Challenges for the European banking system
Speech by Kerstin af Jochnick, Member of the Supervisory Board of the ECB, at the ISDA conference on “EU Banking Reforms: Crossing the ‘t’s’ and dotting the ‘i’s’ – Current & Future Priorities for Europe”
Brussels, 3 March 2020
It is a great pleasure to be here today to share my views on the challenges and opportunities that lie ahead for European banks.
The challenges I will lay out are common to all of us here today – supervisors, regulators and banks. And so are the priorities: deepening the European banking market, restoring banks’ profitability, addressing climate and environmental risks, and tackling the IT and cyber risks posed by technological disruption. After all, a safe and sound banking sector with sustainable business models is indispensable for a well-functioning economy.
I will discuss each of these issues in turn today and outline how ECB Banking Supervision is prioritising its actions to address these challenges.
Progress made in Europe since the financial crisis
First of all, however, I would like to take a moment to consider the progress made in Europe since the last financial crisis, thanks to the collective efforts of legislators, regulators, supervisors and banks themselves.
Together, we have come a long way in harmonising the European regulatory and supervisory framework. We have applied the highest global standards to banks under our supervision, thereby inspiring public confidence in the sector. We have put in place a unified body of technical rules and supervisory definitions that provides consistency and confidence for the markets. And we have implemented the first pillar of the banking union by setting up ECB Banking Supervision, which has been instrumental in incentivising banks to clean up their balance sheets, increase their capital levels and improve their risk management practices.
Throughout this process, one unifying theme has underpinned all our work: the conviction that we must not repeat the mistakes of the past. The Basel III reforms embody this conviction, as they are built on the lessons learned from the crisis about the costs for taxpayers of imprudent risk-taking, speculative liquidity management and undercapitalised banks.
We are now in the final stages of rolling out the Basel III reforms. These measures have certainly made banks safer and sounder. Yet, as the memory of the crisis fades, some banks are seeking to undo the reforms, arguing that tighter rules are weighing on their profits and hindering their ability to finance the real economy.
I do not share this view. In fact, I see evidence to the contrary: banks that have been quicker to adjust to the Basel standards are generally in a better position to support their customers. So I will take this opportunity to reiterate how important it is that we implement Basel III faithfully, consistently and in good time. These internationally agreed standards are crucial for global financial markets to function smoothly.
But implementing them fully and consistently is just one of the challenges on the road ahead.
Today I would like to address some of the other challenges which, in my view, most urgently need to be tackled.
Completing the banking union
We need first of all to complete the banking union. For all of us here today, this is as much of a challenge as it is a priority.
We have already travelled an impressive distance along this road. Following the launch of ECB Banking Supervision as the first pillar of the banking union, setting up the Single Resolution Board and the Single Resolution Fund were important steps in establishing a fully functional second pillar. But a lot more still needs to be done.
First, we need to make the resolution framework more consistent. When a bank is declared failing or likely to fail, the Single Resolution Board (SRB) determines whether it is in the public interest to resolve that bank or rather to liquidate it. In the event of a resolution, the SRB manages the process and ensures a consistent approach across the banking union. Liquidations, by contrast, are carried out under national laws, which differ substantially across jurisdictions. For example, in some countries, an insolvency proceeding is not automatically triggered when the SRB determines that it is not in the public interest to resolve a bank. Banks in this situation may then enter a kind of limbo. This is why we see a clear benefit in aligning the national insolvency triggers – and why legislators are now considering whether to add a harmonised liquidation tool to the European banking toolbox.
The legislative status quo does not provide clarity on how non-viable banks that are not subject to resolution will exit the market. It also prevents us from achieving consistent outcomes in resolution and liquidation across the union, and it falls short of providing us with a truly European approach to handling banks in trouble. We would also welcome greater clarity in the legislative framework for banks well before they reach the resolution stage, where the ECB can intervene through so-called early intervention measures to prevent banks’ financial position from deteriorating further. This early intervention framework needs to be revised in order to both simplify the use of such measures and clarify their relationship with other supervisory measures.
And, finally, in order to make the banking union fully operational, the third pillar needs to be implemented: a European deposit insurance scheme. This would also help to foster cross-border consolidation among banks: putting such a scheme in place should make it easier for national authorities to agree to eliminate the remaining regulatory provisions trapping capital and liquidity within national boundaries – and thus allow banks to provide services on an equal footing across the entire European market.
