The inner workings of the EU Council don’t tend to attract much attention. However, one apparently innocuous sentence in a statement issued from a late June meeting of EU leaders warrants careful consideration by banks: “The agreement in the Council on the Banking package should allow the co-legislators to adopt it before the end of the year while preserving the overall balance.”
In essence, this clarifies the timeline for the implementation of revised versions of the Capital Requirements Directive (CRD) and Capital Requirements Regulation (CRR), known as CRD V and CRR II, respectively – the key elements of the “package” officials were referring to.
These regulations, the purpose of which is to implement Basel III within the EU, are currently being reviewed by various EU legislative bodies. Rather than piecemeal regulatory updates, CRD V and CRR II are refinements of reforms that started after the 2008-09 financial crisis. They implement significant changes that were agreed after a period of difficult international negotiation and ensure the regulatory package is consistent. They will have far-reaching consequences not only for banks’ balance sheets, and the credit and risk functions, but also on the way banks are structured and the way they do business in the long term.
When, and where, to begin
Defining the implementation timeline in detail requires a bit of reverse engineering. Based on the latest EU Council proposals, CRD V and CRR II will be applicable two years after they enter into force, which, if the ‘package’ is indeed adopted by the end of the year, means 1 January 2021. Taking into account the need for a one-year parallel run/user acceptance testing period, banks should complete the bulk of the implementation process by end-2019. In our view, given the extent of the changes involved, that means starting now.
Some may question the urgency. What if, for example, the ‘co-legislators’ don’t adopt the package as quickly as the EU Council expects? This is possible, but various declarations, the election cycle and the Basel III timeline make it very unlikely a vote on the package will happen later than April 2019, which would delay application by a year at the most. Either way, substantial change is on the near-term horizon, and banks need to be ready.
We've touched on the significance of CRD V before, but believe it’s worth revisiting just why it’s so important that banks act quickly to define their implementation approach. First off, the changes impact both EU and non-EU institutions. CRD V includes a provision that would require all non-EU banks deemed globally systemically important, or with over 30 billion euros in assets in the EU, to establish an EU-based intermediate parent company (IPC). While the IPC can be an existing subsidiary and the relevant proposals are still under discussion, the establishment process is likely to be resource-intensive and banks should factor these changes into their plans, particularly if they are reconsidering their group structure in light of Brexit.
Second, previous regulatory shifts (such as Basel II) were generally introduced consecutively and treated credit, market and operational risk separately, allowing banks to adopt a similarly siloed approach to compliance. That simply won’t be viable in this case. The CRD II/CRD V proposals are vast, touching on everything from capital requirements to leverage ratios. And, especially given interdependencies (e.g. credit risk with market risk, credit valuation adjustment risk, leverage ratios, capital output floors and so on – see chart), they will involve substantial changes to infrastructure, processes, control and data across the organisation too.
Calling for consistency
This new regulatory framework will require consistency of methods and results, regardless of which functions are involved or where calculations are conducted. For example, counterparty credit risk results will need to be consistent not only across credit and market risk, but also liquidity coverage, net stable funding and leverage ratios, and the funds output floor. Thinking beyond reconciliation techniques, the ideal starting point is a unique piece of code or identifier for each calculation that creates standardization and allows data to be easily traced back to the source.
This need for consistency, and the interdependencies it will create, will extend across every layer of the banking group in geographical as well as functional terms – that is, CRR II/CRD V will need to be applied in a standardized way at the institutional, national and European levels.
The only practical response is a holistic approach that pursues implementation as a unified global program, supported by a single solution. This means establishing a project team and governance structure that involves all relevant geographies, functions and departments, and takes a good, honest look at whether existing IT infrastructure and data management practices can support the consistency and agility which the EU’s ‘package’ will demand.
The transition will be demanding, but should also be viewed as an opportunity to make substantial improvements to risk and compliance management that will serve the bank for years to come – though unfortunately our research indicates only a small minority of institutions perceive it this way.
In a recent Wolters Kluwer poll of more than 100 webinar delegates from financial institutions across the EMEA region, only 18% viewed CRD V as an opportunity to improve risk and compliance management, and 12% perceived this as an opportunity to fix the Basel “chain”. This highlights that the remaining majority of firms may still need to assess whether their overall risk and compliance management systems are aligned with the scope and complexity of the proposed changes.
This perception will change as we come closer to the implementation deadline and the exact requirements are finally set in stone, and also as people come to understand the impact of changes, the interdependencies of the regulation, and finally the costs of change across different applications and the means to reconcile them.
Regardless, with the EU’s statement effectively serving banks notice, they should move now to devise an implementation program supported by a solution as extensive, and as integrated, as the ‘package’ itself. Investing the time and resources needed to get it right the first time around will enable the institution to weather this transformation, and its succeeding impacts.