Swaptions expiries complicate portfolio optimisation runs

By Nazneen Sherif | News | 20 October 2017

triBalance and Quantile users call for better post-trade co-ordination between dealers

Confusion over swaptions expiries caused problems for dealers trying to optimise their non-cleared derivatives portfolios last week. Dealers say it highlights the need for better co-ordination when managing the process, especially as more firms turn to portfolio optimisation to reduce their margin costs.

Optimisation services provided by TriOptima’s triBalance and Quantile Technologies have been using swaptions as part of the toolkit to reduce risk on existing portfolios. Those swaptions were expiring for the first time on October 11 and 13, respectively. But participating dealers failed to decide beforehand whether they would exercise the swaptions when they expired, leading to a flurry of calls between banks to work out each other’s intentions. 

“People forgot about the fact that there is an exercise and [that] if you are very close to the strike, you either need everybody in the chain to exercise or nobody in the chain to exercise,” says one credit valuation adjustment (CVA) trader at a European bank. 

The number of trades involved in the initial run was small and the issue was resolved quickly, but as more banks join in, a lack of co-ordination could create large new exposures if swaptions are exercised. These would need to be re-hedged by the banks – possibly under unfavourable terms as the market may have moved in the meantime. Some say the total exposure of these positions could run to billions of dollars in the future.

“Fortunately there are only [a few] banks involved in this particular run or cycle, but we expect more banks to participate over time. So I think this needs to be resolved before we ramp it up too much,” says the CVA trader. 

Since September 2016, an increasing number of large dealers have been required to post initial margin on new non-cleared trades with other in-scope counterparties. The initial margin has to be funded, which creates material costs as more and more counterparties come into scope. This has resulted in the growth of optimisation service providers to help banks reduce their counterparty exposure and initial margin requirements. Estimates show that 50–70% of initial margin funding costs could be reduced using these services. 

Quantile Technologies and TriOptima’s triBalance are competing services that run optimisation algorithms over dealers’ bilateral portfolios to suggest new risk-offsetting trades or unwinds of old positions. Quantile currently covers the trades that have been run through AcadiaSoft – a utility that generates margin calls for non-cleared swap counterparties, which started operation when the initial margin rules came into force last year. TriOptima’s triBalance also covers dealers’ legacy positions.

Swaptions are typically used in optimisation solutions to reduce interest rate market risk and counterparty exposures on bilateral books. Banks that ran TriOptima’s compression service had theirs expire on Wednesday, October 11, but none had agreed beforehand whether to exercise the at- or near-the-money swaptions. For banks using Quantile, this occurred on Friday, October 13, according to one dealer. 

Desk disorganisation

For one US dealer, the source of the disruption was another bank that had booked the optimisation trades in the CVA desk rather than the options desk. 

“There was some confusion the day before on the swaptions exercise. Some of those optimisation swaptions trades were not held in the options desk at one of the other banks… so when the options guys were called to be notified that the trades had to be exercised, they didn’t know about it, and it turned out that those trades were held by the CVA desk,” says a spokesperson for the US bank.

The bank had put on only a dozen trades. As margin optimisation becomes more prevalent, however, greater co-ordination will be essential, dealers say. 

“This incident was resolved fairly quickly and in the end it was not a big deal. It was just the options guys not knowing where the trades had been booked. As this exercise will become bigger with the likes of TriOptima, Quantile Technologies and Capitalab, it just shows banks have to be super diligent and rigorous in terms of processes [around] where the trades are booked. It’s basically not a ‘set and forget’ process,” adds the spokesperson. 

Some say one solution might be to ensure that the swaptions used for optimisation are monitored in the same way as regular products traded by the desk. 

As this exercise will become bigger… it just shows banks have to be super diligent and rigorous in terms of processes [around] where the trades are booked

Spokesperson for a US bank

“If you end up putting trades into a specific part of the bank that [does not have the same] setup as the standard business that does this day-in day-out, you can actually argue there might be some potential issues operationally. If you route it through the business-as-usual pipes instead, I think it’s definitely less of a concern,” says one optimisation expert at a second US bank. 

A cap on the number of trades entered into the system might make sense until everyone is comfortable with the process, but as the number of trades increases, automation might be more suitable, the optimisation expert adds: “If it becomes materially larger, we can argue that we need to get an extra layer of automation in [the] process to avoid any significant disruption. If things [grow] to a magnitude where it goes beyond business-as-usual – where people get 50 or 60 or 100 trades a day to exercise – then I believe, as an industry, we would favour something more co-ordinated by a third party that can take away some of the operational burden.”

One solution being discussed by both TriOptima and Capitalab involves running portfolio compression shortly before the expiry of the swaptions. 

In bilateral compression, banks analyse their respective books, tear up unnecessary trades and replace them with a smaller number of transactions that achieve the same result. Running compression immediately prior to expiry would mean the swaptions trades are terminated before they need to be exercised.

“For any swaptions that were generated to reduce counterparty exposure as part of a triBalance cycle, we are discussing with banks about compressing those trades shortly before the exercise date. This will become a standard feature of the triBalance service where swaptions are involved,” says Peter Weibel, chief executive of the triReduce service at TriOptima, which is owned by Nex Group.

Hard-to-manage cyber risk a top threat for energy firms

By Stella Farrington | News | 13 October 2017

Cyber crime cited among top three external risks; scarce data makes modelling difficult

Cyber risk has shot up the list of concerns for energy firms in the past year, but chief risk officers and trading heads say it remains difficult to manage.

In a Risk.net survey of energy firms and energy traders conducted during July and August, 10% of respondents said they considered cyber risk to be one of the top three external risks their organisation would face in the next 12 months. It ranked behind only regulation and physical supply-and-demand risks. While there is no comparable earlier survey, cyber risk came near the bottom in another Risk.net poll in December 2016: only 2.2% of respondents from the commodities sector mentioned cyber security and that was in response to a narrower question about their biggest challenge in the last 12 months from an IT/systems perspective.

“At CRO forums now, cyber risk is one of the most frequently talked about topics, along with the related issues of digitisation and how to make the most of analytics,” says Novera Khan, CRO of utility Uniper.

Energy firms are increasingly turning to data analytics as one way to boost profits, which are under pressure for many from low oil prices and renewable energy. They are gathering considerably more data and analysing it more thoroughly than in the past. But the larger volumes of data increase the companies’ vulnerability to a cyber attack, CROs say.

Energy firms are also a prime target for cyber criminals as many of them operate so-called industrial control systems. These are technologies used to run infrastructure such as electricity grids, oil pipelines and rail networks. According to the most recent Industrial Cybersecurity Threat briefing by US consultancy Booz Allen Hamilton, there were 46 attacks on industrial control systems in the energy industry between early 2015 and early 2016, making it the second hardest-hit sector after critical manufacturing.

Energy firms’ exposure to cyber risk has grown as energy traders have embraced automated trading. An infected algorithm – one that has been maliciously reprogrammed to buy or sell large volumes at prices above or below market value – could quickly impact an entire market, endangering not just the firm that has been hacked, but every company operating in that market. And because global markets are so interlinked, an attack in one market could quickly spill into others, says Ilia Bouchouev, global head of derivatives at Koch Supply & Trading.

The biggest risk to the market is some sort of systemic cyber risk – for example, an algorithm going out of control and safeguards failing

Ilia Bouchouev, Koch Supply & Trading

“The biggest risk to the market is some sort of systemic cyber risk – for example, an algorithm going out of control and safeguards failing,” he says. “Because energy markets – and indeed [all] asset classes – are so closely linked now, a cyber attack on one particular market could result in overspill into other markets. There are safeguards in place at venues like clearing houses and exchanges, but we don’t know how well they will perform as, to our knowledge, there hasn’t been a [real-life] attack to test them yet.”

