UK: Promoting Stability - Insights Into New Recommendations For Banks’ Risk Disclosures

Last Updated: 28 November 2012
Article by Deloitte Financial Services Group

Most Read Contributor in UK, August 2017


The recommendations of the Financial Stability Board's Enhanced Disclosure Taskforce (EDTF) represent a significant development in the way in which banks report risk to their stakeholders.

Problems identified in the EDTF report include:

  • persistently high credit spreads;
  • the fact that many banks are trading at market values below their book values; and
  • the significant liquidity support being provided by the public sector to certain banks.

To help tackle these, the EDTF has developed recommendations to improve the clarity, timeliness and usefulness of information that banks provide to investors. Specifically, it recommends banks reduce opacity in their reporting by better explaining their business model; providing more detailed information on the composition of capital and how risk-weighted assets are calculated; and setting out more explicitly the manner in which market and credit risks affect them.

The intention is that improvements to the quality of banks' risk disclosures will prevent a repeat of the loss of confidence that occurred during the financial crisis because banks' reports did not always provide the information investors sought. Banks will need to consider how they will respond to users' demands for clearer risk information, including assessing whether the governance and controls over the production of such information are fit for purpose.

Established in May 2012 by the Financial Stability Board (FSB) in response to the concerns set out above, the EDTF was tasked with identifying leading risk disclosures and developing recommendations to improve the quality of risk reporting by the worlds' largest and systemically most important banks. Since then, EDTF members have met in London, New York, Singapore and Frankfurt to establish what additional information users most want to see and what barriers to providing the desired disclosure exist.

The EDTF's report 'Enhancing the Risk Disclosures of Banks' was published in October 2012 and is expected to drive improvements in the quality and comparability of banks' risk disclosure from as early as December 2012 reporting periods. Adoption of the recommendations is voluntary rather than mandatory, but it is possible that regulators might seek to impose new requirements if banks do not work actively to develop their disclosures along the lines proposed by the EDTF.

Taskforce membership

The EDTF was co-chaired by individuals with a broad knowledge of banks' risk reporting: Hugo Bänziger (formerly Deutsche Bank), Russell Picot (HSBC) and Christian Stracke (PIMCO). It included members from the investor and analyst community; major retail and investment banks from the Asia-Pacific region, US and Europe; and audit firm representatives from London, Hong Kong and New York. A distinctive feature of the group was its collaborative approach including users and preparers of financial reports. This has resulted in recommendations for risk information which meet market demands and are practical for banks to deliver.

What is the Financial Stability Board?

The Financial Stability Board (FSB) was established by the G20 in 2009 to coordinate at the international level the work of national financial authorities and international standard-setting bodies and to promote the implementation of effective regulatory, supervisory and other financial sector policies. It is chaired by Mark Carney, Governor of the Bank of Canada. Its members include banks, regulators and standard-setters from across the world. Its secretariat is located in Basel, Switzerland, and hosted by the Bank for International Settlements.

Structure of the EDTF report

The EDTF's report includes fundamental principles for enhanced disclosure. It identifies seven key areas of risk, each of which had a separate workstream and for which separate disclosure recommendations have been developed. The recommendations capture existing good practices from banks across the world and the report reproduces some of these leading disclosures to illustrate what can be achieved. As well as including current risk disclosures that users rate highly, the report includes proforma tables illustrating some of the EDTF's proposals. Although the report is aimed at the world's largest banks, much of the content will also be relevant to smaller banks and to financial institutions other than banks.

Principles for risk disclosure

The EDTF's seven fundamental principles are that risk disclosures should:

  1. be clear, balanced and understandable;
  2. be comprehensive and include all of the bank's key risks;
  3. present relevant information;
  4. reflect how the bank manages its risks;
  5. be consistent over time;
  6. be comparable among banks; and
  7. be provided on a timely basis.

