The growing intensity of supervisory interactions is encouraging many banks to develop dedicated, centralised Regulatory Affairs Offices (RAOs). Building a high-quality RAO poses a number of sensitive challenges, and can be particularly hard for banks entering the SSM. Banks creating their first RAO can learn from the experience of others, and existing RAOs should stay abreast of evolving best practices.

The shape and activities of European banks’ Regulatory Affairs Offices (RAOs) have changed significantly in recent years in response to growing cost pressures and the increasing intensity of supervisory interactions. Many large banks now want their RAOs not only to act as a single point of contact with regulators, but also to co-ordinate their entire supervisory interactions including taking responsibility for extensive exercises such supervisory Stress Tests or On-Site Inspections.

To fulfil this vision, RAOs must work across internal silos, drawing support from first, second- and third-line functions. That in turn means that RAOs require a multitude of skill sets; strong reporting and escalation frameworks; support from Boards and senior managers; and the authority to manage communications with supervisors.

Many banks are therefore investing significant time, effort and resources in developing efficient, effective and capable RAOs. But setting up a new RAO is not easy. Common challenges include:

  • Defining the RAO’S role. It must be clear how the RAO is networked into the wider organisation and where in the corporate structure – such as within Risk, Finance, Compliance or Communications – it sits.
  • Setting the RAO's level of responsibility. Possibilities range from identifying and analysing new requirements, to co-ordinating or even leading the response to supervisory findings and requests.
  • Giving the RAO sufficient influence. It will need strong backing from the top in order to command support from the business and other key functions.
  • Providing the RAO with suitable tools and capabilities. Effective RAOs require robust technology and a combination of business, regulatory and communications expertise.

Resolving these issues can be particularly hard for bigger banks, with a certain level geographic distribution and also for banks entering the SSM. For new banks under SSM, the number, intensity and frequency of ECB interactions tends to come as a surprise – up to three a interactions in a day would not be unusual for a healthy, average-sized SSM bank, and this can increase rapidly if problems arise. Of course, there is a wide variety of interactions, which may in some cases take only limited amount of efforts to respond to and some like an OSI, which take months in preparation and execution. For example:

  • Supervisory dialogues require significant Board input, and can have large down-side risks if supervisors conclude that Boards or senior managers have a poor understanding of key issues.
  • Data submissions include ad-hoc, monthly, quarterly, annual and deep dive requests. These can pose a range of data-related challenges, and SREP results can be affected by any perceived weaknesses.
  • Thematic reviews and on-site inspections require significant resources and, via the SREP, can lead to material increases in capital or liquidity requirements.

Connect with us

New SSM banks can also find it hard to provide fast, consistent responses to ECB requests. Quick reactions are essential and successful banks often plan ahead by implementing new methodologies required by SSM banks and creating data and document repositories that contain pre-approved information. Speedy, effective remediation strategies are also vital when responding to critical supervisory findings. And clear external communications – speaking with one voice during every interaction – are particularly important during on-site inspections.

So what does a good RAO function look like? Every bank's approach must reflect its own activities and infrastructure, but we see the following as key components.

  • Reliable processes – the ability to handle a wide range of supervisory interactions.
    • 'Working manuals' that set out governance arrangements, key responsibilities, information sources and quality assurance for different types of interaction
    • Dry-runs and early assessments of business requirements, which help avoid pitfalls and identify missing elements
  • Skills and experience – the right combination of human capabilities.
    • Secondment schemes from Finance, Risk, Business Units and other functions help to maintain skills, networks and mutual understanding across silos
    • A mixture of people who understand the business and those familiar with supervisory thinking and expectations 
  • Organisational backing – appropriate support and prioritisation from senior management.
    • Effective internal reporting frameworks
    • Workshops and training for Boards, senior managers and those working with RAOs
    • Job descriptions that require other functions to support RAOs
  • Tools and instruments – a suitable supporting infrastructure, including:
    • Close supervisory relationships
    • Data and information repositories
    • Action protocols that can be used to amend working manuals
    • Appropriate software to support key processes, such as tracking supervisory findings or implementation monitoring of regulatory requirements

In conclusion, it’s critical for banks entering the SSM to understand how demanding supervisory interactions can be, and to learn from the experience of industry leaders. However, it’s equally important for established banks to avoid complacency. Supervision is continually evolving and almost all banks could improve the efficiency and consistency of their RAOs. Of course, KPMG can help banks to set up and optimize their RAO, and to align its operating model with supervisory requests and interactions with the ECB or national supervisors, ensuring a RAO doesn’t become a costly distraction – or a source of risk.