European banks to improve internal governance and focus on business model sustainability
The European Central Bank has published the 2019 Supervisory Review and Evaluation Process (SREP) findings which highlight the need for banks to enhance the effectiveness of their management bodies and strengthen internal controls.
The European Central Bank (ECB) published the aggregate findings of the 2019 Supervisory Review and Evaluation Process (SREP) on 28 January 2019. The ECB conducts this evaluation annually to assess the top risks to which significant euro area banks are exposed. The SREP is essential to ensure a level playing field and permits peer comparisons across the euro area. The ECB uses a combination of quantitative and qualitative factors to conduct the SREP assessment and banks are scored (on a scale of 1 to 4 with score 1 being the highest performance).
No institution scored 1 in the overall assessment and the ECB observed minor shifts in the other bands: 49% of banks received an overall score of 2, 43% of bank scored 3, and 8% of banks received the lowest score of 4.
There was a significant decline in SREP scores related to internal governance, business models, and conduct risk. In its press release, the ECB commented: “In response to the deterioration in scores, supervisors will intensify assessments of the sustainability of business models and will continue to require banks to enhance the effectiveness of their management bodies and to strengthen internal controls and risk management.”
Internal governance improvements required
The 2019 SREP report highlights different qualitative measures imposed in respect of the following governance areas (see Chart 11):
- internal control function
- management body
- risk infrastructure, data and reporting
- risk management and risk culture
- internal governance framework
The ECB noted a “high spread of weak governance” as a top concern and cited weak management boards and weak outsourcing controls as drivers for this disappointing result. Internal governance scores were down across all sectors whether universal banks, retail lenders or custodians and asset managers (see Chart 23). The results demonstrate a clear need to continue to improve the quality and composition of directors and management of banks.
In addition to improving the knowledge, skill, and experience base of the individuals charged with overseeing each institution, it is equally important to focus on appropriate infrastructure to ensure sound governance. Given the expected increased scrutiny for 2020 on internal governance, it is highly recommended that banks:
1. Improve the quality of written frameworks, policies and procedures (and have those reviewed externally).
It unfortunately remains the case that banks across the euro area consistently fail to appropriately document their activity. This cannot be seen as a “point-in-time” compliance exercise but must be embedded into the business cycle. These results suggest that existing framework documents may no longer reflect the current business and a refresh is required.
2. Strengthen training at management body level.
Similarly, many boards have procured specific training for directors on technical risk topics, new regulation, and improving board effectiveness. However, an overall finding of “weak management board effectiveness” indicates that boards of directors have only conducted a preliminary review of their own governance and have not yet tackled root causes. There have been significant improvements related to formalized agendas, minute-taking, and board process, however, many institutions have not necessarily taken steps to change the risk culture, reduce inappropriate group influence, and effectively challenge management and control functions.
3. Proactively review internal governance arrangements.
As new risks emerge the internal governance structure (and stakeholders) must evolve. It is strongly suggested that an independent review of internal governance be conducted at regular intervals to ensure it is optimized for the business. Many banks seek to comply with governance arrangements. To succeed in the future, the strongest players will design governance structures that support their objectives and move beyond the preliminary phase of mere regulatory compliance.
Business models and profitability: the link with internal governance
The 2019 SREP findings are quite nuanced in the business model category. Custodians and asset managers have the highest proportion of score 4 banks (see Chart 20). Overall, there are challenges related to profitability and earnings are below the cost of capital. The ECB is “focused on banks' future resilience and the sustainability of their business models…” This issue has also been raised in Luxembourg by the CSSF which noted in its 2018 report that Luxembourg banks are experiencing an increase in expenses and lacking economies of scale which is contributing to an overall “erosion of profitability.”
In addition to these economic factors, it is worth questioning whether the weaknesses in internal governance highlighted above are also a strong contributor to these issues. In recent years, board members have indicated that there is not only a growing cost of regulatory compliance in terms of expenditure, but also in terms of director time commitment. Many have remarked that this has been at the expense of commercial considerations and strategy. Board meetings and senior management time related to new internal governance requirements have increased dramatically over the past five years.
If the board and senior management have devoted significant additional time and resources to overseeing the business, how is it possible that business models are unsustainable and profitability is threatened? Much as above, this likely relates to less-mature governance frameworks which were built to comply with new corporate governance regulation but not designed to optimize the business. To the extent internal governance arrangements are not adapted to monitor business risks appropriately, it is also highly likely that they are not calibrated to identify business threats and opportunities nor promote strategic thinking at board level.
In order to ensure business models are sound and profitability restored, banks should consider:
1. Critically assessing the board’s ability to prioritize.
To the extent boards are unable to balance regulatory compliance and strategic decision-making, improvements to leadership and board composition may be required. Boards should also consider whether they are receiving the appropriate level of external technical advice and counsel.
2. Ensuring effective controls and oversight.
While most institutions have advanced systems in place to monitor and report classical risks, board members should be challenging the business and control functions to ensure robust oversight is in place in relation to profitability and business model. The board should be tracking open action items with respect to profitability, strategy, and business model with the same diligence which it would for risk or compliance issues.
While the ECB noted in the 2019 SREP exercise that it was pleased with the overall level of capital adequacy of banks in the euro area, the decline in scores related to internal governance and business models must be addressed by boards and senior management swiftly. As new risks such as cybercrime and financial disintermediation continue to grow, banks in the euro area must move beyond a mindset of regulatory compliance in respect of governance. Instead, banks must design governance arrangements which are suited to the business, its clients, employees, and stakeholders. This advanced governance framework, with appropriate leadership, will ensure a robust and sustainable future for the banking sector.
Michael SchweigerCounsel Attorney at law / Solicitor
Michael Schweiger, counsel, is a member of the Banking & Finance practice group in our Luxembourg office. He leads the Luxembourg financial regulatory team and regularly advises banks, payment institutions, insurers, and other clients regarding financial regulation.T: +352 466 230 520 E: firstname.lastname@example.org