Solvency II Updates and Corporate Governance in Financials - PRA "Back for Good"?

A few releases of note out of the UK regulator over the last working week or so means I had some catching up to do - sometimes it feels like "All I do each night is PRA"...

They started off with a Director's Letter just before the bank holiday weekend. A general unwillingness to crack whips was present throughout this doc, even at this late stage, with a few references to "inform your supervisor" as opposed to "just do it".

The letter states that the PRA were due to publish some of their findings from their balance sheet review work by the end of the month - not done as yet, hopefully turns out to be money well spent

Regarding Standard Formula appropriateness:

• They stress that firms must identify deviations from Standard Formula from their risk profiles, and include an assessment of the significance of that deviation in their ORSAs (emphasised in their October industry presentation from p6)- is the implication here that firms are not doing this at all at the moment, or just not reporting it in ORSA?
• Highlight that "supplementary information" used to explain such deviations will also be assessed by the PRA. Does this add significance to one's qualitative commentary around Standard Formula/Risk Profile deviations? Can a good explanation be the difference between having to IM/PIM at the earliest opportunity against being given a couple of years of capital add-on breathing room?
• The PRA note that, "...where a firm's conclusion on this question is not appropriate", it will intervene. It is not clear how a firm's conclusions about its deviation between SF and its Risk Profile could be considered "not appropriate", but I imagine that anything which attempts to dodge USPs/PIM/IM ONCE the divergence hits the limits in the Delegated Acts (276-287) would be frowned upon. There is certainly no appetite at the PRA for renewing capital add-ons in perpetuity (slide 13), which given the UK's familiarity with ICA and ICG, might be a desperado's first chance saloon.
• The PRA are planning "specific interventions" on this front (detailed here), but not necessarily in time to correct before 2016.

Regarding Internal Models

• Not happy with "wide variation in quality of IM Change policies. Sounds like firms are doing their best to avoid change criteria that results in frequent submissions for reapproval, which one would expect!



IMAP Submissions
- Everything Changes

• PRA seemingly expecting firms to have not only taken on board their feedback, but also had their IMs revalidated, before submitting their IM application. Given that validation will be chalked down as a 'once-a-year' job at the moment (despite the IRM's efforts), that seems highly unlikely. They give themselves a get-out-of-jail-free card though by stating that firms must be confident that any changes in their IMs both address PRA feedback and meet the tests and standards for model approval.
• They appear to advise against submitting applications if you have a material change in the pipeline.
• Heavily critical of Board involvement in validation. Here they look for evidence of Boards "overseeing and influencing" the validation process, whereas previous PRA presentation slides  did not have such expectations of Boards (slide 8 here), or indeed expected more (slide 9 here)!
• The expression "internal management loadings" appeared in my life for the first time, which sounds to a non-technical person like myself that firms are effectively "dumbing-up" the capital requirement currently delivered by their IM in order to plaster over mathematical or data weaknesses. PRA certainly not impressed by industry suggestions to date.
• Given the number of firms who must have dropped out of looking for Day 1 approval, they still shake the pineapple tree here in order to remind applicants that contingency plans should be ready in the case of application failures. "Many firms still have a considerable amount of work to do" sounds to me like some applicants are being pre-warned of their imminent failure!

The PRA also released a consultation paper entitled Corporate Governance: Board Responsibilities, which has the rather light ambition of identifying "key aspects of good board governance to which the PRA attaches particular importance in the conduct of its supervision".

A few straggler items in it;

• That failures in governance and/or risk management have been a key factor in "many" financial sector failures - as opposed to "all"
• That they consider the FRC's Corporate Governance Code, amongst others, a "comprehensive guide to good corporate governance" - given the firms experiencing the financial sector failures were most probably complying with it, not a great advert!
• "Culture is the collective responsibility of the Board" - a bit of a nowhere comment, but instinctively, I don't see how this can be right. They can be accountable to both supervisors and shareholders/members for cultural failings, but where could such a responsibility materialise into demonstrable actions? 
• "...the Board is responsible for the oversight of, but not for managing the business" - in relation to my comment directly above, can both statement be correct?
• "The Risk Control Framework should flow from the Board's Risk Appetite" - I'll work on the premise that this is missing the word "statement" at the end of the line
• Section 11 on remuneration expects that incentives are aligned with "prudent risk taking" - what if prudence is too conservative for one's risk appetite?

Into some of the expected themes;

• Strategy to be "owned by the Board as a whole"
• They wed Culture and Remuneration "...to encourage and enforce the kind of behaviours the Board wished to see"
• They want a "well articulated and measurable" Risk Appetite Statement which can also be "...readily understood by employees throughout the business". Doesn't seem feasible, given the metrics commonly used in risk appetite statements are not exactly Finance 101 (Solvency/Liquidity/Earnings-related),
• "It is the responsibility of the Board to ensure that the effectiveness of the Risk Control framework is kept actively under review" - has at least an air of COSO about it, don't think it was deliberate
• Big section (6) on responsibilities and accountabilities of exec and non-exec directors.
• Followed in 7.1 with "...non-executives should not simply delegate responsibility for major decisions to individuals among them who are considered specialist in the area" - this has internal models written all over it (p5-6)!

Happy to see this second document, though I don't know what it adds to firms' understanding about what is "good and bad".