2024 Priorities: PRA’s Dear CEO letter to UK Deposit Takers

Looking at the events of the last year we have seen a bank failure, world shipping disrupted by Houthi rebels and an Icelandic volcano eruption (albeit a small one). All while still reeling from the previous year’s fallout from a pandemic that gave rise to a new range of operational risks, the Ukraine war driving inflation and an economy tilting mini budget. Most firms will likely agree with the PRA’s view that ‘previously improbable events could be within the realms of the possible’. 

The events of 2023 serve as a stark reminder that firms can face a sudden loss of customer, counterparty, or market confidence, leading to significant implications that may require regulatory intervention. In their Dear CEO Letter, the regulators have outlined their key priorities for UK deposit takers in 2024, shedding light on the crucial areas that demand attention and strategic focus. In this article, we’ll delve into these priorities and explore what they mean for the financial sector.

Anchoring in Robust Governance

At the heart of the PRA’s 2024 priorities lies a resounding call for robust governance, risk management, and controls. The dynamic nature of the financial realm demands a proactive approach to identify, assess, and mitigate risks effectively. Boards and executives are encouraged to continually challenge their structures, processes, and capabilities within the governance and risk management frameworks.

Firms are urged to maintain a vigilant stance, fostering a robust risk culture to ensure safety and soundness. Senior Managers must continue to take lead on the risk culture of their firms, encouraging open dialogue on the quality of MI and build on the work done to calibrate risk limits to provide sufficient visibility for the board to interrogate and challenge when necessary.

Executives should take full advantage of the position and expertise of Non-Executive Directors who often have the advantage of perspectives across multiple firms. In turn Non-Executive Directors will need to keep up to date with training to ensure they understand emerging risks and new regulations and also take full advantage of their networks, seeking insights form their peers.

As firms continue to accelerate their use of technology, it becomes increasingly important to consider the associated novel risks, and senior managers will have to broaden their thinking when considering scenarios.

Firms should regularly refresh succession plans to minimise the disruption caused by changes in personnel and ensure strong governance during transition periods.

Credit Risk Management:

Given the uncertainties surrounding economic growth, inflation, and geopolitical tensions, credit risk conditions remain challenging. The PRA acknowledges the strain that households and small businesses face and urges firms to be proactive in managing credit risk. The work done in the last few years on developing this area is recognised but the regulator encourages firms to continue to adapt to these changing conditions in 2024:

• Firms should revisit risk appetites to ensure they reflect the board’s view of the firm’s risks in the current environment.
• Underwriting policies and processes will likely need to be reviewed and tightened.
• Forbearance monitoring and early warning indicators are highlighted as areas to be further developed to provide warning of an oncoming stress.
• With the heightened likelihood of default, firms need to be prepared for the increased demand on their collections and recoveries teams, ensuring additional resource is available as necessary.
• Credit loss provisions are expected by many firms and the regulator naturally expects firms to main discipline around recognising them.

In 2024, we can expect the PRA to assess the improvements made in these areas and how firms respond to any changes to their business models and credit exposures to ensure they maintain robust credit risk management. The more vulnerable market segments such as buy-to-let, unsecured lending, commercial lending etc. will come under particular scrutiny from the PRA and firms exposed to these higher risk areas will need to ensure they have started these internal discussions sooner rather than later. The regulators have also highlighted counterparty credit risk as a topic for their ‘heightened engagement’ in 2024, focusing on lending to non-bank financial institutions.

Financial Resilience:

Ensuring financial resilience is imperative for firms to continue supporting businesses and households. The PRA’s ongoing assessments will encompass an analysis of forward-looking liquidity and capital indicators, stress testing, and the development of realistic and effective contingency plans. The impending implementation of Basel 3.1 standards necessitates careful planning to maintain financial resilience while supporting stakeholders.

The regulators encourage firms to be more imaginative in scenario testing when looking forward to potential extreme tail events by looking backwards at the global events of 2023 and considering how their own business models might be affected.

They warn against looking at capital and liquidity risks in isolation and urge firms to consider the interaction between the two, for example in interest rate risk, or hedging activity that may restrict the use of liquid assets.

The funding landscaped is changing in 2024 with repayments on the Term Funding Scheme with additional incentives for SMEs (TFSME) starting this year, and the impact of quantitative tightening on the level of central bank reserves in the system. Coupled with changes in depositor behaviour these changes will impact the way firms source and manage liquidity which will need to be considered and assessed in liquidity stress testing. For many firms, it may be worth considering a fire drill exercise this year.

Operational Resilience:

With a deadline of March 2025 for firms to demonstrate resilience within impact tolerances for all Important Business Services (IBS), a clear plan to identify and remediate vulnerabilities is essential. Boards and senior management must actively oversee the operational resilience programme, particularly in the context of large-scale IT transformations and outsourcing arrangements.

Firms must ensure they minimise operational disruptions by identifying the resources needed to deliver each IBS and run scenario tests. The scenario testing aspect of the PRA’s expectations on operational resilience relies on a similar approach to recovery planning and firms may consider running these tests side by side under a cyber / financial scenario.

Model Risk Management (MRM) and Data Risk:

The finalisation of MRM principles for banks in 2023 calls for an initial self-assessment by May 17, 2024. By now, many firms will have prepared remediation plans to address any gaps and firms can expect engagement with the PRA on existing and planned internal model applications.

The PRA warns of continued use of supervisory tools including, skill persons reviews, where they find regulatory reporting to be inaccurate and a hindrance to supervision. They encourage firms to ensure governance and controls for regulatory reporting are robust and supported by investment in the integrity of data and the ability to process them. Firm should consider regular and comprehensive reviews of the governance and processes around regulatory returns and deep dives into the returns themselves.

Financial Risks from Climate Change:

Managing financial risks arising from climate change is becoming increasingly important. In 2024 firms will be assessed on their progress in developing their climate-related financial risk management capabilities, integrating them into decision-making, and conducting relevant stress scenarios. The challenge for many firms will be hitting the target of proportionality. However, firms can look forward to an update to ‘SS 3/19 – Enhancing banks’ and insurers’ approaches to managing the financial risks from climate change’ which will provide further guidance.

Recovery and Resolution:

The Resolvability Assessment Framework (RAF) will be a focal point for the largest firms this year, and efforts will continue to enhance the quality of recovery planning, for small and medium-sized firms.

Boards should take advantage of fire drill exercises which, if approached openly, can be an excellent tool to identify weaknesses in a firm’s resilience and to drive change.

Conclusion

In conjunction with individualised PSM letters, this thematic priorities letter serves as a roadmap for navigating the challenges of 2024. The PRA emphasises the need for continuous adaptation and improvement in governance, risk management, and controls while supporting businesses and households. As the financial sector evolves, collaboration between regulators and firms becomes paramount in achieving a resilient and well-managed financial landscape. The shared goal is clear: to build a future that is not only robust but also adaptable to the changing tides of the financial world. If you have any questions or seek further clarification, feel free to reach out.