Restoring bank profitability
So far I have covered the institutional framework. But the challenges do not stop there; banks are facing their own trials too. Most notably, too many euro area banks suffer from low profits that fall short of their cost of equity. Low returns are a concern for any bank, because they seriously compromise its ability to adapt to a low-rate, high-tech world, where innovators have the edge. And they are a concern for supervisors, because insufficient profits squeeze banks’ capacity to build capital buffers and prepare for future crises. This may mean that banks are not sufficiently protected to withstand negative shocks – which would have serious consequences for financial stability.
Banks thus need to become more cost-efficient and must scale up their technological investment – both by digitising their legacy systems and by incorporating advanced analytics into their risk management practices. The Scandinavian countries provide examples of successful cost optimisation strategies, including through the use of digital technology. At the same time, we know that IT investments are costly for banks in the short term, with potential profitability gains accruing over a longer time horizon. For this reason, it is important that such efforts are part of an overall strategy to strengthen banks’ business models and ensure that they are profitable on a sustainable basis.
In parallel, it would be beneficial for the European banking sector to consolidate further and reap the benefits of economies of scale and improved risk-sharing. There appears to be general agreement that there are too many banks in Europe. Yet the current institutional and legislative set-up does not seem particularly conducive to any of the common forms of consolidation, be they mergers, acquisitions or market exits.
For our part, we intend to favour market integration whenever possible within the current legislation. We are working to clarify our policy on mergers and acquisitions, and we are considering what more could be done within the bounds of the current legislation to foster banking integration in the euro area.
There are also new risks emerging on the horizon, including those related to the rapid advancement of technology. As I just mentioned, digitalisation provides opportunities for efficiency gains and new business. However, it also poses significant challenges for banks, as it may disrupt their value chains. Banks are coming under mounting pressure as new competitors enter the market, in the form of both lean and agile fintech start-ups with no legacy IT systems and large technological companies that already have enormous amounts of data and a wide customer base. Digitalisation might also affect funding, with new digital tools allowing depositors to switch banks by means of a few clicks and share their banking data with third-party providers, implying that deposits are becoming a less reliable source of funding. All innovations have the potential to create new risks, and digitalisation and digital business models are no exception. With this in mind, the ECB has launched a dialogue with the banking industry on the impact of fintech on their business models.
Technology has the potential to change not only the way banks conduct their business, but also the kinds of risk they face. As business models become increasingly digital, IT systems will become more important and the potential for operational and cyber risks will rise. Both banks and supervisors need to prepare for this.
We know that the functioning of the industry will always hinge on maintaining customers’ trust, so protecting customer data is fundamental. And to ensure the resilience of IT systems and minimise the risk of cyberattacks, it is crucial that all organisational layers of a bank, as well as its customers, are informed about and comply with adequate security procedures. Ultimately, it is up to the banks themselves to take appropriate measures.
The role of the regulatory and supervisory authorities is essentially to monitor how banks manage these risks, to challenge them in areas of potential weakness and, where necessary, to impel them to improve.
ECB Banking Supervision has been conducting thematic reviews of banks’ IT systems since 2015. This year, having identified IT and cyber risks as one of our main supervisory priorities, we are conducting IT-targeted on-site campaigns for a large number of systemic banks. Our investigations have shown that some banks are still failing to include IT risk in their general risk management frameworks, and that many banks are reliant on outdated systems to perform some of their most critical activities. And, in general, banks have been rather slow to implement our supervisory recommendations in the area of IT and cyber security.
We have also set up a cyber incident reporting process for banks. The information reported by banks has helped us to identify and monitor trends, and the knowledge we have gained will inform our response in the event of a major cyber incident affecting one or more banks under our supervision.
Cyber threats, of course, have little regard for national borders, and authorities must recognise this and collaborate at the global level if they are to perform their role effectively. To this end, the ECB is working with other international authorities to share experiences on recent cyberattacks and IT security developments.
In November 2019, the European Banking Authority (EBA) published its final Guidelines on information and communication technology, or ICT, and security risk management. These guidelines lay out the requirements for credit institutions, investment firms and payment service providers on how to mitigate and manage their ICT and security risks. And they also provide financial institutions with a common understanding of the supervisory expectations for the management of these risks. The guidelines will enter into force in June 2020.
