Foreign Bank Enhanced Prudential Standards (FBEPS) Spotlight on Governance and Risk Management Chris Spoth Deloitte & Touche LLP October 2013
FBEPS Scoping and Applicability The Federal Reserve Board s proposed rules to implement the enhanced prudential standards (EPS) and early remediation requirements (ERR) of sections 165 and 166 of the Dodd-Frank Wall Street Reform and Consumer Protection Act for foreign banking organizations (FBOs) and foreign non-bank financial companies designated by the Financial Stability Oversight Council (FSOC) were released December 14, 2012. The comment period ended in April, 2013 and the rules are expected to be finalized by December, 2013. While these are only draft rules, there is a high likelihood that the requirements may not be changed substantially. Proposed Rule Released Comment Period End Date Rules likely finalized Effective Date Feedback during comment period December 14, 2012 April 30, 2013 December, 2013 July 1, 2015 Applicability US Foreign Enhanced Prudential Standards Type of FBO US IHC Requirement Capital Capital Planning & Stress Testing Liquidity Single Counterparty Credit Limits Risk Management Debt-to-Equity Limits Early Remediation Global Assets between $10B and $50B (approx. 29 such FBOs) No No FBO must meet home country stress test requirements in order to avoid U.S. asset maintenance and Other requirements No No If FBO is publicly traded, it must annually certify that it maintains a board level U.S. risk committee. It can be part of the overall risk committee of the board. No No Global Assets $50B but U.S. assets < $50B (approx. 84 such FBOs) Yes, unless US assets < $10 (excluding assets of U.S. branches and U.S. agencies) Intermediate Holding Company (IHC) subject to U.S. capital requirements for Bank Holding Companies (BHC) and FBO must certify that it meets home country capital standards that are broadly consistent with Basel capital standards, including Basel III All of the above, plus IHC is subject to Federal Reserve s Dodd-Frank stress testing rules as if it were a U.S. BHC Must report results of annual internal liquidity stress test to Federal Reserve Limits apply to IHC and U.S. operations of FBO Annually certify that it maintains a board level U.S. risk committee. It can be part of the overall risk committee of the board. Yes if FSOC determines that FBO s grave threat to U.S. financial stability Yes, but not automatically subject to remediation actions upon exceeding a trigger US assets $50B (approx. 23 such FBOs) Yes, unless US assets < $10 B (excluding assets of U.S. branches and U.S. agencies) All of the above plus Subject to U.S. capital requirements as if it were a U.S. BHC Required to certify that it meets home country capital standards that are consistent with the Basel capital framework Subject to U.S. advanced approaches capital rules or market risk capital rules (250 bn in US assets / 10bn in foreign exposure) Required to submit annual capital plans to the Federal Reserve All of the above plus Subject to Dodd-Frank capital planning & stress-testing rules as if it were a U.S. BHC Required to meet additional conditions regarding home country stress tests in order to avoid U.S. asset maintenance and other requirements All of the above plus Required to maintain U.S. liquidity buffers for its U.S. agency and branch networks that are separate from its IHC All of the above plus Subject to stricter single counterparty credit limits All of the above plus Required to annually certify that it maintains a board level U.S. risk committee, at least one member of which must be independent, and must appoint a U.S. chief risk officer meeting certain requirements Subject to debtto-equity limits All above the plus Subject to nondiscretionary early remediation actions upon exceeding an early remediation trigger - 2 -
Summary Impacts of FBEPS Meeting FBEPS is expected to be costly and highly complex given the aggressive timelines, especially for complex and large foreign banks; a cross-functional approach is required. The more significant likely impacts are shown below Indicative Impact Broader U.S. functional responsibilities from a business management perspective will be required.(e.g., CCAR process) Liquidity, capital and credit requirements increase pressure on booking model optimization between IHC, Branch and other locations Business and Financial Impacts Disclosure requirements through substantial public regulatory reporting may influence and/ or constrain decision making Material capital injections will likely be required Liquidity requirements for branches and the U.S. IHC may pose disruptions to existing funding models resulting in captive liquidity and increased funding costs Scope will force U.S. subsidiaries to move into the US IHC from a legal entity organization standpoint, with potential capital and tax implications Credit limits and risk appetite may impact capital allocation High Governance and Process Regional alignment of Foreign Bank s Governance and Operating model in the U.S.; centralized U.S. governance framework, risk management structure and internal controls structure will need