The ICAEW paper does not create a requirement for assurance, but is intended to assist both those commissioning and providing assurance over these ratios with scoping and performing an engagement.
In this blog, we outline:
- The key regulatory and other drivers for assurance over bank regulatory ratios;
- The benefits of an enhanced assurance framework;
- How the ICAEW framework will provide guidance to internal and external assurance providers; and
- How Deloitte is currently supporting clients in this area.
What are the drivers for enhanced assurance over bank regulatory ratios?
Regulatory capital ratios are a critical measure of financial strength which are used by a range of internal, industry, market and regulatory stakeholders to underpin confidence in individual banks' financial and capital position, as well as the ongoing resilience of the banking system as a whole.
Despite their importance to all of these users, UK bank capital ratios are not currently subject to audit within COREP and other regulatory reporting, external Pillar 3 disclosures, or the "front section" of annual and interim financial statements. As a result, banks have implemented internal review, governance and control procedures, and increasingly additional independent assurance frameworks to provide comfort to management, the Board and Audit/Risk committees over the completeness and accuracy of reported data.
Examples of regulatory and other drivers that support the need for an enhanced level of assurance over these ratios include:
- Individual accountability for responsible individuals under the Senior Manager Regime, specifically the SMF responsibility for "the production and integrity of the bank's financial information and its regulatory reporting in respect of its regulated activities";
- The PRA's proposed Discussion Paper on a disclosure framework for banks' and insurers' regulatory data, highlighted by Sam Woods in his recent Mansion House speech on 26 October;
- The PRA's continued focus on firms' assurance over the quality, completeness and accuracy of their COREP reporting;
- BCBS proposals to subject Pillar 3 disclosures, at a minimum, "to the same level of internal review and internal control processes as the information provided for financial reporting";
- BCBS 239 requirements for risk data aggregation, including banks' periodic confirmation to data recipients that "the information aggregated and reported is relevant and appropriate, in terms of both amount and quality, to the governance and decision making process"; and
- The importance of regulatory capital triggers within new Alternative Tier 1 "contingent convertible" capital instruments, which rely on a pre-determined capital trigger.
It is clear that the role of assurance will continue to grow, against a backdrop of heightened regulatory focus on the quality of bank regulatory reporting and stress testing data, and increased focus from markets and analysts on the accuracy, transparency of capital ratios.
While enhanced assurance will undoubtedly support confidence in these important measures, help to drive further enhancements in data quality, and highlight areas in which regulatory rule interpretations may not be consistent, assurance frameworks cannot fully address regulators' concerns around the variability in risk weighted assets held against similar asset portfolios, where these result from bank-specific modelling and methodology differences. This remains an ongoing area of focus for BCBS, including in its most recent Consultative Document: Reducing variation in credit risk weighted assets - constraints on the use of internal modelled approaches.
Who will benefit from enhanced assurance?
Internal and external assurance frameworks provide increased confidence in the accuracy of reported regulatory ratios. The guidance issued by the ICAEW will complement, and may also be used as a framework to further enhance, bank's existing assurance and internal control frameworks, which aim to identify potential data errors and omissions, and highlight control improvements, process enhancements and efficiencies which benefit all users.
This is particularly important for bank Boards and Audit Committees, in discharging their governance and oversight roles over regulatory reporting, and also for those individuals allocated specific oversight responsibilities within the Senior Management Function for Financial and Regulatory Reporting.
Enhanced assurance over regulatory ratios may also benefit the PRA and EBA, as core users of regulatory data for supervisory purposes, and the wider set of public and market stakeholders who place reliance on this information.
How will the ICAEW framework support existing assurance methodologies?
The ICAEW framework provides an overarching set of principles which can be used by providers of assurance, including:
- Business/front line management
- Finance, Risk and control functions
- Internal Audit
- Board, Audit Committee and other governance forums
- External assurance providers
Given the range of different users of assurance and the diversity of the regulatory ratios and underlying calculation methods on which assurance could be provided, the ICAEW framework proposes a flexible, modular approach to assurance which:
- Is equally applicable to both internal and external providers of assurance;
- Allows proportionate application to meet firm and user-specific requirements; and
- Proposes a range of different formats of assurance reporting (including Internal Audit) depending upon the type of engagement and report recipients.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.