Combatting money laundering and terrorism financing
While technological progress gives rise to new risks, it can also bring about improvements in the business of banking. New technologies allow banks to sharply reduce costs and thus channel more funds towards their long-term strategic objectives. They can permit more realistic assumptions and more accurate projections, allowing banks to make more informed decisions on risk-taking. And they enable better risk management by improving the data aggregation capabilities of banks.
Importantly, technology can also help banks more effectively address another significant challenge: the issue of anti-money laundering and countering the financing of terrorism, or simply AML. Tools based on artificial intelligence can dramatically boost the effectiveness of banks’ AML checks and fraud detection practices, by flagging connections between related entities that would go unnoticed under traditional risk rating models.
European bodies are aware of these issues and are taking measures to address them too. Over the past year, several initiatives have been launched to strengthen the EU-wide framework on combatting money laundering and terrorist financing. The ECB has been working with the European Commission and the EBA to develop technical standards and guidelines to enhance the current regulatory framework.
While the ECB’s mandate confers on us only specific tasks relating to the prudential supervision of credit institutions, we can still cooperate with national authorities to fight money laundering and terrorist financing. As supervisors, we may come across information that could help to uncover such crimes; or we may obtain insights into the quality of a bank’s general internal governance, in particular its AML internal controls. And we take AML-related concerns into consideration when deciding whether to grant authorisations to certain banks, or when assessing whether senior bank staff are fit and proper for their job.
However, the steps taken so far might not be sufficient to prevent money laundering and terrorist financing through the banking sector, especially as such activities are often conducted through cross-border transactions. While the ECB cannot take over the role of AML supervisor, as this is ruled out by the Treaty, we believe that a strategy to strengthen the EU’s AML framework may be warranted. Legislators could consider further harmonising the rules on AML, for example by transforming the AML Directive into an EU regulation.
To address the current supervisory fragmentation, we could also consider charging an EU body or a new authority with AML tasks and giving it the independence to act decisively to address AML risks. If supported by co-legislators and primary law, this authority could be assigned direct AML supervisory powers.
Last but not least, climate risk will also be high on the agenda. The necessary adjustment towards a more sustainable economy will have an impact on the financial system and pose financial risks to euro area banks.
So far, banks have engaged with climate topics mostly by drawing up sustainability strategies that outline how they can reduce their impact on climate change and by pursuing other sustainability objectives. In future, though, banks will also need to adopt a more traditional risk management approach to understand how they are financially exposed to and affected by climate and environmental risks.
ECB Banking Supervision is working through several international fora to define how climate-related risks should be integrated in both our own supervisory activities and in the risk management policies of banks. We will consult the public and the industry on this topic in the first half of this year. Later in the year, we intend to publish a guide setting out our supervisory expectations on the management and disclosure of climate-related risks.
In addition to the work in the supervisory space, we need clarity on the rules determining what constitutes a green investment. The taxonomy agreed by the European Parliament and the EU Council at the end of 2019 was a key step in this direction, enabling investors to identify environmentally sustainable economic activities that substantially contribute to climate change mitigation. By end-December 2021, the European Commission plans to define criteria for assessing whether an activity has a significant negative impact on sustainability.
When it comes to climate and environmental risks, the shared nature of the challenge and the urgent need to find solutions are, I believe, quite obvious to us all. While views may differ on how best to strengthen the banking sector, we can surely all agree on the need to ensure the survival of our shared planet!
Let me conclude. Today I have outlined what I believe to be the main challenges requiring our attention in the coming years. Our success will ultimately hinge on our capacity to adapt. This is true for ECB Banking Supervision too.
And we are already taking steps to become more agile, revamping not only our internal processes, but also our core activities. We have for the first time published granular results of our annual supervisory review and evaluation process, and we have made the underlying methodology more transparent. We are also looking at ways to make the European stress test framework more realistic and relevant.
And while ECB Banking Supervision is entering something of a new era, our ultimate goal remains the same. By reinforcing trust in our actions, supporting consolidation in the European banking sector, sharing knowledge about fintech, IT and cyber risk developments, and pushing banks to adapt more quickly to climate change and fintech, we seek to serve the objective that is shared by us all: a safe and sound banking sector.
- EBA Guidelines on ICT and security risk management (EBA/GL/2019/04), November 2019.
- Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions.