Search Options
Home Publication Explainers Statistics Payments Career Monetary Policy
Suggestions
Sort by
Níl an t-ábhar seo ar fáil i nGaeilge.

The following sections provide a description of the methodology used as part of the Supervisory Review and Evaulation Process (SREP) for assessing the interest rate risk in the banking book (IRRBB) and credit spread risk in the banking book (CSRBB) of significant institutions. The ECB uses a standardised risk-based methodology to assess the IRRBB and the CSRBB.

1 Introduction

The SREP IRRBB/CSRBB methodology:

  • is consistent with the European Banking Authority (EBA) guidelines on common procedures and methodologies for the SREP as well as the EBA guidelines on the IRRBB and the CSRBB and assesses whether banks comply with the ECB’s supervisory expectations;
  • is applied proportionately to significant institutions (hereinafter institutions), taking into account the nature, scale and complexity of their activities;
  • supports the Joint Supervisory Teams (JSTs) in their risk-based supervisory tasks, at the same time as allowing sufficient flexibility for bank-specific aspects. This means that the frequency, scope and depth of their assessments vary in line with both European banking supervision and the bank-specific priorities;
  • is comprehensive and includes backward and forward-looking perspectives that consider all relevant risk components and their possible mitigants;
  • draws on best practices and is regularly updated to ensure alignment with the relevant EBA guidelines on the SREP and any relevant changes to supervisory regulations.

The factors that the ECB considers relevant when assessing the IRRBB and the CSRBB of an institution include:

  • the size and materiality of interest rate or credit spread-sensitive exposures/activities;
  • risk factors underlying the interest rate and credit spread-sensitive instruments: gap risk, basis and option risk, as well as model risk related to behavioural assumptions;
  • features of positions/exposures: complexity, volatility, currency, economic value of equity and net interest income sensitivities;
  • the risk management practices of the institution: hedging strategies, concentration risk, scenario design and conservatism of assumptions.

The IRRBB and the CSRBB are assessed as part of the assessment of risks to capital under Element 3 of the SREP (Figure 1).

Figure 1

Overview of the SREP methodology

The IRRBB and CSRBB assessment is based on (i) a quantitative assessment that considers the inherent risk (risk level) and (ii) a qualitative assessment that considers the management and control framework (risk control) (Figure 2). In the risk level assessment, the JSTs assess the risks and/or vulnerabilities that could have an impact on the prudential risk aspects of the institution if they were to materialise. During the risk control assessment, the JSTs assess whether credit institutions have adequate processes and systems in place to identify, measure, evaluate, monitor, report and mitigate the risk level of the IRRBB and the CSRBB.

The risk level assessment consists of three phases:

  • Phase 1: JSTs gather data and assess the materiality of the risks;
  • Phase 2: an automated anchoring score is generated based on common key risk indicators;
  • Phase 3: JSTs carry out an in-depth IRRBB and CSRBB assessment, while taking into account supervisory judgement on the specificities of the bank and applying constrained judgement.

The risk control assessment consists of two phases:

  • Phase 1: JSTs gather data;
  • Phase 3:[1] JSTs carry out an in-depth IRRBB and CSRBB assessment, while taking into account supervisory judgement on the bank specificities and applying constrained judgement.

The assessment of the IRRBB and the CSRBB covers both the risk level and risk control components, which are combined to form an overall IRRBB and CSRBB assessment. The supervisory judgement is summarised in an overall IRRBB/CSRBB score of between 1 and 4 (with qualifiers) and a rationale for that score.

Figure 2

Overview of the SREP IRRBB/CSRBB assessment

The SREP methodology is rooted in the EBA guidelines on the SREP and in documents in which the ECB communicates its supervisory expectations as an integral part of the SREP framework.

2 IRRBB/CSRBB risk level methodology

2.1 Phase 1

The primary objective of Phase 1 is to gather the data required to perform the main assessment of the IRRBB and the CSRBB in Phase 3, as well as to conduct a materiality assessment of the IRRBB and the CSRBB in order to gain an overview of potential pockets of vulnerability.

The risk level methodology consists of two main modules, the IRRBB and the CSRBB, and these modules are based on two complementary analyses:

  • analysis from an economic value perspective, which focuses on how changes in interest rates and credit spreads affect the present value of the expected net cash flows;
  • analysis from an earnings perspective, which focuses on the impact that changes in interest rates and credit spreads have on near-term earnings, and which covers the net interest income as well as market value changes.