These high-level principles were developed to provide a strong foundation from which to achieve transparent, high-quality risk disclosures that enable users to understand in an integrated manner a bank's business and risks. They provide a basis for disclosure recommendations to be developed in the seven key risk areas identified by the EDTF:

  1. risk governance and risk management strategies/ the business model;
  2. capital adequacy and risk-weighted assets;
  3. liquidity;
  4. funding;
  5. market risk;
  6. credit risk; and
  7. other risks (including fraud, technological and operational risks).

The group developed 32 recommendations shown on page 3-4, supported by illustrative tables and explanatory commentary. Together these covered a wide range of aspects of risk disclosure, including content, location and timing.

Starting with governance and risk management, there was a consensus that banks' management generally could provide better explanations of what they saw as the top and emerging risks affecting them, how they thought these might change, and how they planned to manage them. The objectives for managing the individual risk areas ought to align with the overall approach to governance. For large and diverse banks, ensuring risk disclosures for each of the separate risk areas identified tie in consistently with their overall business model and governance will take time.

The EDTF recommends that significant risk information be published together with the annual report; at the moment the release of information can be piecemeal. For example, Basel II Pillar III risk information may only become available months after the annual report, giving users a fragmented picture of a bank's risk management.

The EDTF's recommendations


  1. Present all related risk information together in any particular report. Where this is not practicable, provide an index or an aid to navigation to help users locate risk disclosures within the bank's reports.
  2. Define the bank's risk terminology and risk measures and present key parameter values used.
  3. Describe and discuss top and emerging risks, incorporating relevant information in the bank's external reports on a timely basis. This should include quantitative disclosures, if possible, and a discussion of any changes in those risk exposures during the reporting period.
  4. Once the applicable rules are finalised, outline plans to meet each new key regulatory ratio, e.g. the net stable funding ratio, liquidity coverage ratio and leverage ratio and, once the applicable rules are in force, provide such key ratios.

Risk governance and risk management strategies/business model

  1. Summarise prominently the bank's risk management organisation, processes and key functions.
  2. Provide a description of the bank's risk culture, and how procedures and strategies are applied to support the culture.
  3. Describe the key risks that arise from the bank's business models and activities, the bank's risk appetite in the context of its business models and how the bank manages such risks. This is to enable users to understand how business activities are reflected in the bank's risk measures and how those risk measures relate to line items in the balance sheet and income statement.
  4. Describe the use of stress testing within the bank's risk governance and capital frameworks. Stress testing disclosures should provide a narrative overview of the bank's internal stress testing process and governance.

Capital adequacy and risk-weighted assets

  1. Provide minimum Pillar 1 capital requirements, including capital surcharges for G-SIBs and the application of countercyclical and capital conservation buffers or the minimum internal ratio established by management.
  2. Summarise information contained in the composition of capital templates adopted by the Basel Committee to provide an overview of the main components of capital, including capital instruments and regulatory adjustments. A reconciliation of the accounting balance sheet to the regulatory balance sheet should be disclosed.
  3. Present a flow statement of movements since the prior reporting date in regulatory capital, including changes in common equity tier 1, tier 1 and tier 2 capital.
  4. Qualitatively and quantitatively discuss capital planning within a more general discussion of management's strategic planning, including a description of management's view of the required or targeted level of capital and how this will be established.
  5. Provide granular information to explain how risk-weighted assets (RWAs) relate to business activities and related risks.
  6. Present a table showing the capital requirements for each method used for calculating RWAs for credit risk, including counterparty credit risk, for each Basel asset class as well as for major portfolios within those classes. For market risk and operational risk, present a table showing the capital requirements for each method used for calculating them. Disclosures should be accompanied by additional information about significant models used, e.g. data periods, downturn parameter thresholds and methodology for calculating loss given default (LGD).
  7. Tabulate credit risk in the banking book showing average probability of default (PD) and LGD as well as exposure at default (EAD), total RWAs and RWA density for Basel asset classes and major portfolios within the Basel asset classes at a suitable level of granularity based on internal ratings grades. For non-retail banking book credit portfolios, internal ratings grades and PD bands should be mapped against external credit ratings and the number of PD bands presented should match the number of notch-specific ratings used by credit rating agencies.
  8. Present a flow statement that reconciles movements in RWAs for the period for each RWA risk type.
  9. Provide a narrative putting Basel Pillar 3 back-testing requirements into context, including how the bank has assessed model performance and validated its models against default and loss.


