On 10 January, the PRA issued three Dear CEO letters, for UK deposit takers, international banks and insurers, updating firms on its supervisory priorities for 2023. The letters set out specific supervisory priorities, together with comments on additional areas of supervisory focus, across several common themes.
UK Deposit Takers | International Banks | Insurers |
Financial resilience (including credit and model risk) | Financial resilience | Financial resilience (and claims inflation) |
Operational risk and resilience | Operational risk and resilience | Operational resilience |
Financial risks arising from climate change | Financial risks arising from climate change | Financial risks arising from climate change |
Diversity, equity and inclusion | Diversity, equity and inclusion | Diversity, equity and inclusion |
Risk management and governance | Risk management and governance | Risk management |
Data | Data | Regulatory reform |
Resolution |
| Ease of exit |
Real Time Gross Settlement (RTGS) | Real Time Gross Settlement (RTGS) | Reinsurance risk |
In 2023, the PRA will continue to focus on financial and operational resilience, financial risks arising from climate change, governance and risk management, and diversity, equity and inclusion (DEI) across all sectors. It will also prioritise readiness for ISO 20022 common messaging in CHAPS as part of the RTGS Renewal programme and data quality and accuracy for all banks. UK Deposit Takers should expect continued focus on credit and model risk. For insurers, exit planning and reinsurance risk will be on the agenda.
Cross-sector priorities
The PRA reiterates the same messaging in all three letters on:
- The financial risks arising from climate change — the PRA will continue to review compliance against SS3/19 and expects firms to take a proactive approach to addressing climate-related financial risks.
- DEI — the PRA plans to issue a new consultation (jointly with the Bank of England (BoE) and FCA and building on DP2/21) on proposals for a new regulatory framework on DEI for the financial sector.
- Supervisory approach — from January 2023, the PRA has updated its approach to categorising the 'potential impact' of firms and refined its risk assessment framework and core assurance work. Individual firms will be notified directly where this results in any changes to the supervisory workplan. The Financial Services and Markets Bill, if passed into law, will also introduce a new secondary competitiveness and growth objective for the PRA.
The PRA also includes specific sector-tailored messaging as found below.
Financial resilience
Banks should be proactive in assessing the implications of the evolving economic outlook on their business models — including consideration of broader structural changes.
- Capital and liquidity — the PRA will continue to assess individual banks' capital and liquidity positions with particular focus on the impact of evolving retail and wholesale funding conditions, as well as scheduled maturities of drawings from the Term Funding Scheme.
- Credit risk — UK banks should prepare for a prolonged period of stress, ensuring that their credit risk management practices are robust, customer support and collections arrangements are appropriately scaled, and expected credit loss provisions are recognised in a timely manner. The PRA will increase its engagement in these areas, including targeted requests for enhanced data and a focus on traditionally higher-risk areas such as retail credit card portfolios and unsecured personal loans.
- Model risk — final model risk management policy is expected in H1 (building on CP 6/22), following which UK banks will be expected to implement the necessary changes. For Internal Ratings Based (IRB) models, the PRA will focus on three key workstreams: the implementation of IRB hybrid mortgage models, the IRB Roadmap for non-mortgage portfolios and IRB-aspirant bank model applications. The PRA will also increase its focus on new Fundamental Review of Trading Book (FRTB) models and banks' intended methodologies as part of the implementation of Basel 3.1 standards.
Life insurers should ensure they are robustly stress testing their capital planning against prolonged adverse credit scenarios. General insurers are expected to factor general and social inflation risk drivers into their underlying pricing, reserving, business planning, and capital modelling.
Operational risk and resilience
The PRA will continue to assess all firms against SS1/21 for operational resilience. By now, they are expected to have identified and mapped their Important Business Services (IBS), set impact tolerances and commenced a programme of scenario testing. Over the next three years, firms will need to demonstrate their ability to operate within their impact tolerances under a range of severe but plausible scenarios, including cyber-attacks.
Firms should also continue to comply with the PRA's outsourcing/third party risk management policy, ensuring that their IBS can remain within impact tolerances even when they rely on outsourcing or third-party providers.
At the same time, firms must manage the impacts of increasing digitalisation. Not only should they account for any transition and execution risks, but, in particular, they must ensure they fully understand the impact of offering any crypto-related products.
Banks — RTGS, data, resolution and risk management
Certain priorities are flagged specifically for the banking sector:
- RTGS — ISO 20022 messaging in CHAPS will be delivered by the BoE in June 2023 as part of the RTGS Renewal programme. The PRA expects banks to be ready for this change, ensuring cut-over to the new messaging standard without interruption to customer payments or liquidity management. Readiness preparation includes completing all necessary testing and participating in dress rehearsals.
- Data — the PRA will continue to use skilled persons reviews and will engage with banks on which data will be collected as part of the Banking Data Review.
- Resolution — banks within scope of the UK's Resolvability Assessment Framework (RAF) should continue to ensure they achieve and maintain the relevant resolvability outcomes. They should also ensure they are transparent in their disclosures about their preparedness for resolution.
- Risk management and governance — the PRA will continue to assess banks' risk management and control frameworks through individual and cross-firm thematic reviews — focusing on the ability to monitor and manage counterparty exposures.
- For international banks active in the UK, individuals under the Senior Managers Regime will be accountable for addressing the PRA's 2023 priorities. The PRA expects these banks to reflect on their risk management, governance, and control frameworks — including a comprehensive review of onboarding and due diligence practices, as well as counterparty pricing and margining frameworks.
- As UK deposit takers continue to accrue large and concentrated exposures to single counterparties (without fully understanding the associated risks), they must ensure that lessons from past crises are learned in full, and thoroughly embedded across the first and second lines of defence.
Insurers — Reform, reinsurance and risk management
- Regulatory reform — the PRA will consult on Solvency II reform implementation and complete branch authorisations currently within the temporary regime.
- Reinsurance risk — the PRA is paying close attention to whether the continued high level of longevity reinsurance and the emergence of the more complex `funded reinsurance' in the UK life market reduces the protection UK policyholders should have. It is particularly concerned about the potential for offshored counterparty concentration risk to arise from rapidly growing levels of reinsurance. The PRA will examine the need for policy action on reinsurance structures and limits, to mitigate systemic risks to policyholders as part of its work on counterparty and concentration risk. In the meantime, it expects:
- UK-authorised firms to consider their compliance with the Prudent Person Principle (PPP) for the risks associated with their reinsurance activities.
- Firms to consider the reinsurer's resilience over the whole duration of the exposures, as well as the potential impact from a mass recapture event where large concentrations to a small number of counterparties exist.
- Risk management — the PRA expects firms to:
- Assess their credit and counterparty credit risk management capabilities in light of widening credit spreads, rating downgrades, and defaults.
- Reassure themselves of the continue validity of their models given the central role they play in supporting risk assessments.
- Test the resilience of liquidity sources to market dysfunction and the re-evaluate potential liquidity demands created by use of derivatives for risk managements.
- Ease of exit — the PRA will consult on requirements under Fundamental Rule 8 (to prepare for resolution), to provide firms with more specific expectations around improving their ease of exit. In the meantime, firms should continue to develop their exit plans, with specific focus on timely execution and the practicalities around transferring run-off books of business.
- Non-natural catastrophe risk — as exposure management capabilities in this area remain immature, firms could become exposed to the risk of outsized losses and may underestimate their capital requirements. The PRA therefore intends to work with industry to enhance practice and better manage risk in this area.
- Bulk purchase annuity (BPA) markets — the PRA will conduct a thematic review on risk management in BPA markets and focus on credit and counterparty risk and liquidity demands arising from derivative instruments.