The IRRBB module is broken down into three submodules, which cover its three main risk drivers: (i) optionality, (ii) interest rate derivatives and (iii) non-maturity deposits (NMDs).

This enables the JSTs to focus on the most pertinent risks (Table 1).

  • Under the optionality submodule, the JSTs assess the risk stemming from the entity or customers’ capacity to alter the exposures’ cash flows as a result of automatic and/or behavioural options. It focuses on an institution’s vulnerability in relation to behavioural modelling of embedded optionality for assets (prepayment of loans) and liabilities (early redemption of term deposits), excluding model risk on NMDs (which is covered under the NMD submodule).
  • Under the interest rate (IR) derivatives submodule, JSTs assess the risk stemming from the use of derivatives and their effectiveness when hedging for the IRRBB.
  • Under the NMD submodule, the JSTs assess the model risk, particularly in relation to banks’ behavioural modelling assumptions for NMDs as a driver of an institution’s IRRBB.

In addition, JSTs may assess any other aspect which is materially important to the IRRBB or the CSRBB risk profile of an institution.

Table 1

Modular structure of the risk level assessment

Modules

Sub-modules

IRRBB

Optionality

Interest rate derivatives

Non-maturity deposits

CSRBB

The IRRBB and CSRBB risk assessment is based on a wide range of information and data, including supervisory reporting and other relevant sources. While the IRRBB and CSRBB modules are always assumed to be material for all institutions, the submodules of the IRRBB module are subject to a materiality assessment as follows.

First, the materiality of the different submodules under the IRRBB module is calculated automatically on the basis of the available data sources, which include:

  • the implementing technical standards on supervisory reporting, such as financial reporting and common reporting;
  • additional information derived from the Short-Term Exercise and the relevant templates on the IRRBB and the CSRBB or on the internal capital adequacy assessment process (ICAAP).

A number of key risk indicators are calculated in order to assess the materiality of the three submodules under the IRRBB module. These risk indicators fall into two different categories, thereby seeking to capture two complementary perspectives: volume-based indicators (i.e. indicators that capture the magnitude of relevant balance sheet items subject to the IRRBB); and risk-based indicators (i.e. indicators that capture the intensity of modelling assumptions or hedging –in the case of derivatives – in relation to the relevant balance sheet items).

These indicators signal the level of relevance and riskiness and are considered when deciding which submodules to initially include in the in-depth assessment in Phase 3.

Second, JSTs take a final decision on the materiality of the submodules, also taking into account additional information such as:

  • internal management data available in banks’ internal reports, such as ICAAP reports and internal audit reports;
  • qualitative information, such as IRRBB/CSRBB budgets and strategies, risk appetite frameworks for the IRRBB and the CSRBB, IRRBB/CSRBB policies and procedures, accounting policies and procedures for the banking book, and details of banks’ assets and liabilities management committees and board risk committees;
  • supervisory information, such as findings from on-site inspections, deep dives, previous risk assessment system reports and other standard reporting templates;
  • non-harmonised reporting forwarded by national competent authorities.

JSTs will classify submodules as either “material” or “immaterial” for the three submodules of the IRRBB. When making their final decision on the materiality assessment, the JSTs always consider the results of the automatic assessment and the specificity and complexity of the institution in question.

2.2 Phase 2

The purpose of Phase 2 is to produce an automatic anchoring score for the institution’s risk level. While the CSRBB risk level assessment is not anchored by an automatic score owing to a lack of harmonised data on the CSRBB, the Phase 2 score of the IRRBB is risk-based and the methodology is applied consistently across all significant institutions. It serves as a starting point for JSTs to consider more detailed bank-specific circumstances and thus apply their expert judgement. The Phase 2 methodology captures different dimensions to ensure that the preliminary assessment of an institution’s IRRBB risk profile is sufficient and comprehensive.

The automatic score for the overall IRRBB risk level is based on the EBA’s supervisory outlier tests (SOT) (in line with the EBA Regulatory Technical Standards on IRRBB supervisory outlier tests), taking into account the IRRBB metrics for the economic value of equity (EVE) and the net interest income (NII).

The scores for the quantitative risk indicators used in Phase 2 are calculated by comparing the institution’s values against predefined thresholds.