At the same time, there is a lack of data that can be used to model cyber risk, Bouchouev says.

“Cyber risk is very difficult to model,” he says. “The only way to do it is by scenario analysis, but that’s hard because there’s very little historical data and what is available is often not relevant.”

For example, the first, and to date only, known cyber attack to cause a power outage happened in Ukraine in December 2015. But using data related to that attack and applying it to a similar firm in a different jurisdiction would be an over-simplification. As a result, energy CROs are struggling to quantify their cyber risks.

“Simply running historical back-test simulations or a historical correlation matrix is not enough. You need something else, but it hasn’t really emerged yet,” Bouchouev says.

Meanwhile, when trying to estimate systemic cyber risk and the threat of contagion, a risk manager needs to make assumptions not just about how many cyber attacks might occur during a given period, but how many might strike simultaneously. That’s far from straightforward, Bouchouev says.

“Assuming all bad events are going to happen at the same time is probably too penalising, but assuming they will all happen at different times is probably a soft assumption,” he says. “So how do you set the right level? You just don’t know.”

US Treasury hands CCP resolution powers to FDIC

By Joanna Wright | News | 12 October 2017

Mnuchin regulatory review explicitly refers to FDIC as receiver under a Title II resolution

The second phase of the US Treasury Secretary’s review of financial regulation has endorsed the idea of special resolution powers rather than bankruptcy as the way to handle a distressed derivatives clearing house. And it provides official support for the Federal Deposit Insurance Corporation to act as a receiver in such circumstances.

“The report states without qualification that the FDIC would be in charge of the failure resolution of financial market infrastructure, such as a systemically important clearing house, under Title II of Dodd-Frank. That point had never been made publicly before, to my knowledge,” says Darrell Duffie, professor of finance at the Stanford Graduate School of Business

The report states on page 166 that “If a systemically important financial market utility (Sifmu) is resolved under Title II of Dodd-Frank, the FDIC would be the resolution authority”.

“I believe this recommendation is very helpful. This is intended to be a high-level report, however, so many details remain to be filled in,” adds Duffie.

Title II of Dodd-Frank – the orderly liquidation authority – has faced criticism from some Republican lawmakers, who claim it entrenches too-big-to-fail institutions. Instead, they want an enhanced bankruptcy code to allow all financial institutions to go through normal insolvency proceedings.

The Treasury report, however, conveys the alarm of regulators, academics and market participants that Dodd-Frank’s central clearing mandate has concentrated risk in the systemically important central clearing counterparties (CCPs). Without a statutory framework for the recovery and resolution of CCPs, it is uncertain what would happen to one of these entities should it fail, especially since such a failure could be accompanied by the default of one or more of its largest members and a context of financial turmoil.

The Treasury report, the second in a series of four, was released in fulfilment of an executive order to review financial regulation in accordance with certain core principles. Despite rhetoric from US President Donald Trump that he intended to “do a number” on Dodd-Frank, the reports have not recommended a wholesale roll-back of post-crisis legislation. Indeed, in the case of Sifmus such as CCPs, says Julian Hammar, a lawyer in the derivatives practice at Morrison & Foerster, the report calls for heightened regulation and supervisory scrutiny.

“This is because of the concentration of risk there as a result of the Dodd-Frank clearing mandate. It has seemed to me as if the industry generally, with no-one actually saying it, was questioning – with this concentration of risk at CCPs, and the diminishing number of futures commission merchants that clear swaps – whether the Dodd-Frank clearing mandate should still be there as a useful thing. But the report does not go in that direction at all,” says Hammar.

The primary focus of recovery and resolution efforts must be the recovery of the CCP, such that the CCP can continue to provide critical services to financial markets

Treasury report

Instead, he adds, “it accepts the concentration of risk at CCPs as a given and says regulators should heighten their scrutiny of CCPs”.

The report makes general recommendations that this heightened scrutiny could be achieved through measures such as an enhanced review of CCPs’ margin models and risk management practices, and more supervisory stress testing. It recommends the Commodity Futures Trading Commission’s (CFTC’s) stress testing of the CCPs under its purview be expanded to test for scenarios beyond the default of one member, to include non-default losses such as cyber risk and losses on reinvested collateral.

“This seems prudent,” says Hammar. “The CFTC’s stress test in 2016, which was its first, focused on credit risk from the default of a clearing member and did not test for non-default risk.”

However, some observers view the report as unambitious in tackling the systemic risks posed by CCPs. Robert Zwirb, a consulting attorney at Cadwalader and former counsel to a CFTC commissioner, says the report “shows little imagination”.

“It calls for increased risk management, increased supervision. Well, the CFTC under the previous administration already was doing that. They adopted enhanced risk management and capital requirements and margin requirements for systemically important derivatives clearing houses.”

Zwirb also questions whether the report can realistically tackle the question of moral hazard – the challenge it sets for itself.

“My reaction is: good luck. If CME or Ice Clearing were to get into trouble, governments would bail them out. They are just too important. In fact, the report refers to them as ‘financial market utilities’, a term that signifies they are much more important than a typical private company, and they are not going to let utilities go down the drain,” he says.

The review seems to acknowledge this tacitly on page 167, with a conclusion that: “The primary focus of recovery and resolution efforts must be the recovery of the CCP, such that the CCP can continue to provide critical services to financial markets, and the matched book of the failing CCP can be preserved.”

Fed access

The report recommends the Fed should review what risks may be posed to financial stability by the lack of access to its accounts for certain utilities that have significant clearing businesses. Dodd-Frank granted financial market utilities designated as systemically important the right to deposit client margin with the Fed, and the report recognises this “is an important risk mitigation tool”.

“This is a good thing. Before that was authorised by Dodd-Frank, CCPs had to use commercial banks and other actors to hold customer funds, and of course those types of entity are more likely to be subject to bankruptcy or default than a reserve bank is,” says Hammar.

Managers of clearing businesses not designated systemically important have argued these utilities should also have this access, even for the limited purpose of transforming US treasuries into cash for liquidity in times of stress.

“The report doesn’t make a recommendation one way or the other on whether deposit access for [all] FMUs should be provided or not, just that the Fed should consider this and whether that would be an appropriate way to address risk if that were the case,” says Hammar.

Private firms cannot anticipate provisioning of emergency liquidity from the Federal Reserve in their risk management planning

Treasury report

The Fed also provides liquidity to Sifmus in “unusual and exigent circumstances”. The Treasury report sounds a cautious note on this practice, without explicitly suggesting it should be rescinded.

The review says: “As set forth in the executive order, our financial regulatory system must avoid creating moral hazard. Private firms cannot anticipate provisioning of emergency liquidity from the Federal Reserve in their risk management planning. Accordingly, while Sifmus may be authorised to access the discount window in unusual or exigent circumstances under Dodd-Frank, a Sifmu must exhaust credible private sources of borrowing first.”

Republican lawmakers – notably House Financial Services Committee chair Jeb Hensarling – perceive Sifmu access to the Fed’s discount window in extremis, and even access to Fed accounts in the normal course of business, as increasing moral hazard. But many regulatory experts say it is a vital tool to stabilise the system in times of stress. This approach would also fit with the Treasury’s preference for CCP recovery rather than resolution.

“Liquidity from the Fed for Sifmus is valuable and important,” says Duffie. “Some are sceptical because they view it as a bailout, causing moral hazard, and the issue has become politicised. For me, it’s the natural application of a central bank, in improving market efficiency and lowering systemic risk.”

Monthly op risk losses: Equifax breach sparks regulatory review

By Risk staff | Opinion | 11 October 2017

Breakdown of top five loss events, plus spotlight on Sweden’s largest ever phishing attack. Data by ORX News

Combined losses of 49.3 billion rupees ($757 million) from a commercial loan fraud hitting eight Indian banks – State Bank of India, Punjab National Bank, UCO Bank, Bank of India, Bank of Baroda, Central Bank of India, Corporation Bank and Indian Overseas Bank – mark the largest op risk loss event in September.

