• Joep Rijnsdorp , Senior Manager |

The European Central Bank (ECB) has significantly heightened its focus on Asset and Liability Management (ALM) frameworks (please also refer to the ECB supervisory priorities 2024-2026). Currently, the ECB is executing a thematic framework specifically targeting the Interest Rate Risk in the Banking Book (IRRBB) framework across several Significant Institutions (SIs) in Europe.

In this blog, we will start to delineate the OSI (on-site investigation) life cycle and will subsequently share some insights we gained while supporting various institutions during the recent IRRBB Thematic Review.

OSI Life cycle

On-site investigations constitute a crucial instrument within the ECB's tool kit, serving the purpose of conducting an in-depth and comprehensive analysis of the subject(1) under investigation. The OSI life cycle involves multiple stages.

  1. Preparation phase: First, institutions will receive a formal letter with a description of the scope. Second, institutions will receive a Request for Information (which generally includes documentation and data requests) and will receive a request to facilitate deep dive meetings. The requested information needs to be delivered prior to the start of the on-site phase.
  2. On-site phase: The on-site phase starts with a kickoff meeting between the OSI team, JST representatives and bank representatives. Its main purpose is for the OSI team to clarify the scope and way of working and for the bank to introduce the main stakeholders and provide a high-level overview of the bank’s operations. The kickoff meeting is followed by deep dive meetings in the first weeks to delve into selected topics. Additionally, the OSI team will initiate the Q&A process, which will continue until the end of the on-site phase. Further interviews might be requested throughout this phase. In the final stages, the OSI team shares preliminary observations, and the bank can provide comments. The preliminary observations are further discussed during the pre-exit meeting, thereby closing the on-site phase.
  3. Reporting phase: The draft report will be shared and assessed by the ECB, after which it is shared with institutions for comments and an exit meeting is organized. After receiving the final report, institutions will receive a letter from the JST some time later outlining the supervisory expectations. The institution is required to submit an action plan, including remediation timelines.

(1) OSIs cover a broad range of topics including Credit Risk, IRRBB, Governance, IT risk, Operational risk.

Recent KPMG insights into IRRBB OSIs

In 2023, KPMG has supported several banks in the preparation and execution of their IRRBB OSI. From this experience, several key insights emerged:

Preparation is Key:
Successful OSI outcomes begin with meticulous preparation. Banks should anticipate and address potential areas of concern before the investigation starts. The results from the OSI will to a large extent influence the change agenda and thus should be taken very seriously.

Engage with ECB:
Establishing open lines of communication with the ECB is crucial, both with the JST and the Head of Mission. Proactive engagement fosters collaboration and helps in aligning expectations and clarifying team size, scope, timelines and other expectations.

Governance and execution support:
Institutions should appoint a dedicated mission coordinator and mission owner, and update senior management frequently. In addition, establishing a dedicated PMO function is pivotal. The PMO team plays a crucial role in efficiently coordinating and managing the entire OSI process, facilitating collaboration among all stakeholders. Furthermore, institutions must define distinct inspection areas and appoint for each inspection area a Single Point of Contact (SPOC).

Both the preparation and the execution of the on-site process is time-consuming! Institutions must ensure that staff is sufficiently made available to deliver the requested information, presentations and questions.

Deep Dives:
Compelling and insightful presentations are vital for a positive head start. These allow the inspection team to understand the practices applied and avoid unnecessary questions later. The presentations should provide a comprehensive overview of the bank's IRRBB management strategies and practices and should be consistent. The deep dives are a means to explain specific choices made within the institution and to provide insights into known weaknesses or previous OSI findings.

Quality Assurance:
A strong emphasis on quality both prior and throughout the investigation is paramount. A dedicated Quality Assurance team must be established to ensure consistency of all information delivered to the OSI team. First Time Right is a key differentiator that will reduce the number of iterations required.

Senior Management involvement:
Active involvement of senior management is important to provide guidance on the strong points and development areas to be elaborated on within the deep dives. This will help the OSI team to come to conclusions and new requirements that are in line with management’s own expectations.

Main Weaknesses Identified

During the OSI process, KPMG already identified several common weaknesses in banks' risk management frameworks. These include gaps in:

  • Modeling of non-maturity deposits.
  • Documentation of modeling assumptions.
  • IRRBB models are not or not properly validated.
  • IRRBB measurement assumptions and methods.
  • Treatment of margins not defined
  • Basis risk measurement and control from EVE/earnings perspective.
  • EVE stress testing (has deficiencies in terms of control, completeness of scenarios, monitoring, and validation).
  • Tactical solutions used for measurement, calculation and reporting.

Institutions must have a good understanding of their main areas of weakness and should have action plans in place as much as possible. KPMG has a wider understanding of the typical points of attention that are considered important by the inspection team.

How KPMG can help

KPMG stands ready to support institutions across various phases of an on-site investigation. Our services encompass a quick scan to evaluate the overall status of the IRRBB framework, assistance in preparation, for instance, through structuring and establishing the OSI project and by starting to pre-collect information and data. During the OSI, we can provide both experienced PMO support and subject matter expertise.


As the ECB intensifies its scrutiny on ALM frameworks, banks must proactively prepare for potential IRRBB OSIs. Although the initial scope of these OSIs are Significant Institutions, we have previously seen that DNB and other local regulators tend to follow the ECB and might also undertake targeted OSIs. Leveraging the insights gained from our support in 2023, KPMG can help you to ensure a smooth OSI process and to optimize the results