The Phase 2 framework is purely quantitative in nature, which ensures that it is based on harmonised and consistent indicators and thresholds. The objective of the Phase 2 score is neither to capture all idiosyncratic aspects related to a bank’s IRRBB risk profile nor to assess its specific features, such as its business model (e.g. a diversified lender, global systemically important bank or universal bank). These aspects are considered during the in-depth assessment performed by JSTs in Phase 3.

2.3 Phase 3

In Phase 3, the JSTs conduct a comprehensive qualitative bank-specific assessment. This results in a final risk level score which reflects the IRRBB and CSRBB risk level specific to an institution. While the Phase 2 IRRBB score is used as an anchoring score, Phase 3 gives JSTs the flexibility to consider institution-specific aspects of the various risk drivers, as well as to incorporate the CSRBB assessment. Phase 3 follows a consistent risk-based framework and can lead to an adjustment of the Phase 2 score.

The JSTs consider information from various sources, including peer comparisons. During the Phase 3 assessment, the JSTs take into account insight gained from on-site inspections, deep dives and horizontal analyses (such as targeted or thematic reviews), where available. Peer comparison is also embedded in this assessment and is supported by internally available tools to assess potential model risk in the bank’s IRRBB metrics.

The adequacy of processes and procedures is essentially a risk control topic and feeds into the risk control assessment. It should be noted that, for this assessment, the quality and reliability of quantitative metrics reported by the institution itself need to be carefully and fairly considered in order to prevent metrics from being biased.

Such bias (which could, for example, stem from a lack of prudence or deficiencies in the area of risk control) could result in an overly positive self-assessment of the institution’s risk position.

For the IRRBB, the Phase 3 assessment allows JSTs to focus on the modules and material submodules identified in Phase 1 and also to consider the three key components of the IRRBB, as described under the general EBA guidelines on the SREP:

  • Gap risk is the risk arising from timing mismatches in the maturity (for fixed rates) and repricing (for floating rates) of assets, liabilities and off-balance sheet short- and long-term positions, or from changes in the slope and the shape of the yield curve.
  • Basis risk is the risk that arises when exposures to one interest rate are hedged using exposures to another rate that reprices under slightly different conditions.
  • Option risk (or optionality) is the risk that arises from options for which the institution or its customer can alter the level and timing of cash flows, including embedded options (e.g. consumers redeeming fixed rate products when market rates change). This optionality can be either automatic (i.e. the holder will almost certainly exercise the option if it is in the holder’s financial interest to do so) or behavioural (i.e. the decision to exercise it depends not only on interest rates but also on customer behaviour, which is often expected to change in line with interest rate changes).

3 IRRBB/CSRBB risk control methodology

The regular analysis of banks’ internal IRRBB and CSRBB risk control functions complements the IRRBB/CSRBB risk level assessment performed under the risk level part of the SREP. It is of the utmost importance that banks manage their risks well to better withstand adverse circumstances and that their risk appetite is subject to close scrutiny and control at all levels of the organisation. Failure to address supervisory measures (as well as internal audit recommendations) signals serious deficiencies in banks’ risk control frameworks, as well as insufficient capacity to improve their control systems to ensure the risk is properly managed.

3.1 Phase 1

The primary objective of Phase 1 is to obtain information about the risk control structures for the IRRBB and the CSRBB. To assess risk control in Phase 3, the JSTs gather information on the control set-up for the IRRBB and the CSRBB for both the governance structure and the risk control framework.

Phase 1, like Phase 3, has three common IRRBB/CSRBB modules for all risks to capital which include topics that are closely related to organisational and strategic aspects of the management of a given risk, as well as two risk-specific modules that capture the specific nature of the IRRBB/CSRBB risk assessment (Figure 4).

Table 2

Modular structure of the IRRBB/CSRBB risk control assessment

Modular structure of IRRBB/CSRBB risk control

Modules

Common modules

Governance and organisational framework

Risk strategy and risk appetite

Framework for internal capital allocation

Risk-specific modules

Risk identification, measurement, monitoring and reporting

Internal controls

3.2 Phase 3

The primary objective of Phase 3 is to assess the soundness and efficiency of the IRRBB/CSRBB risk control framework from different perspectives and in the light of the scale and complexity (business model, organisational structure, etc.) of the institution. The assessment performed in Phase 3 is therefore proportionate to the institution’s level of IRRBB and CSRBB, while still being risk focused. In this way, the JSTs adapt the scope and depth of their assessment to the specific risk characteristics of the institution.