Indian police announced the losses – part of a reported 60.7 billion rupee loan fraud involving 17 banks in all – on September 25, according to widespread local media reports. They are seeking the extradition of Indian business magnate Vijay Mallya, founder of now-defunct Kingfisher Airlines, from the UK in connection with the alleged fraud.

Mallya is reported to have obtained commercial loans from the banks and siphoned off the proceeds to shell companies in seven different countries, making some repayments to obtain more funds and avoid detection. Mallya fled to the UK in March 2016, where he was arrested on April 18, 2017 and subsequently released on bail. His extradition hearing is scheduled for December 4.

Commercial loan fraud is a serious problem in India: ORX News recorded 37 cases in India in 2017 alone, totalling more than $2.57 billion.

Pakistani bank Habib Bank incurred the second largest loss in September. It was fined $225 million by the New York Department of Financial Services after the regulator discovered widespread anti-money laundering compliance failures, specifically in its control and governance of customer due diligence. The NYDFS found that Habib had facilitated billions of dollars of transactions for Saudi Arabian Al Rajhi Bank, which has reported links to al Qaeda. Habib has also agreed to close its New York branch and surrender its New York banking licence in addition to the fine.

According to the NYDFS, Habib had failed to undertake the actions called for in a previous consent order from December 2015 for similar failings.

The third loss is a $19.1 million fine imposed by the US Consumer Financial Protection Bureau on National Collegiate Student Loan Trusts. According to the regulator, the trusts illegally filed lawsuits to recover student loan debt with false or missing documentation. On more than 2,000 lawsuits, the trusts had in fact lost the supporting documents. The trusts submitted false affidavits for many of the 94,000 lawsuits they filed between November 2012 and April 2016.

In fourth place, Ocwen Loan Servicing agreed to pay $17.5 million to settle a class action lawsuit claiming it breached the US Telephone Consumer Protection Act by calling more than 1.6 million customers’ mobile phones without their consent using an automated dialling system.

The settlement comes a matter of months after the firm paid an estimated $225 million to settle a contentious legal battle in California to settle claims it sent borrowers inaccurate information on notices of default; collected mortgage insurance premiums from borrowers even after they had fulfilled their obligations; sent inaccurate and late notices to delinquent borrowers; and failed to correct erroneous information it sent to credit reporting agencies. That figure included $198 million in debt forgiveness.

Finally, the European Central Bank’s Single Supervisory Mechanism imposed a fine of €11.2 million ($13.2 million) on failed Italian bank Banca Popolare di Vicenza for breaches of quarterly reporting requirements in the fourth quarter of 2014 and the first quarter of 2015. The bank also failed to meet its annual public disclosure requirements in 2014, as well as breaching the large exposures limit from December 2015 to March 2016.

This is only the second fine the watchdog has imposed since its inception in 2014, after fining Irish bank Permanent TSB €2.5 million in August 2017.

Spotlight: Swedish banks hit in record phishing attack

On September 18, Swedish police reported that three of the country’s banks – Swedbank, Ikano Bank and Resurs Bank – had been defrauded of a total of Skr8.6 million ($1.1 million) in a cyber attack that targeted banks and businesses across Sweden, as well as the Swedish Democrats party, between November 2015 and October 2016.

The hackers allegedly sent phishing emails with malicious attachments to the victims. When opened, malware contained in the attachments gave the hackers backdoor access to companies’ IT systems. They were then reportedly able to change payment orders to send funds to their account, and also make fake loan applications.

The phishing attack is the largest ever recorded in Sweden. Malmo police investigator Stefan Larsson estimates that the total loss could reach Skr250 million – though so far police have only announced official total losses of Skr25.5 million, Skr17 million of which they have recovered. It is unknown who the recovered funds belong to.

The malware used to carry out the attack was reportedly purchased online, mainly from sellers in Asia. Analysts fear this type of attack will become more common, given the tools are easily accessible and the techniques involved can be self-taught.

In focus: Equifax breach highlights risks to consumer data

Credit reporting agency Equifax revealed in September it had been the victim of a six-week-long cyber attack which began on May 13, 2017. The attack may have compromised the names, social security numbers, driving licence numbers, credit card numbers and personal documents of more than 145 million individuals – mainly in the US, but also in the UK and Canada. Additionally, approximately 209,000 credit card numbers and 182,000 dispute documents with personally identifying information were accessed.

The breach was due to a failure to install patches for Apache Struts, an open-source application framework that supports the Equifax online dispute portal web application. The patches were released on March 7, 2017.

The significance of the breach – other than its sheer scale – is the sensitivity of the information at risk. Despite holding similarly critical consumer information as banks – indeed, much of it is garnered from banks – credit reporting agencies such as Equifax, TransUnion and Experian face far less stringent oversight from federal and state regulators, despite being subject to some of the data security laws.

Under the Fair Credit Reporting Act, credit rating agencies have been regulated by the Federal Trade Commission since 1970, as well as the Consumer Financial Protection Bureau since 2011. Although banks are also subject to the Act, they are further regulated by a network of federal and state regulators which carry out continual monitoring and auditing and have the authority to impose significant fines – unlike the FTC.

In response to the breach, the CFPB, FTC and NYDFS are working on a new regulatory framework to allow greater scrutiny of credit agencies. This mirrors regulatory responses to the growing threat other financial institutions face from cyber-related data breaches. For example, the NYDFS introduced cyber security requirements in March 2017 that ask firms to implement robust cyber security policies and procedures.

Under the EU’s forthcoming General Data Protection Regulation, due to take effect in May 2018, firms can face huge fines of up to 4% of their global turnover if they suffer a serious data breach.

Since 2008, ORX News has recorded 93 data breach events at banks, insurers and asset managers.

Total records exposed: 535 million
Total cost: $622.8 million (comprising fines, class action settlements and costs of card replacements, where reported)
Average time to discovery: 7 months
Average length of breach: 8 months

All information included in this report and held in ORX News comes from public sources only. It does not include any information from other services run by ORX and we have not confirmed any of the information shown with any member of ORX.

While ORX endeavours to provide accurate, complete and up-to-date information, ORX makes no representation as to the accuracy, reliability or completeness of this information.

Fed’s outgoing CCAR chief defends stress tests

By Steve Marlin | Interview | 5 October 2017

Timothy Clark rebuffs US Treasury recommendations; supports more transparency

As the principal architect of the Federal Reserve’s stress tests, Timothy Clark deserves much of the credit for whipping the US banking sector into shape after the financial crisis. While it hasn’t always been popular with banks, the Fed’s Comprehensive Capital Analysis and Review has got results. For the first time since CCAR began in 2011, the Fed approved the capital plans of all 34 banks it stress tested in 2017 without objections – a testament to the industry’s newfound resilience and financial strength.

CCAR is not without controversy, however. To their many detractors, the stress tests are as unfair as they are arduous. Banks say they are overly burdensome, and accuse the Fed of being too secretive about its quantitative models and frustratingly vague in setting qualitative expectations.

Those concerns are shared by some in the US government. A Treasury Department report on regulatory reform published in June – prompted by the Trump administration’s pledge to review financial regulation – called on the Fed to disclose its CCAR models and to eliminate qualitative fails.

While the Fed exempted 21 smaller banks from the qualitative tests in this year’s CCAR, Clark, who is retiring from his post as deputy director of supervision and regulation at the Federal Reserve Board this month, disagrees with Treasury’s recommendation to do away with them entirely. “We don’t object to a firm on qualitative grounds because it forgot to dot an ‘i’ or cross a ‘t’,” he says. “This is fundamental stuff banks should have been able to do years ago.”