  1. Describe how the bank manages its potential liquidity needs and provide a quantitative analysis of the components of the liquidity reserve held to meet these needs, ideally by providing averages as well as period-end balances. The description should be complemented by an explanation of possible limitations on the use of the liquidity reserve maintained in any material subsidiary or currency.


  1. Summarise encumbered and unencumbered assets in a tabular format by balance sheet categories, including collateral received that can be rehypothecated or otherwise redeployed. This is to facilitate an understanding of available and unrestricted assets to support potential funding and collateral needs.
  2. Tabulate consolidated total assets, liabilities and off-balance sheet commitments by remaining contractual maturity at the balance sheet date. Present separately (i) senior unsecured borrowing (ii) senior secured borrowing (separately for covered bonds and repos) and (iii) subordinated borrowing. Banks should provide a narrative discussion of management's approach to determining the behavioural characteristics of financial assets and liabilities.
  3. Discuss the bank's funding strategy, including key sources and any funding concentrations, to enable effective insight into available funding sources, reliance on wholesale funding, any geographical or currency risks and changes in those sources over time.

Market risk

  1. Provide information that facilitates users' understanding of the linkages between line items in the balance sheet and the income statement with positions included in the traded market risk disclosures (using the bank's primary risk management measures such as Value at Risk (VaR)) and non-traded market risk disclosures such as risk factor sensitivities, economic value and earnings scenarios and/or sensitivities.
  2. Provide further qualitative and quantitative breakdowns of significant trading and non-trading market risk factors that may be relevant to the bank's portfolios beyond interest rates, foreign exchange, commodity and equity measures.
  3. Provide qualitative and quantitative disclosures that describe significant market risk measurement model limitations, assumptions, validation procedures, use of proxies, changes in risk measures and models through time and descriptions of the reasons for back-testing exceptions, and how these results are used to enhance the parameters of the model.
  4. Provide a description of the primary risk management techniques employed by the bank to measure and assess the risk of loss beyond reported risk measures and parameters, such as VaR, earnings or economic value scenario results, through methods such as stress tests, expected shortfall, economic capital, scenario analysis, stressed VaR or other alternative approaches. The disclosure should discuss how market liquidity horizons are considered and applied within such measures.

Credit risk

  1. Provide information that facilitates users' understanding of the bank's credit risk profile, including any significant credit risk concentrations. This should include a quantitative summary of aggregate credit risk exposures that reconciles to the balance sheet, including detailed tables for both retail and corporate portfolios that segments them by relevant factors. The disclosure should also incorporate credit risk likely to arise from off-balance sheet commitments by type.
  2. Describe the policies for identifying impaired or nonperforming loans, including how the bank defines impaired or non-performing, restructured and returned-to-performing (cured) loans as well as explanations of loan forbearance policies.
  3. Provide a reconciliation of the opening and closing balances of non-performing or impaired loans in the period and the allowance for loan losses. Disclosures should include an explanation of the effects of loan acquisitions on ratio trends, and qualitative and quantitative information about restructured loans.
  4. Provide a quantitative and qualitative analysis of the bank's counterparty credit risk that arises from its derivatives transactions. This should quantify notional derivatives exposure, including whether derivatives are over-the-counter (OTC) or traded on recognised exchanges. Where the derivatives are OTC, the disclosure should quantify how much is settled by central counterparties and how much is not, as well as provide a description of collateral agreements.
  5. Provide qualitative information on credit risk mitigation, including collateral held for all sources of credit risk and quantitative information where meaningful. Collateral disclosures should be sufficiently detailed to allow an assessment of the quality of collateral. Disclosures should also discuss the use of mitigants to manage credit risk arising from market risk exposures (i.e. the management of the impact of market risk on derivatives counterparty risk) and single name concentrations.