The JSTs include in their assessment the outcomes of any supervisory activities to gauge the degree to which the institution complies with, and effectively implements, the relevant Level 1 regulations[2] in order to ensure that any potential deficiency in this regard is duly reflected in this assessment and in the scores obtained. If severe weaknesses or non-compliance are identified, the JSTs will design/take/impose the appropriate measures to restore compliance.

JSTs integrate into their assessment of risk control the insight gained from on-site supervisory activities, deep dives and horizontal analyses (such as targeted or thematic reviews), as well as the findings of the institution’s internal and external auditors.

Finally, nothing prevents JSTs from broadening the scope of their risk assessment to include relevant aspects that have not been addressed under the given methodology.

Modularity of the Phase 3 assessment

The risk control assessment is not preceded by a materiality check, in contrast to the risk level assessment. All modules are assumed, in principle, to be material. The risk control modules for the IRRBB and the CSRBB are summarised below.

3.2.1 Modules common to all Element 3 blocks (risks to capital)

Governance and organisational framework: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

  • have an appropriate organisational framework for IRRBB and CSRBB risk management, measurement, monitoring and control functions, with sufficient qualitative and quantitative human and technical resources;
  • have a proper governance framework, with clear and adequate involvement of the management body, senior management and relevant committees in the decision-making processes for topics related to the IRRBB and the CSRBB.

Risk strategy and risk appetite: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

  • have sound, clearly formulated and well-documented IRRBB and CSRBB risk strategies, approved by the management body, which are effectively implemented, monitored and controlled;
  • have a sound, clearly formulated and well-documented risk appetite framework, which is approved by the management body, consistent with the IRRBB and CSRBB risk strategies, which are effectively implemented, monitored and controlled.

Framework for internal capital allocation for the IRRBB and the CSRBB: the JSTs assess whether the institutions have an adequate framework for quantifying capital needs related to the IRRBB and the CSRBB, focusing on comprehensiveness, conservativeness and the risk sensitivity of the methodologies used (notably in the ICAAP).

3.2.2 Modules specific to the IRRBB and the CSRBB

Risk identification, measurement, monitoring and reporting: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

  • have an appropriate and well-documented framework (including policies and procedures) for identifying and measuring the IRRBB and the CSRBB;
  • have adequate, well-documented, regularly validated and back-tested internal models to calculate own fund requirements for the IRRBB and the CSRBB (for those institutions which use internal measurement systems);
  • have management information systems that allow the accurate and timely identification, aggregation, monitoring and reporting of IRRBB and CSRBB risk exposures;
  • have adequate and regularly performed stress-testing frameworks to complement the IRRBB and CSRBB risk measurement;
  • have an adequate monitoring and reporting framework for the IRRBB and the CSRBB, ensuring prompt action at the appropriate level of the institution’s senior management or management body, as and when necessary.

Internal controls: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

  • have a clearly defined and adequate framework for limiting and controlling the IRRBB and the CSRBB, which is aligned with their risk strategy and risk appetite;
  • have an internal validation function which adequately and effectively covers the IRRBB and the CSRBB in all its relevant dimensions, which is adequately staffed, in terms of both numbers and skills, and which acts in a timely manner;
  • have an internal audit function which adequately and effectively covers the IRRBB and the CSRBB, which is adequately staffed, in terms of both numbers and skills, and which acts in a timely manner.

© European Central Bank, 2024

Postal address 60640 Frankfurt am Main, Germany
Telephone +49 69 1344 0
Website www.bankingsupervision.europa.eu

All rights reserved. Reproduction for educational and non-commercial purposes is permitted provided that the source is acknowledged.

For specific terminology please refer to the SSM glossary (available in English only).

HTML ISBN 978-92-899-6934-5, doi:10.2866/1170507, QB-01-24-036-EN-Q


  1. Following revisions to the SREP IRRBB/CSRBB methodology, which is to be applied from the SREP 2025 onwards, the risk control assessment for the IRRBB/CSRBB no longer includes Phase 2. Compliance with the relevant areas of regulation formerly covered under Phase 2 will in future be verified as part of the main risk control assessment (Phase 3).

  2. The compliance check that was included in the previous Phase 2 will be integrated into Phase 3 with effect from the SREP 2025.

Sceithireacht