to be developed and adopted Appointment of exclusively U.S focused CRO and Risk Committee in U.S. Significant need for dedicated knowledge of US requirements that have been applied to domestic institutions capital, stress testing, living will, etc. Increasing expectations for robust control processes/framework will likely require significant attention and resourcing in the U.S. High Technology and Infrastructure U.S. Significant IT infrastructure enhancements to produce and aggregate risk, operational, and financial data at the required level of granularity, frequency, accuracy across U.S. LEs, on a consolidated basis in U.S. GAAP and in accordance with U.S. requirements Significant infrastructure changes to comply with very substantial U.S. stress testing, U.S. Basel III requirements, regulatory reporting and risk reporting Substantial new technical, supervisory and methodology differences in U.S. requirements that may result in parallel calculations and new IT builds versus what has been required for head office reporting and limited U.S. reporting - 3 - High
U.S. Consulting On-screen XS WHT_R1.5V_0310.potx Enhanced prudential standards Risk management The proposed rule for domestic and foreign institutions offers new risk governance requirements, including the establishment of a board of directors risk committee. Requirements reflect the view that boards of directors should be more engaged and involved in risk management and oversight. Some key expectations for an enterprise-wide risk management framework include: Risk limitations appropriate to each business line of the company Appropriate policies and procedures relating to risk management governance, risk management practices, and risk control infrastructure for the enterprise as a whole Processes and systems for identifying and reporting risks and risk-management deficiencies, including emerging risks, on an enterprise-wide basis Monitoring compliance with the company s risk limit structure and policies and procedures relating to risk management governance, practices, and risk controls across the enterprise. Effective and timely implementation of corrective actions to address risk management deficiencies Specification of management s and employees authority and independence to carry out risk management responsibilities Integration of risk management and control objectives in management goals and the company s compensation structure The proposed enhanced prudential standards for foreign banks are very similar in nature and focus on ensuring stronger oversight of and transparency around risk management across all U.S. operations, including a requirement for having a U.S. Risk Committee of the Board and U.S. Chief Risk Officer. - 4 -
Governance Impacts Several explicitly and implicitly stated emerging governance themes can be seen within the proposed regulations. Several Federal Reserve Board expectations will be imposed, similar to U.S. BHCs on the IHC, U.S. Branches (combined U.S. Operations) Emerging U.S. Governance Themes Organization design: Simple, transparent and understandable across the U.S. to internal managers, employees and external stakeholders. Regional CEOs have increased authority or influence over U.S. operations Control Functions: Have regional leaders who have delegated authority to oversee and manage across various U.S. businesses Committee structures: Enabling U.S. wide reporting, escalation and communication across all U.S. BUs and products Accountability and decision-making authority: U.S. leadership is expected to develop and execute regional strategies with clear decision rights between Region and Group, driving the right culture and tone from the top for the U.S. in alignment with Group Compensation and budget authority: Enabling U.S. senior management in alignment with Group to have pay, compensation and budget influence and authority U.S. risk management framework: Effectively oversees U.S. operations for material U.S. current or emerging risks, control issues or events with reporting that is measured, monitored and, if necessary, managed or escalated, and addressed through this process Structure Oversight Decision Making and Monitoring Policies and Processes People and Culture - 5 - Governance Components Regulatory Expectations IHC U.S. Branches Implicit Explicit Implicit Explicit Organizational structure Board and Committee Structure (i.e. Board of Directors or equivalent U.S. Risk Committee (with at least one independent director)) Management Committees Control Functions Board & Management Committee oversight Setting and measuring strategy Accountability, authority and veto rights Performance planning and reporting Performance & incentive management Setting risk appetite Policy setting and compliance Reporting, monitoring and escalation People and talent management (e.g., creation of a U.S. CEO and CRO ) Setting the culture (e.g. risk culture) Induction, training and development