Other risks

  1. Describe 'other risk' types based on management's classifications and discuss how each one is identified, governed, measured and managed. In addition to risks such as operational risk, reputational risk, fraud risk and legal risk, it may be relevant to include topical risks such as business continuity, regulation compliance, technology, and outsourcing.
  2. Discuss publicly known risk events related to other risks, including operational, regulation compliance, and legal risks, where material or potentially material loss events have occurred. Such disclosures should concentrate on the effect on the business, the lessons learned and the resulting changes to risk processes already implemented or in progress.

Improvements to disclosures of capital adequacy and risk-weighted assets were identified by the EDTF. These included more detailed analysis of the sources of regulatory capital requirements and flow information showing how capital and risk-weighted assets change from one reporting period to another. Indeed, the provision of better 'flow' information setting out change from one period to the next is a recurring theme in the EDTF's work; for example, more information on how impaired and non-performing loans develop from period to period is also sought. To improve disclosure about finding, the EDTF recommends that banks provide analyses of encumbered assets and assets that constitute the liquidity buffer, along with residual contractual maturity analysis of assets and liabilities.

The Taskforce found there is significant scope for market and credit risk disclosures to improve. In particular the volatility associated with the trading book could be the subject of more detailed disclosure. For traded market risk, for example, banks should provide more detailed analysis of risk factors, including credit and debit valuation adjustments. Banks should also provide quantitative and qualitative disclosures that describe the methods for measuring tail risk. These would explain potential losses beyond reported confidence levels that are measured through expected shortfall, stress tests, scenario analysis, Basel 2.5 stressed Value at Risk (VaR) or alternative methods.

Granting credit is what banks do: credit risk is accordingly a significant component of their overall risk profile. Deloitte UK partner Mark Rhys chaired the workstream focussed on credit risk, which found that 'traditional' sources of credit risk, such as residential mortgages were generally disclosed more clearly than newer sources of credit risk, such as those arising from trading activities. Identifying concentration risk in relation to different counterparties, establishing the quality of collateral mitigating credit risk and understanding what drives change in credit risk exposure for a particular bank were areas identified for improvement. The EDTF recommends that the credit risk likely to arise from off-balance sheet activities be clearly disclosed.

The EDTF identified good examples of existing risk disclosures, but found banks' approaches to the same risk often differ significantly, making it hard for users to draw comparisons. The EDTF addresses the problem of comparability by recommending more disclosure around the definitions and models used by each bank, so that users can see where approaches differ. It has also collated leading examples together in the appendix to its report; this should help banks converge around similar approaches, to the extent it is relevant to their business models.

Next steps and implications for banks

The EDTF aims to disseminate its findings widely amongst banks, investors, analysts and regulators; this paper seeks to contribute to this objective. Banks will need to review the full final report and assess what changes they can make to their 2012 reports to raise the standard of risk reporting. Some of the changes may require significant effort to implement well, and will take longer to achieve. For example, improving the quality of information about collateral may take time and could require systems changes.

Boards will need to consider whether the governance and controls they currently have over the collation and production of risk information are suitable for delivering reliable, accurate information to an external audience. The EDTF's recommendations draw out the link between financial information in the annual report and regulatory information prepared under Basel or other regulatory requirements; bringing these different sources together to give a clearer account of risk will require some careful thought, not least as they must also be consistent with the overall framework of governance and the bank's business model.

There is no requirement for the proposed new risk disclosures to be audited. For those contributing to a bank's risk reporting process, this may feel like a new source of compliance requirements. This is, however, an opportunity for banks to communicate better with stakeholders, and to demonstrate to investors the value they add through identifying and managing risk.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.