He also does not believe the Fed should reveal the inner workings of its models. Keeping the code secret prevents banks from defaulting to the Fed’s models, which by Clark’s own admission are less than perfect. “We don’t want the entire industry to just use our models,” he says. “We want them to use their own models and to innovate to create better models.”

For one thing, Clark says the Fed already provides a good deal of information on its models. Since 2016, an appendix describing the models used to project stressed capital and pre-tax income has been included in its annual CCAR disclosures.

Still, Clark says the Fed is considering disclosing the losses implied by its models for a set of hypothetical portfolios. This would permit a fairly accurate inference of the expected losses on any given set of assets, while ensuring banks are not able to game the models by scrutinising them for the precise points where they are weakest.

Clark says the idea, initially floated by former Fed governor Daniel Tarullo in an April 2017 speech, has some merit. “Showing the world indicative loss rates on these hypothetical portfolios would provide even more information on how different risk characteristics impact our model,” he says.

Nobody had a clue how far this knife was going to fall, but it was falling really, really fast. I’m not sure I got home in the summer of 2008. It was basically seven days a week for a few months

Clark also dismisses Treasury’s recommendation that the intermediate holding companies of foreign banks operating in the US be exempted from CCAR if their parent companies are stress tested by their national regulator. “In our IHC rule, what’s done in the home country is considered, but that does not negate the requirement that a local IHC do a stress test,” he says.

The IHCs of foreign banks with more than $50 billion of non-retail US assets were subject to CCAR for the first time in 2017. The results were not made public this year, but they will be disclosed from 2018 onwards.

While Clark defends the way CCAR has been conducted under his watch, he does see room for improvement. The Fed could do a better job of articulating what it expects from banks and explaining why firms are failed on qualitative grounds, he says.

“We do a little disclosure about each bank in our disclosure,” he says. “We can do a better job of linking deficiencies and weaknesses to potentially dire outcomes. We can do a better job of explaining why it’s important, but I would not get rid of the qualitative objection.”

CCAR, now in its seventh year, was born in the aftermath of the financial crisis, and Clark was there from its inception. He joined the Federal Reserve Board in Washington, DC as a senior adviser in March 2008, with a brief to develop analytical profiles of banks. Three weeks later, Bear Stearns collapsed and Clark was immediately seconded back to the Federal Reserve Bank of New York, where he had worked as a bank supervisor since 1995.


After Bear Stearns was sold to JP Morgan, Clark returned to Washington and worked on implementing the Housing and Recovery Act, which placed Fannie Mae and Freddie Mac in conservatorship. He spent most of the summer of 2008 consumed with trying to determine the extent of losses in the mortgage and structured credit markets.

“Nobody had a clue how far this knife was going to fall, but it was falling really, really fast,” says Clark. “I’m not sure I got home in the summer of 2008. It was basically seven days a week for a few months.”

At the time, regulatory minimum capital requirements were set at 4%, and while banks conducted internal stress tests of their trading and banking books, neither they nor the Fed knew if this would be enough to weather an extreme market shock. As the crisis unfolded, supervisors determined banks should be required to hold sufficient capital to withstand a severely adverse scenario.  

“During the crisis and well before Dodd-Frank, we were talking about this,” says Clark. “That meant the way to think about capital for these firms was on a post-stress basis, and not capitalising to withstand another hit was insufficient.”

If the total capital ratio requirement is going to be binding on the firm, they need to figure out how to allocate capital and maximise profits against those

As early as 2005, Clark had been developing desktop scenarios to determine the vulnerability of large banks if losses spiked in a crisis. As he worked on these rudimentary stress tests – the antecedents to CCAR – Clark encountered a problem that would recur later: the Fed lacked the data to conduct deep assessments of the financial condition of large banks, forcing him to make crude back-of-the-envelope calculations. He would later discover banks did not have the necessary data, either.

After the worst of the crisis had passed, Clark was part of a team that designed the Supervisory Capital Adequacy Program – the direct precursor to CCAR – which was rolled out in early 2009 as part of the Obama administration’s effort to restore confidence in the US banking system.

The initial reaction to SCAP, which featured two scenarios – baseline and more adverse – was deeply negative. Banks complained the regime’s scenarios were absurdly conservative, arguing it was impossible to foresee any situation where losses could be that high. Ten of the 19 banks that participated in the first SCAP in 2009 failed the test and were required to raise additional equity capital, which did not sit well either.

US banks have come a long way since then. The last firm to flunk the stress test on quantitative grounds was Citi in 2012.

As banks have improved their capital planning, the stress tests have arguably become tougher. In developing its CCAR stress scenarios, the Fed relies on internal analysis and supervisory information to identify potential risks to the financial system. It then calibrates the macroeconomic and financial variables in the scenario to reflect these risks.

Some in banking circles have claimed the Fed’s severely adverse scenarios have become outlandishly bearish, while others complain the stress tests are being used as a policy tool to discourage certain activities and shape bank strategy. Critics have pointed to the sharp drop in commercial property prices in the 2017 severely adverse scenario – which was 5% deeper than in last year’s scenario – as evidence that policy concerns are creeping into the stress tests.

Clark denies this. The Fed makes no attempt to target particular asset classes or business lines in the stress tests, other than to highlight those that may present a salient risk, he says. While acknowledging CCAR has become a binding constraint on capital allocation decisions, Clark says it is no more binding than the Basel risk weightings.

We don’t want to shut down the evolution of frontier best practices by telling them they would all be OK if you just get by

“Whether you had stress testing or not, if you had a really strong Basel programme in place, it’s the same difference. If the total capital ratio requirement is going to be binding on the firm, they need to figure out how to allocate capital and maximise profits against those,” he says.

Bank risk managers have also long suspected the Fed is intentionally vague about its expectations for the qualitative test. Clark acknowledges the criticism, but insists the Fed is acting with good intentions – namely to incentivise banks to make continuous improvements. If the Fed was to clearly define a safe harbour, Clark worries banks might do the bare minimum to meet that standard.

“We don’t want to shut down the evolution of frontier best practices by telling them they would all be OK if you just get by,” he says.

Clark also bats away another common criticism of the qualitative tests: that the focus on governance, risk identification and data quality distracts from holistic risk management and does little to bolster the macro-prudential soundness of the banking system. “When we have all the firms focusing on identifying potential vulnerabilities in such a way they can continue to operate, that is macro-prudentially very sound, because it mitigates the impact weak institutions can have on the rest of the economy,” he says.

Data quality has been a huge concern for the Fed since the early days of stress testing. When SCAP was introduced, supervisors were shocked by banks’ inability to provide even the most basic information – such as whether a loan was issued by the bank or purchased from another bank – needed to perform a thorough assessment of their financial condition.

“We got some unbelievably bizarre answers,” says Clark. “We needed to go back and say, ‘we don’t understand how you could possibly be coming up with these answers’.” He says one of the primary benefits of stress testing is that it has spurred banks to improve data accuracy.

Another by-product is better governance around capital planning and the models banks use to make forecasts. Sources at the 13 large banks with assets of more than $250 billion that were subject to the qualitative component of this year’s CCAR tell Risk.net the Fed’s examiners exhibited a keen interest in how they validate and ensure consistency in their models.

When we have all the firms focusing on identifying potential vulnerabilities in such a way they can continue to operate, that is macro-prudentially very sound

Clark emphasises the Fed adheres to the same supervisory guidance on model risk, called SR 11-7, that it expects banks to follow. A central oversight group consisting of senior Fed officials scrutinises the assumptions and outputs of the models used in the supervisory stress test. Models are reviewed by an independent validation team, which looks at the design and implementations of the Fed’s internal models. The reviewers are not involved in model development and report to a separate oversight group, while the control procedures surrounding model design are reviewed by yet another team of experts.

