This report (PDF 460 KB) conveys some lessons from the thematic review of banks’ management bodies and their Risk Appetite Frameworks (RAF) and describes some good practices observed across the significant institutions (SIs). It also sets out supervisory expectations regarding a bank’s Board and RAF, acknowledging all existing governance structures. The report aims to support and guide institutions towards the implementation of international best practices. One central conclusion reads: “Although major improvements have already been made, most SIs are still far from international best practices.”

Some weaknesses the SSM discovered in the Thematic Review include:

• The size and structure of the Board, which should be small enough to be able to work efficiently. In terms of structure, the ECB recommends distinct risk and audit committees, following the approach defined by the Basel Committee on Banking Supervision.
• The collective knowledge of the Board has often been assessed as an area for improvement.
• The thematic review identified some institutions in which succession planning was not defined or left room for improvement.
• With respect to the quality of the debate and the Board’s capacity to independently challenge the management the ECB concludes that it could be further enhanced for many. The ECB sees the main reasons either in the Board’s practices and organisation, the quality of documentation or the interactions among Board members.
• The timeliness of Board debates, the documentation’s lead-time and quality, agenda setting and information asymmetries also concern the SSM.
• The report recommends a closer interaction between control functions, such as risk, internal audit or compliance and the Board.

With respect to the Risk Appetite Framework and its implementation, the report concludes that the:

• RAF is a pretty new concept and around 30 % of the RAFs of significant banks have been developed within the last 18 months; for 12% the RAF is still under development. The report states that the quality is closely linked to the maturity of the concept.
• Scope of the RAF is sometimes too narrow, material risks are missing and metrics were not always adjusted to the bank’s risk profile.
• Limits in the Risk Appetite System (a central element of the RAF) are not set appropriately in some cases, e.g. do not consider certain dimensions of concentration risk.

The note states that, for most of the banks, the RAF needs to be integrated and embedded more closely into the other structural processes of the institution, such as strategy, budget process, capital and liquidity planning, recovery plan and remuneration framework.
 

The SSM itself says that the thematic review is used to identify follow-up supervisory actions for 2016, including planning on-site inspections and will be an input to the SREP process.

In addition, deep-dive investigations will be performed on a sample of SIs on specific governance topics, such as the oversight role of the board on risk and control functions and the RAF implementation. The yearly SREP will assess the implementation of governance requirements and action plans to remedy specific findings.

For banks the report adds a valuable point of information on supervisor’s expectation in terms of Risk Governance. It clearly increases the transparency of the SSM. This transparency should be a prompt to:

• assess banks’ own Risk Governance Framework against national rules as well as against international standards.
• assess whether the Risk Appetite Systems is appropriate, i.e. measures and limits all material risks, justifies what is deemed to be material or is consistent group-wide. With the application of the principle of proportionality the effectiveness of the board as well as the quality of RAF have to be ensured.
• assess the consistency of all documents and policies.
• prepare forthcoming on site missions.
• prepare for the interviews the SSM is having with board member, executives and more junior people. According to our experience, some “technical” knowledge (e.g. functioning of RWA models, IFRS 9 etc.) is required on all levels.
• define and implement an appropriate Risk Appetite Framework and System, given the size and complexity of their own institution and the riskiness of the business.

The SSM makes clear that the interplay between RAF and other strategic processes such as budget, ICAAP, ILAAP, recovery planning or remuneration planning is important. Given these interlinkages and interplays the central role of Governance in the SSM’s supervisory framework becomes clear. Governance cuts across all of the SSM’s priorities and its assessments of business models, strategy and capital & liquidity planning.