Current trends in risk management Clear governance practices embedded into the organizational structure Increase oversight, interaction and communication across US Operations (would include IHC and branches) among head office and senior management risk operating committees Communicate a statement of the risk philosophy and appetite of the US operations that is actionable and can be assessed Document and clarify roles and responsibilities Develop integrated market and credit risk framework processes Risk and return balance and risk management priorities Decision making is risk/return oriented and in partnership risk is right sized to organization Compensation structure is aligned with risk and reward Risk management function has risk veto authority with clear escalation/resolution processes Investment in infrastructure and risk capabilities Enhance valuation and exposure measurement capabilities (i.e., Ability to value and measure the risks associated with all transactions) Re-prioritize infrastructure investment areas, focus on risk exposure aggregation, netting and product coverage Transparency, disclosure and communication Need to provide informative, customized and actionable information to senior management, board and business lines Risk management should seek guidance and have access to the board in order to understand their objectives and perspective Increased external disclosures to shareholders, regulators, rating agencies - 6 -
Some key success factors and lessons learned about risk management Considerations Description Critical points Resourcing Business impacts Prioritization of key workstreams Global linkage Executive sponsorship Regional coordination Front office engagement Strategic solutions Data governance Resourcing needs are significant for delivering FBEPS program. Many FBOs and Domestics are already in the market for the same skill sets. Immediate focus on resourcing this program is needed The business impacts (capital and balance sheet) should not be underestimated, many of the implications have forced FBOS to re-think existing balance sheet consumptive businesses supported in the Americas Prioritization efforts that require long lead time (e.g., CCAR/FR Y-14 requirements) and will impact BAU operating model require immediate attention Strong linkage with Home Office a centralized design authority to centrally model, capital, tax, liquidity and funding and structural considerations is needed Strong, central leadership is required to ensure accountability and prioritization of Program Cross functional regional coordination across regional functions and businesses and Business Units is tablestakes Gain business buy-in and management agreement on all critical business and regulatory assumptions throughout the program lifecycle. Develop strategic infrastructure change solutions that are implementable, leveragable and deployable across regions and functions Data governance workstream is a critical horizontal workstream focused on consolidating common technical and business data requirements to ensure data consistency, quality and availability across all workstreams. Identification of resourcing needs will be a key critical priority. Speed to which new/internal hires will reduce cost for the program Dynamic modeling and constant front office engagement is needed to develop strategic options and ways to optimize balance sheet Prioritization of IT builds and complex projects will need immediate attention Funding, capital, tax and model changes requires global alignment and agreement Is needed to drive prioritization, change and escalation Significant dependencies and reliance on SME s within various functions is required for work efforts Given the significant impacts front office engagement early and often is a critical success factor Other regions will likely follow suit in requiring similar requirements and bespoke solutions should be avoided Data requirements across functions and reports will require similar data elements and will require reconciliation in some cases - 7 -
The Deloitte Center for Regulatory Strategies (DCRS) DCRS helps companies formulate a comprehensive game plan to comply with today s regulations, prepare for what s next, strengthen their overall compliance framework, and craft a strategy for the road ahead. The Center provides industry-specific regulatory perspectives for financial services, energy and resources, and life sciences and health care organizations. Leading from the Front The Center s experienced team of professionals include many former senior regulators with U.S. government agencies and industry specialists with broad regulatory experience. Ways to leverage the Center Thought leadership DCRS sponsors and publishes research and perspectives to help you understand the current regulatory environment, and its challenges and implications for your business. Find out more at www.deloitte/com/us/centerforregulatorystrategies Client programs Our team hosts a variety of programs and events featuring valuable leadership and insights. Some of our programing includes: external conference sponsorships, thought leadership activities, and in-person events. 8 The Deloitte Center for Regulatory Strategies (DCRS)
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 36 USC 220506 Member of Deloitte Touche Tohmatsu Limited