In the feedback letters banks received after this year’s stress tests, the Fed emphasised it wants to see improvements in the governance processes by which CCAR models and scenarios are reviewed and challenged at the business and board levels. Banks have admitted governance has historically taken a back seat to other aspects of CCAR. However, the quality of governance has improved recently, particularly among boards, which are paying closer attention to the calibration of variables that drive the results of the stress tests.   

As Clark prepares to leave the Fed, he points to one area where there is still more work to be done: reconciling stress testing with resolution planning. A natural linkage exists between the two, in that understanding a bank’s vulnerabilities is a prerequisite to determining whether it may need to enter a resolution programme, and both require scenario-type forecasting.

“Trying to marry those directly can be massively complex,” he says. 

Seniority complex: buy side balks at costs of SMR extension

By Mark Nicholls | Features | 29 September 2017

Expansion of scheme will bring 47,000 firms in scope; compliance and recruitment costs set to rise

Supported by Baker McKenzie

The financial crisis forced a tightening of rules around personal conduct and accountability for all senior bankers.

Drawn up against a background of public opprobrium, the Financial Services (Banking Reform) Act 2013 gave UK regulators tough new powers to hold banks and senior managers to account. The result was the Senior Managers Regime (SMR), which went live in March last year.

Since then, some 900 banks and deposit-taking institutions have been required to assign management responsibilities to around 3,000 named individuals, covering roles including chief executives, executive directors, and chief risk and compliance officers (see box: Them’s the rules). Eighteen months in, the Financial Conduct Authority is finalising plans for a major expansion of the scheme. A July consultation proposes the regime, now dubbed the Senior Managers and Certification Regime (SMCR), be extended to all 47,000 FCA-regulated entities.

Concerns have been raised over the burden the expansion will place on smaller firms. Sources at banks already in scope of the rules report major gripes about the regime’s impact – from recruitment difficulties for key functions, to uncertainty over what breaches should trigger a disciplinary action. Many banks grimly acknowledge it might take the first regulatory sanctions for breaches of the regime to better understand how it will be enforced in practice.

“Anecdotally, what is happening in those bigger banks is that they’ve started having lawyers present at every meeting where decisions are made. Whereas before, managers would meet and form a consensus… now they are much more careful to limit what they’re saying to their own area of responsibility. It means you’re having decision-making by lawyer. Don’t get me wrong, lawyers are wonderful people – but in a bank you want to be able to make decisions quickly and move on,” says Adrian Crawford, a partner at law firm Kingsley Napley in London.

Senior bank lobbyists say this was one of the problems flagged to regulators in the run-up to the regime, but that it largely fell on deaf ears. The PRA declined to comment for this article.

Recruitment issues

Top of the list of concerns for those currently in scope has been issues over recruitment for key roles – not surprising given the burden of personal liability that now falls onto senior individuals in certain roles. For the first time, the rules make a “reckless” decision that causes a bank to fail a criminal offence, carrying a maximum of seven years in prison and an unlimited fine.

“It has become more difficult in banking to recruit for the senior management positions – especially CEO, CRO, head of compliance and money laundering reporting officer. I’d expect it to be similar, if not more so, for smaller firms,” says one senior lobbyist at a UK trade body, himself a former regulator. “There is also some anecdotal evidence of juniorisation of roles – indeed, this was something the PRA noted in its feedback last year – with relatively inexperienced staff being put forward for senior management positions, so the real decision-makers avoid being on the hook. Rightly, the regulators were not impressed with that, as it circumvents the objective of the regime, which is to ensure the senior decision-makers are accountable for their actions and inactions.”

The SMR prompted lots of really interesting discussions within the boardrooms of firms about who, exactly, is responsible for what

Paul Fisher, Cambridge Institute for Sustainability Leadership

Others argue regulators’ watchfulness against this has prevented juniorisation from becoming endemic: “I don’t think the FCA or the PRA have got floppy ears,” says one observer. “I think they would recognise when that’s going on.”

It could have been worse still for senior managers: a controversial clause that would have placed the onus on senior managers to demonstrate they had taken all reasonable steps to prevent a contravention occurring was watered down at the eleventh hour before the rules were implemented, after some fierce lobbying from senior bankers.

Not all firms who find themselves newly in scope will be subject to the same level of stringent demands visited on the banks. Current proposals would see all firms regulated by the two bodies fall under the SMCR regulations, with the largest ‘enhanced firms’ following similar procedures to the banking sector, while less complex firms would operate under a simplified ‘core regime’. A third category of ‘limited scope’ firms – sole traders, limited permission consumer credit firms and energy market participants, among others – would fall under an ‘SMCR-light’ regime.

Cultural change

The challenge regulators set when introducing the SMR was to drive cultural change within the UK’s finance sector, says Paul Fisher, deputy head of the PRA until 2016 and now a senior associate at the Cambridge Institute for Sustainability Leadership.

He argues the SMR has already shown success on that front: “The SMR prompted lots of really interesting discussions within the boardrooms of firms about who, exactly, is responsible for what… I’ve seen no sign [of juniorisation],” he adds. “The SMR should have the opposite effect: clarity [about responsibilities] is a good thing.”

Some bank risk managers agree there is evidence the SMR is already helping to change behaviour for the better. Paul Berry, chief risk officer of Mizuho International in London, says the SMR has already contributed to a notable fall in the number of traders breaching their internally set risk limits.

“We’ve seen the number of breaches go down significantly over the last 18 months to two years,” said Berry, who was speaking at the OpRisk Europe conference in June. He partly attributed this development to traders’ greater awareness of the potential for reprimand under the SMR.

Knowledge that a conduct breach would be reported and could block your career is making people take notice

Sarah Henchoz, Allen & Overy

“People welcome the fact there is more structure and process around what they’re doing,” says Sarah Henchoz, a partner in the employment practice of law firm Allen & Overy in London. “As people are living with the SMR, it’s more of a codification of what they should have already been doing, rather than requiring people to do more.”

Other benefits to date have perhaps been less tangible. Industry trade body UK Finance acknowledges the difficulties involved in assessing cultural change, but believes the extension of the rules, alongside the Certification Regime and the conduct rules, “will improve culture” in the sector, says a spokesperson.

“There are often explicit requirements in people’s contracts to have regard to the conduct rule,” and any breaches are required to be reported to the FCA, she adds. “That knowledge – that a conduct breach would be reported and could block your career – is making people take notice.”

Kingsley Napley’s Crawford adds: “If someone gets into a scrape, it can cast a shadow over their career for a long time. These references look back over a six-year period – or even end it.”

Legal risk

That legal risk under the SMCR cuts both ways, however. The regime also carries an increased risk of employment litigation for firms, lawyers note – something those finding themselves newly in scope should be aware of. Under the old Approved Persons Regime, the FCA had the final say in determining an individual’s fitness and propriety; now, the legal responsibility has shifted on to the firms themselves.

“If firms get a fitness and propriety assessment wrong – that is, they do not certify someone as fit and proper when they are – it’s possible the employee could bring a claim against the employer. They don’t have this option at the moment, because the regulator determines fitness and propriety,” says Christine Young, employment law partner at Herbert Smith Freehills.

One of the challenges, notes Kingsley Napley’s Crawford, is around how firms should treat an employee who leaves in the middle of a disciplinary process. “The guidance… suggests that what the employer comments on is properly verified fact, not supposition,” he says – suggesting that pending or unfinished disciplinary procedures do not necessarily need to be mentioned.

However, the pro forma reference firms are also obliged to provide asks if there is any additional information relevant to establishing whether the individual is a fit and proper person for his or her role, making it difficult to argue the case for leaving pending disciplinary actions out, Crawford adds.

