“After the crisis is before the crisis”
Interview with Mark Branson, Member of the Supervisory Board of the ECB and President of the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin), Supervision Newsletter
17 November 2022
Supervisors and banks face a fast-changing risk landscape and an increasingly complex financial sector. Since you joined BaFin last year, how has the institution adjusted to this environment?
The risk environment is very heterogeneous and constantly changing. BaFin’s role is to ensure a financial system that is as stable and resilient as possible. As a financial supervisory authority, we must act in a risk-oriented manner and try to identify in advance where, and under which circumstances, the financial system is most vulnerable. This requires scenario analyses, such as our stress test of smaller German banks – less significant institutions – carried out this year. Here, the focus was suddenly no longer on persistently low interest rates, but on upward interest rate shocks.
We constantly monitor and analyse the risk environment. At the beginning of each year, we identify the risks on which we particularly need to focus. With our 2022 report “Risks in Focus”, we made our risk assessment transparent for the first time and explained how we intend to contain the risks mentioned in the report. Although, of course, the risk environment is constantly changing.
With this approach, we prioritise, deprioritise, and set clear goals. Every supervisory authority needs such clear goals, a modern way of working and decision-making of the highest quality.
Despite the spectre of economic recession and heightened geopolitical uncertainties, European banks are rather optimistic about their own outlook. Are you concerned they may be underestimating a potential hit on asset valuations?
On average, at present, German banks are well-capitalised and weathered the coronavirus (COVID-19) crisis well. In principle, higher interest rates are a positive phenomenon for banks. However, banks also need to align themselves to the changed risk environment. With interest rate changes alongside the energy crisis and inflation, there are multiple challenges for the real economy and thus indirectly for the banking sector.
What matters now is sufficient resilience to be able to cope with possible setbacks. Our macroprudential measures – the countercyclical capital buffer and the sectoral systemic risk buffer for real estate loans – are an important contribution to increasing the resilience of German banks. Thanks to these measures, capital has already been retained in the system.
The lack of risk awareness was a major driver for the financial crisis in 2008. Over the years has this improved? What role did, and can, the supervisor play here?
Both the financial and the European sovereign debt crises were catalysts for landmark developments and regulatory projects that continue to shape our supervisory practice today.
Certainly, one of the positive points is the fact that, at that time, voices calling for stringent regulation and powerful supervision prevailed. Since then, stricter and largely harmonised standards drive supervisory practice in the euro area. This has been instrumental in strengthening the resilience of the financial system, reducing regulatory arbitrage and restoring confidence in the system.
However, I am concerned that several reforms are still not completed: the implementation of Basel III, the European deposit insurance scheme, the discussion on the risk weighting of sovereign bonds on bank balance sheets, the capital markets union – all are yet to be completed.
And after the crisis is always before the crisis. Therefore, supervision must be rigorous, independent, courageous, fast, risk-oriented, networked, holistic and forward-looking.
Digitalisation and cyber security are a supervisory priority and, for many banks, a challenge. How prepared are banks to withstand orchestrated cyberattacks from Russia, for example?
The more banks digitalise, the more vulnerable they are to cyber incidents – no matter where these come from. Whether caused deliberately or unintentionally, IT failures can have serious consequences. For the individual institution, its reputation is at stake; not to mention the consequences for customers. Cyber incidents not only jeopardise confidentiality, integrity and availability of data and IT systems, they can even endanger financial stability. In our goals for BaFin, operational resilience features as prominently as financial resilience.
For instance, we warned in the past that with each international conflict the risk of cyberattacks by hostile states increases. Attacks on service providers and infrastructure providers or in-house incidents within these service providers can cause significant damage.
We analyse daily information from the German National Cyber Defence Centre and, if necessary, exchange information about possible attack patterns with the financial sector.
We continue to focus on prevention. For example, we are increasingly carrying out specific IT inspections at financial institutions and service providers.
Last but not least, together with partner authorities and the financial industry, we have simulated a serious cyberattack event. There are already concrete plans to repeat the exercise soon.
Crypto-assets experienced a sizeable correction this year but continue to be popular. Germany is one of the first countries to require licencing for banks to deal with these products. Is there a high level of interest in crypto on the part of banks? And what do you think of crypto increasing its ties with the traditional banking sector?
Overall, banks’ interest in offering crypto-asset trading to their customers still seems, to me, to be limited. Currently, we have issued four licences for crypto custody and 14 institutions have a provisional permit.
In principle, blockchain technology is promising. Let’s hope that we move from "promising" to "effective and scalable".
However, not all crypto business models are serious. Waves of innovation, as we know, also bring with them freeloaders and crooks. And certain crypto-assets based on blockchain technology carry significant risks, especially if they are seen as an investment. At present, they do not pose a threat to financial stability. However, developments could move that way, should momentum return to market growth and interconnections with the traditional financial system intensify even further.
Turbulence in the unregulated market damages confidence and causes painful financial losses. But excessive regulation slows down innovation. Therefore, we need well-balanced and flexible supervisory approaches and regulatory frameworks, under which sophisticated and serious projects emerge that are able to provide benefit to customers. Then, interconnections with the traditional system would be less dangerous than they would be today. That is the approach BaFin is pursuing.
You call for full transparency when it comes to sustainable finance so that investors can make informed decisions. In your view, what responsibility do banks have in terms of facilitating the green transition?
In addition to financing decisions and disclosure, our focus is on the distribution of sustainable financial products. As of August this year, financial advisers are obliged to elicit the preferences of their customers regarding sustainable investments. From a supervisory perspective, transparency, clear standards for the minimum proportion of sustainable assets in a product and a market-driven selection of different types of sustainable financial products are the most appropriate ways to satisfy these preferences.
We, as supervisors, must not overstep our mandate. That is, to monitor financial risks. It is not our role to determine whether underlying investments are sustainable. It is not our role, nor do we have the necessary expertise. That’s the job of policymakers and scientists.
But supervisors can, and should, establish transparency. Investors need to be able to see whether or not, for instance, a product is based on companies they consider to be green, or that are shaping the transition to a green economy.
The only way responsible investors have a chance to make a deliberate and well-informed decision is by knowing the content and purpose of the products. But this also means that the product must be labelled accordingly to reflect the complexity of the issue. Therefore, we advocate respecting and promoting the personal responsibility of investors – by means of product transparency.
Over the past 12 months, we have certified 167 new mutual funds as sustainable, and the trend is rising. They all had to comply with our new transparency standards and requirements regarding the content of sustainable products. That’s our contribution against greenwashing.
You recently presented a solution to make reporting more efficient for both banks and supervisors. What are the main features of your prototype? In addition, where do discussions at the European level stand right now?
The goal of BaFin’s study was to develop solutions to improve the supervisory authority’s capacity to analyse data, while at the same time reducing the burden on banks, and to test the prototype with pilot banks.
The participants developed a "win-win target architecture" and validated it with the help of a prototype. The target architecture is based on a granular data model that, in future, could be applied for all reporting requirements in a uniform manner.
Another component of the target architecture is a machine-readable set of rules, based on this model, for performing data quality inspections and aggregating data points. This would bring us closer to our goal of having constant access to the data we need as supervisors. At the same time, we would reduce the reporting burden for institutions.
This digital groundwork should be laid at the EU level, ideally in cooperation with the banking industry. Therefore, our experts are presenting the results of the study in national and European forums. We are counting on the support of our partner institutions throughout Europe.
There are currently 400,000 individual rules and data elements that institutions are required to report on. In the interest of all parties involved, this complexity should be significantly reduced.