing speed and volume of data. Plus, there’s the need for compliance balanced with competitive advantage. Whilst the letter doesn’t say as much, it has to be inferred that if you want to be resilient in today’s markets – to manage liquidity, mitigate risk and make your money work harder – you need easy-to-access, real-time data at your fingertips. 

The 2024 priorities set out in the PRA’s letter are:

  • Risk management and controls
  • Financial resilience
  • Operational resilience
  • Data risk

    Read the letter in conjunction with the firm-specific input that was obtained following the most recent Periodic Summary Meetings between the firms and the PRA.

The incentives are high

The main incentive for CEOs to act on the PRA’s recommendations is to safeguard their firms against sudden losses and insure against regulatory intervention.

The economic environment remains challenging and the PRA will want assurance that firms’ internal credit risk assessments appropriately reflect the risk profile of their asset holdings and will assess their current and forward-looking validation plans and approaches.

Economic crises, like the September 2022 Liability-Driven Investment shock, have required the PRA to collect rapid information on company holdings and exposures. The PRA now intends to create liquidity reporting guidelines to aid in the prompt and consistent assessment of liquidity risk exposures.

In 2024, the PRA will carry out an exploratory system-wide exercise (SWES), presenting its results by year’s end. The body will also interact with the industry to get ready for the life and general insurance stress tests in 2025.

Risk management, like knowledge, dies in silos

Recent thematic reviews revealed that firms often treat risk management in silos. The PRA’s concerns are that this approach leads (and had led) to critical vulnerabilities because silos will:

  • Restrict information sharing, hindering a comprehensive understanding of risks.
  • Fragment decision-making leads to conflicting strategies and missed opportunities.
  • Create ineffective risk management, which occurs due to a lack of a holistic view.
  • Limit innovation and adaptability result from stifled collaboration.
  • Increase Operational costs increase due to duplication and inefficiencies.

We have also seen how siloed banks are more vulnerable to disruption as they struggle to adapt to market changes and competition. Integrated risk management is not merely a regulatory expectation but a strategic imperative.

How, then, can firms break down these silos? It begins with the recognition that risks are interconnected and that a holistic view leads to intelligent decision-making. Transitioning to effective strategies for cross-business risk management makes business sense.

5 strategies for cross-business risk management

1. Encourage open lines of communication and regular collaboration sessions across teams and departments. This can help identify and address intersecting risks early on.

2. Invest in smart technology that facilitates the aggregation and analysis of risk data across the firm. This enables a comprehensive view, aiding in the identification of correlations and potential systemic risks.

3. Engage in Regular Scenario Planning and Stress Testing. Broaden the scope of scenario analyses and stress tests to encompass various business lines and explore their interconnections. The PRA advises firms to be “forward-thinking and imaginative in the scenarios they consider,” including those depicting “extreme tail events.”

4. Strengthen Governance and Accountability Frameworks: Establish clear governance structures that hold Boards and Senior Executives accountable for ensuring an integrated approach to risk management.

5. Enhance Operational Resilience: In line with the PRA’s supervisory focus, firms should aim for operational resilience that contemplates not just individual business services but the institution as a whole. This includes preparing for changes like the replacement of RTGS Core Ledger in June 2024.

Real-time data and analysis are no longer ‘nice to have’

The PRA’s letter shows the need for a commitment to better regulatory response, real-time analysis, decisive action, and continuous improvement in risk management practices. A reminder that real-time data and analysis are no longer ‘nice to have.’

If you want to mitigate risk and make your money work harder, you need easy-to-access, real-time data at your fingertips. It is essential for compliance and the cornerstone of successful strategic growth.

The Realiti suite addresses several regulators’ recommendations. It is the only liquidity intelligence solution to deliver real-time, enterprise-wide 360° visibility of a firm’s liquidity landscape, control over treasury activities and value-creating insights. All in one place.

Our client from Scotiabank says, “Realiti is the only proven provider in this banking liquidity space. Additionally, the architecture of the solution made implementation remarkably nimble. A progression from deal signing to global go-live deployment was seen in just a few short months. Realiti aggressively fends off regulators and also drives a strong business value contribution–further enhancing the value for Scotiabank,”

The outcomes for Planixs clients speak volumes – millions in savings on intraday liquidity buffer costs, ensuring compliance with evolving regulatory agendas, and supporting efficient and effective funding operations.

Realiti’s staged rollout plan ensures that high-priority items, such as regulatory compliance, can be addressed first. This approach allows treasuries to experience immediate benefits while providing the flexibility to customise and expand functionality in subsequent stages.

Here’s a warm invitation to talk to us and join the ranks of intelligent banks that have discovered the power of Realiti.

7 questions you should be asking

The purpose of this checklist is to help firms meet the expectations outlined by the PRA, and safeguard against sudden losses and regulatory intervention.

1. Risk Management and Governance. Are our current governance structures and risk management frameworks sufficient to proactively identify, assess, and mitigate emerging risks? [For – Board of Directors, Chief Risk Officer (CRO), and heads of Risk Management].

2. Financial Resilience: Have we conducted recent stress tests that are comprehensive and reflective of our current operating environment, especially in light of uncertain macroeconomic conditions? [Chief Financial Officer (CFO), Head of Treasury, and Risk Management teams].

3. Counterparty and Credit Risk: How are we addressing the PRA’s concern about counterparty credit risk and secured financing risks, especially regarding non-bank financial institutions (NBFI)? [For – CRO, Head of Credit, and Head of Counterparty Risk Management].

4. Technological Risks: Are we adequately prepared to identify and mitigate risks arising from new technologies, including distributed ledger technologies and generative AI? [For – Chief Technology Officer (CTO), Chief Information Security Officer (CISO), and Head of Innovation].

5. Operational Continuity and Personnel Resilience: Are employees enabled to question decision-makers? Are they empowered with an understanding of the risks they manage and the impact that may have on other important business services, and the firms’ customers?
[For – Chief Human Resources Officer (CHRO), Heads of Departments, and the Board’s Nomination Committee].

6. Regulatory Changes: Are we on track to comply with the implementation of upcoming regulatory changes affecting liquidity and capital requirements? [For – CFO, CRO, Head of Regulatory Compliance, and legal advisory teams].

7. Market and Liquidity Risks: How are we ensuring that treasury management is robust, considering the interaction between capital, liquidity risks, and the effects of quantitative tightening? [For – CFO, Head of Treasury, and Risk Management teams].

The short version? Don’t guess, know.

You may also like…

Real-time Liquidity Management

Real-time Liquidity Management

Contents Introducing real-time liquidity management Why do real-time liquidity insights matter? Using technology to...