The real test of the new regime, however, is likely to be when the FCA begins to take enforcement actions, believe observers. Ron Gould, chairman of regulatory software company Comply Sci, and a former senior adviser at the Financial Supervisory Authority, says he believes next year will see the FCA test its enforcement powers.

“The regulator has wanted to give people time to bed the SMCR down,” he says. “My guess is there will be enforcement actions in 2018, in conjunction with other regulatory breaches.”

Others believe the FCA may move sooner. “It is under considerable political pressure to make this work,” says Tony Woodcock, partner at law firm Stephenson Harwood. “The FCA is now undoubtedly looking, one year on, at how banks are applying the system.” He adds that what it is likely to particularly want assurance over are the systems and controls in place. “Are the systems strong enough that people of the appropriate calibre are being put forward?”

It’s not about enforcement: that would be a sign of failure

Paul Fisher, Cambridge Institute for Sustainability Leadership

Fisher argues the success or otherwise of the regime shouldn’t be judged in terms of enforcement actions: “It’s not about enforcement: that would be a sign of failure.” But he adds that he expects prosecutions to be forthcoming. “If there aren’t any prosecutions, people will get lax.”

Another major challenge clients are facing, says Henchoz at Allen & Overy, is deciding whether a particular infraction represents a conduct rule breach. “We’re getting queries from clients who don’t want to [report breaches that could] destroy someone’s career, but also don’t want to put themselves in a position of risk because they haven’t taken a sufficiently robust line … In some areas, there are no hard and fast answers.”

She gives the example of sending client information to a personal email account. Some firms take a zero-tolerance approach, she says – meaning instant dismissal – while others would only consider it to be a conduct rule breach if there are compounding factors, such as evidence the individual has passed that data on, or has resigned and is planning to use it at a new employer.

Passing responsibility for certifying the suitability of large numbers of staff on an ongoing basis to employers has added to the administrative and human resources burden they face. These burdens are likely to concern the 47,000 additional firms likely to be subject the SMCR, following the conclusion of a consultation by the FCA and the PRA.

While there hasn’t been “huge opposition” among asset managers to the extension of SMCR, according to one senior buy-side lobbyist, “some firms might have argued the issues [which prompted the rules] were in the banking sector, rather than in asset management”.

New individuals

Assuming the SMCR is extended as per the consultation – and observers do not expect the consultation process, concluding in November, to lead to material changes – it will bring a large number of new individuals into the regime.

As such, the application of the Conduct Rules is a major issue for smaller buy-side firms, the lobbyist notes. “Previously, the FCA hasn’t been able to enforce those against individuals … employees will want to know what it means for them, so the training aspect [will be important].”

By placing the onus on firms for vetting individuals they hire, the regulator is effectively asking employers to be more thorough, says Ben Blackett-Ord, chief executive of financial services regulatory consultancy Bovill.

“Whether that will work in practice is pretty questionable,” he says. “Large firms that are used to continuous regulatory scrutiny will get it right, but those firms that don’t think they’re under the regulatory spotlight may not devote the right resources to that process.”

Given that fund managers typically have fewer resources than banks, Crawford suspects some may comply “by template”, where a consensus is reached on job descriptions and the scope of various roles. “Fund managers will adopt that without trying to tailor them to their own business. They will make the business fit the template rather than the other way around to make it easier for themselves from a regulatory point of view.”

Additional reporting by Alina Haritonova and Tom Osborn

Them’s the rules

The SMCR comprises three main elements:

The Senior Managers Regime itself requires firms to draw up responsibility maps, allocating responsibility for 17 management functions to named individuals. Equally, senior managers – currently around 3,000 individuals across the City – are required to agree to statements delineating their areas of responsibility.

The Certification Regime covers individuals who aren’t senior managers, but whose jobs have an impact on clients, markets or the firm. This makes firms responsible for certifying, on an annual basis, that these individual are suitable to do their job – essentially transferring the responsibility from the regulator under the Approved Person Regime to regulated companies.

Finally, the Conduct Rules apply to almost all those working in financial services, and include basic requirements to act with integrity at all times and treat customers fairly.

To assess the regime, earlier this year the PRA carried out a thematic review of implementation at 22 banks and building societies, looking specifically at their production of management responsibility maps and the associated individual’s statements of responsibility. The review – circulated to senior executives but not been publicly released – concluded that overall the regime has had a positive impact on the industry, although it did acknowledge there were some areas where it could be improved.

Specifically, the review recommended the management responsibility maps could provide a clearer picture of the governance arrangements at regulated firms, to allow an ‘at-a-glance’ understanding of how management responsibilities are allocated, and clearer links between management statements and responsibility maps, according to individuals familiar with the review.

Malaysian central bank called to act against 1MDB officials

By Dan Hardie | News | 28 September 2017

Bank Negara Malaysia says it will continue to work with international agencies over alleged fraud

Malaysia’s opposition party has called for the country’s central bank to take legal action against senior figures, including the prime minister, implicated in the multi-billion dollar 1MDB scandal.

A letter from the head of legal affairs at Bank Negara Malaysia states the central bank will work with international enforcement and regulatory agencies over the affair. The letter, addressed to opposition party leader Wan Azizah Wan Ismail, came in response to opposition lawmakers’ questions about BNM’s handling of 1MDB, which is a government-owned development fund.

The memorandum says the BNM’s proceedings regarding a breach of Malaysia’s financial services act had been concluded when 1MDB paid fines to the central bank. It adds that over the past two years, BNM fined 1MDB and associated entities a total of MYR115.8 million ($27.4 million).

But the memorandum also says BNM has provided, and will continue to provide, full co-operation to any relevant enforcement agencies in investigations conducted under existing legislation and international protocols. It acknowledges the point made in a communication from Wan Azizah that the US government has filed a case against 1MDB.

1MDB has been accused by a series of major financial regulators of misusing several billion US dollars. The chairman of the fund’s board in the period in which the alleged malpractice took place was Malaysia’s prime minister, Najib Razak. He has remained in office since the scandal broke, and strongly denies any wrongdoing.

The US Department of Justice’s lawsuit against 1MDB alleges it carried out major fraud, and claims damages and assets worth more than $1.6 billion. Police investigators working with Singapore’s central bank have arrested several people in connection with the case, and various other countries have closed or fined financial institutions for their dealings with 1MDB.

Wan Azizah told a press conference on September 27 that BNM only used clauses of Malaysia’s financial services act relating to the corporate responsibility of 1MDB. The central bank should now use clauses enabling it to take action against 1MDB’s senior officials at the time of the alleged malpractice, she argued. To date, Malaysian authorities have not brought criminal charges against anyone over the affair.

If BNM had already imposed MYR115.8 million in fines on 1MDB, it means a lot of violations occurred in 1MDB’s affairs

Wan Azizah Wan Ismail, opposition party

Another opposition politician, Liew Chin Tong, told local media lawmakers had requested a formal meeting about 1MDB with the current central bank governor, Muhammad Ibrahim.

“If BNM had already imposed MYR115.8 million in fines on 1MDB, it means a lot of violations occurred in 1MDB’s affairs,” Wan Azizah told local media. She added: “These transactions and actions occurred under orders from someone, as 1MDB is not an entity that acts on its own.”

Wan Azizah also says MYR53.7 million of the fine has been paid by a subsidiary of 1MDB. She wants the central bank to state whether the remainder, MYR62.1 million, has been paid.

Following the leaking of documents to international media outlets alleging malpractice by 1MDB, BNM set up an official inquiry into the fund in 2015. This was staffed by employees of the central bank, along with personnel from Malaysia’s police, anti-corruption authority and attorney-general’s office.

BNM issued a statement in October 2015 saying it had recommended a criminal prosecution of 1MDB under foreign exchange legislation, but this had been rejected by Malaysia’s attorney general. BNM was led by governor Zeti Akhtar Aziz while the investigation into 1MDB was active. She retired as governor in 2016, after 16 years in the post, and was replaced by Ibrahim.

The BNM has only rarely commented on the 1MDB affair since October 2015, and has usually restricted its remarks to references to the fact that it had concluded its inquiry into the fund.

This story originally appeared on Risk.net’s sister website, CentralBanking.com.

Bankers warn first TLAC bail-in could spark market shock

By Callum Tanner | News | 22 September 2017

Regulators urged to clarify treatment of bail-in bonds under both TLAC and NSFR rules

Bank debt markets could suffer a severe correction the first time a bank is bailed in using funding instruments eligible as total loss absorbency capacity (TLAC), two European bank capital structurers have warned.

“In the absence of a major systemic bank resolution in Europe, we really don’t know how these things are going to play out. For me, there is always a residual risk we will see a complete repricing of this paper at some point when we see the full effects of a resolution,” said Phil Pearce, director of capital structuring at NatWest Markets, speaking on a panel at Risk.net’s Liquidity and Funding Risk conference on September 20.

TLAC rules, developed by the Financial Stability Board, will apply to global systemically important banks (G-Sibs) and require them to hold 16% of risk-weighted assets as bail-in capital by 2019, rising to 18% by 2022. In the EU, TLAC will be incorporated into the Bank Recovery and Resolution Directive (BRRD) for systemic banks, and will complement rules that require all banks to hold bail-in buffers to cover a minimum requirement for own funds and eligible liabilities (MREL), set on a bank-by-bank basis.

The difficulty for investors in TLAC-eligible bank debt is the uncertainty over what the final approach to creditor hierarchies will be across Europe. There is debate over the extent to which EU member states should harmonise their approaches, with bail-in waterfalls currently structured very differently.

The French approach has been to create a new senior, non-preferred class of liabilities to meet buffer needs. This method was incorporated into the European Commission’s draft revisions to BRRD in November 2016. But this sits in contrast with Germany, which has passed a law subordinating unsecured debt to other senior liabilities, and Italy, which prioritises deposits over all senior liabilities. Meanwhile, the largest UK banks have holding companies that can issue TLAC with in-built structural subordination.

RBS’s Pearce argued that while the final harmonised rules remain up in the air, the exact treatment of creditors in a resolution is likely to vary by jurisdiction. He said this forced smaller investors in bank debt to become price-takers from larger investors, without the same ability to undertake sophisticated credit analysis. Some investors could therefore get a shock over how bonds are treated if a major resolution takes place.

We are still in a very bull market, with a lot of excess liquidity, so it’s completely untested whether this market will survive if conditions deteriorate

Gilles Renaudiere, BNP Paribas

“The difficulty is we are in transition between knowing the full requirements and actually having that full requirement met. [During this] period, there could be a number of bank resolutions and you don’t know with absolute clarity how those bonds are going to be treated in resolution,” Pearce said.

“We are still in a very bull market, with a lot of excess liquidity, so it’s completely untested whether this market will survive if conditions deteriorate,” added Gilles Renaudiere, director for capital products at BNP Paribas, speaking on the same panel.

However, Renaudiere said he was confident creditor hierarchies would be harmonised over time, particularly between France and Germany, but that it could take another three or four years. By contrast, because Italy does not distinguish between non-deposit senior liabilities, the regime there may need to be changed to bring it into line with the EC proposal.

The bankers’ concerns echo those expressed by former Bank of England regulator Paul Fisher in a recent interview with Risk.net. Fisher compared today’s scenario around TLAC with the callable hybrid capital market. When Deutsche Bank declined to call a hybrid bond at its first call date in December 2008, this triggered a shut-down of the primary market for these instruments.

Call for clarity

The conference panellists also urged regulators to provide banks with clarity on the treatment of callable bonds under both TLAC and draft liquidity rules. Under the EC’s proposed TLAC rules, debt becomes completely ineligible for TLAC when it has less than one year maturity remaining. Including a call option that can be triggered one year from maturity would therefore allow banks to replace debt that cannot count towards the TLAC requirements.

Renaudiere said TLAC-eligible bonds are typically issued with a five-year maturity. Consequently, if one-year back-end call options are not allowed, this will effectively mean on average one-fifth of the senior debt banks have issued will be ineligible for TLAC or MREL at any given time.

“If we have to gross this up by 20% just because of this no one-year call requirement, that creates a significant additional funding requirement for the market to absorb,” he said.

Again, national regulators in the EU have been unable to say with certainty how such instruments will be treated because they cannot pre-empt the final EU rules, he added.

“With MREL in the redrafting stage, it’s difficult for anyone to be in a position of authority to sign off on such things. The Bank of England might be able to do it as it makes these decisions for itself, but on the continent it’s much more difficult for regulators to say ‘yes you can issue a callable and I guarantee you this will be eligible’, so banks are much more cautious issuing these types of instruments,” said Renaudiere.

If you issue a six non-call five [bond] you may find you only have [full] NSFR eligibility for four years. It’s wholly counterintuitive

Phil Pearce, RBS

The problem could be exacerbated by the treatment of back-end call options under the Net Stable Funding Ratio (NSFR) liquidity rules, which assign a long-term available stable funding (ASF) factor to all bank liabilities based on their expected behaviour. Under the draft revised Capital Requirements Regulation (CRR II) published by the EC in November 2016, when the residual maturity of bank bonds falls below one year, the ASF factor is cut from 100% to 50%.

If supervisors decide banks should assume all callable TLAC will be called one year from maturity, they may therefore conclude the effective behavioural life of the bond is one year shorter than its stated maturity. This would mean cutting the ASF from 100% to 50% in the penultimate year of the bond’s life, at which point the contribution of these bonds towards meeting the bank’s NSFR will be halved.

“As a consequence, that pushes your NSFR eligibility back a further year. So if you issue a six non-call five [bond] you may find you only have [full] NSFR eligibility for four years. It’s wholly counterintuitive, but that could be an unintended consequence. I hope that doesn’t turn out to be the case, but that’s something to be wary of,” said Pearce.

This is especially important, he explained, because he expects the new MREL-eligible senior non-preferred instruments to ultimately replace most or all of the existing senior unsecured debt issued by banks for their long-term funding. The treatment of the new liabilities will therefore be crucial for the NSFR.

The Council of the EU agreed its draft of a single creditor hierarchy under BRRD in May 2017, but the European Parliament still has to reach an agreement before inter-institutional negotiations can begin with a view to finalising the TLAC rules. Neither body has yet reached a position on the NSFR component of CRR II.

Monthly op risk losses: Aequitas faces $192m loan settlement

By Risk staff | Opinion | 15 September 2017

Breakdown of top five loss events, plus ECB’s Ireland fine and mortgage losses in Spain. Data by ORX News

Publicly reported operational risk losses in August 2017 totalled $983 million – slightly higher than July, but still relatively low compared with other months of the year, as well as the same period a year ago, according to ORX News, provider of publicly reported loss information.

The largest loss is a $192 million settlement proposed by the US Consumer Financial Protection Bureau in a complaint against private equity firm Aequitas Capital Management. The complaint alleged Aequitas purchased or funded about $230 million worth of private loans to enable for-profit university Corinthian Colleges to make high-cost private loans to Corinthian students, so that it would appear the university was making enough revenue from outside sources to meet a new requirement to qualify for federal loan support.

The CFPB claimed Aequitas and Corinthian plotted to make it seem as if the funding came from outside sources, when in fact Corinthian was paying Aequitas to support the programme. Default rates in the scheme were high, at between 50% and 70%, and the CFPB claimed Aequitas and Corinthian knew most students would default. The settlement requires court approval.

The second largest loss in August concerns mortgage service provider PHH and its subsidiaries. On July 8, the firms agreed to pay $74.4 million in two settlements with the US government to settle allegations it originated and underwrote defective residential mortgage loans insured, guaranteed and purchased by the US government between 2006 and 2013.

Some of the allegations were brought by a former PHH employee, Mary Bozzelli, who sued the firm as a whistleblower on behalf of the US government under the False Claims Act. She will receive more than $9 million from the settlements.

The third largest loss was a class action settlement by Deutsche Bank to settle bond rigging allegations.

On August 17, Deutsche Bank agreed to pay $48.5 million to settle a class action lawsuit by a group of US investors that accused the bank of conspiring to rig the dollar-denominated SSA (supranational, sub-sovereign and agency) bond market. Bank of America agreed to settle on the same day for $17 million. The lawsuit had accused 10 banks of rigging the dollar SSA bond market between 2005 and 2015.

The fourth largest loss was $38.4 million in fines and restitution paid by Verdmont Capital to the US Securities and Exchange Commission for selling unregistered penny stocks to the public in a scheme. This is alleged to have earned Verdmont and three other companies – Clearwater Securities, Legacy Global Markets and Caledonian Global Financial Services – more than $75 million in illegal sales proceeds.

In the fifth largest loss, the SEC fined Banca IMI Securities, a subsidiary of Intesa Sanpaolo, $35.4 million for requesting and acquiring American depositary receipts without owning the corresponding foreign shares between January 2011 and August 2015.


Spotlight: PTSB fined €2.5m in first penalty for SSM

The European Central Bank’s supervisory arm, the Single Supervisory Mechanism, has issued its first fine, ordering Irish bank Permanent TSB to pay €2.5 million ($3 million) for breaching liquidity risk regulations.

According to PTSB, the breaches occurred because the bank misinterpreted guidance on whether the repayment of ECB funding should be included or excluded from outflows when calculating its liquidity coverage ratio.

PTSB received emergency ECB funding when Ireland entered into a bailout agreement in 2010. At the end of 2015, PTSB still received €4.65 billion of funding, but this fell to €230 million at the end of June 2017.

According to the ECB, the breaches occurred on two occasions. The first breach took place between October 27, 2015 and December 31, 2015, after PTSB failed to comply with specific liquidity requirements requested by the ECB in February 2015. For this breach, PTSB was fined €750,000. The second breach occurred between January 4, 2016 and April 26, 2016, when PTSB again failed to comply with specific liquidity requirements, for which it was fined €1.75 million.

Although a relatively low fine, it is significant as it is the first imposed by the Single Supervisory Mechanism. The ECB did not release a detailed breakdown of the breaches, as is normally the case for US and UK regulators.

In focus: Spanish banks provision €3.46 billion for “unfair” mortgage clauses

BBVA headquarters in Madrid: the bank has set aside mortgage loss provisions of €1.2bn

Since December 2016, 10 Spanish retail banks have announced a total of €3.46 billion of provisions to cover restitution to customers who were sold mortgages with floor clauses that were later judged “unfair” by Spanish and European courts.

The provisions stem from a legal process that began in Seville in 2010 in a case brought by the Consumer Association of Banking Services in Spain. The association claimed the clauses were abusive and sought to have them annulled. Following numerous appeals and escalations, the European Court of Justice (ECJ) issued a ruling in December 2016 ordering retroactive repayment.

Floor clauses are a common feature of variable rate mortgages in Spain. They impose a limit on how far interest rates can fall in relation to a benchmark rate, thereby setting a minimum interest rate. This meant that in 2009, when the Euribor benchmark lending rate dropped below 2%, many consumers did not benefit from the record low rates.

The case revolved around whether the banks had adequately informed their customers of the implications of the floor clauses. Spain’s supreme court ruled in May 2013 that these clauses were illegal, but that banks would not have to repay the money earned from them. Borrowers challenged this and in December 2016 the ECJ ruled that banks would have to provide restitution dating back to 2009.

The issue is not limited to Spain, with a number of banks in Ireland also the subject of an investigation into the treatment of tracker mortgage customers. The Irish central bank is investigating whether customers of 15 banks were unfairly denied preferable tracker rates after the European Central Bank introduced historically low interest rates from 2008, with Ulster Bank, Allied Irish Banks and Permanent TSB so far provisioning €541 million.

All information included in this report and held in ORX News comes from public sources only. It does not include any information from other services run by ORX and we have not confirmed any of the information shown with any member of ORX.

While ORX endeavours to provide accurate, complete and up-to-date information, ORX makes no representation as to the accuracy, reliability or completeness of this information.

CCAR feedback prompts banks to improve governance

By Steve Marlin | News | 14 September 2017

Dual reviews of stress testing models and scenarios becoming the norm

US banks are tightening up the governance and controls around stress testing functions in response to recent feedback from the Federal Reserve.

While no banks failed this year’s Comprehensive Capital Analysis and Review on quantitative or qualitative grounds, the Fed has emphasised that it wants to see improvements on governance. “The Fed has given all the US banks and FBOs [foreign banking organisations] their feedback letters, and governance seems to be a common theme,” said Michelle Hubertus, head of risk transformation in the Americas at Deutsche Bank.

Regulators are paying particularly close attention to the process by which CCAR models and scenarios are reviewed and challenged at the business and board level.

Most banks have a dual process that combines a so-called embedded level of review and challenge with high-level oversight. The embedded layer allows the business lines to have input into the model and scenario development process. For instance, front-office staff and risk managers from the business work with the CCAR team to compile a risk inventory, which informs the scenario designs. The scenarios are then formally reviewed by various risk committees and – finally – the board of directors.  

Manan Rawal, head of scenarios and modelling for CCAR at HSBC, said the two levels of review are distinct and complementary. The embedded reviews tend to be more focused, while the board evaluates the overall CCAR process, including its impact on capital planning.  

“[The board review] tends to be a more formal part of the exercise than the embedded layer, but it’s equally important in the sense that everyone in senior management needs to get comfortable with the overall approach taken, the results that are coming out of the exercise, and the ultimate impact on capital planning,” said Rawal.

At State Street, a high-level CCAR steering committee reviews and challenges the assumptions of the various working groups that comprise the overall CCAR effort. “It’s a multi-layered approach,” said Julia Litvinova, the bank’s head of model validation and analytics. “The first layer is the team’s review and discussion with business experts, and the second layer is a more formal review by the CCAR steering committee.”

Hubertus, Rawal and Litvinova were speaking at a Risk.net webinar on September 13.  

This year, only 13 ‘large and complex’ banks with assets above $250 billion were subject to the qualitative reviews, which includes governance. The remaining 21 firms were exempt from the qualitative tests and will undergo a separate review of their capital planning processes later this year.

The Fed focused on model governance in this year’s qualitative reviews, including the level of compliance with supervisory guidance on model risk management known as SR 11-7.

Rawal admitted that governance has taken a back seat to other aspects of CCAR in recent years. “The governance aspects of models tends to be trailing behind relative to model validation and development,” he said. “This is an area that both regulators and internal stakeholders are spending a lot of time thinking through in terms of having the right policies in place, and what is expected of a model owner and sponsor.”

However, he said the quality of governance has improved, particularly at the board level. “Boards have matured over the years, especially for institutions that have gone through CCAR exercises over multiple cycles,” said Rawal. “Boards have significant amount of input now into that entire review and challenge process for scenarios.”

For example, boards are much more interested in the calibration of key variables that drive the results of stress tests. They also provide important perspectives on the assumptions around legal and operational risks. “There is a heavy engagement at the board level, and that formal process has become a much more significant aspect in recent years,” said Rawal.

However, some aspects of the governance process are still a work in progress. “Ongoing monitoring is an important aspect in ensuring the model continues to perform as intended,” said Litvinova. “One question we are struggling with is if the model is used once or twice per year for CCAR, what is the appropriate frequency of ongoing monitoring?”