Powers, ability and willingness to act
– the mainstay of effective banking supervision

Speech by Frank Elderson, Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the ECB

House of the Euro, Brussels, 7 December 2023

Introduction

The March 2023 turmoil sent shockwaves through the financial world. It brought back ominous memories of the fall of Northern Rock and Lehman Brothers, and the ensuing great financial crisis.

Start-ups and venture capitalists that deposited money at Silicon Valley Bank (SVB) were in a bind.

People worried that more banks would start to wobble.

Investor trust suddenly eroded and banks’ stock prices plummeted.

The collapse of SVB and takeover of Credit Suisse became the most serious system-wide banking stress since 2008.

Several reports have now been published on the lessons learned from this crisis episode and they all highlight the importance of effective banking supervision.

In its candid investigation report into the failure of SVB, the US Federal Reserve concludes that supervisors were too focused on accumulating supporting evidence, instead of pushing banks to fix their risk management.^[1]

The report issued by the Basel Committee on Banking Supervision (BCBS) invites supervisors to ‘’review their supervisory toolkits to ensure they are sufficient to drive concrete action at banks’’.^[2]

And the IMF report “Good supervision: Lessons from the Field” concludes that supervisors around the world would be well advised to reflect on whether they have the appropriate powers, ability and willingness to act.^[3]

In my remarks today, I am taking up the question posed by the IMF. Do we, at the ECB, possess the necessary powers, ability and, crucially, the willingness to act in banking supervision? The short answer is an unequivocal yes. And we are increasingly focused on taking action to get banks to remedy deficiencies that have so far remained unaddressed.

Keeping banks safe and sound hinges on good supervision

Strong and intrusive supervision is pivotal in ensuring financial stability.

As a dozen US senators wrote to the Federal Reserve following the collapse of SVB, “Irresponsible and excessive risk taking by SVB should serve as a clear reminder that banks cannot be left to supervise themselves.”

But why is that the case? In other words, what is the rationale for prudential supervision? What is it that we are trying to be effective at?

Clearly, supervisors do not run banks. The primary responsibility for ensuring that banks manage risks properly lies with their management bodies.

The ECB’s banking supervision mandate is given by the SSM Regulation, according to which we should carry out our tasks “with a view to ensuring the safety and soundness of credit institutions and the stability of the financial system”.^[4]

Such a mandate is fairly typical for prudential supervisors. But where does it come from?

Citizens usually have neither the time nor the expertise to inspect banks’ balance sheets, so they “delegate” the duty of ensuring financial stability to supervisory authorities.

Another reason is moral hazard. The fundamental difference between a bank and any other company is that banks inherently operate with high leverage. This gives them an incentive to take on excessive risks to maximise returns. Prudential supervision helps to curb moral hazard by encouraging responsible risk-taking and monitoring banks' risk management practices. This is especially relevant because financial markets are prone to market failures. Information asymmetry is a common problem, as banks have more information about their financial health than depositors or investors. Prudential supervision is needed to mitigate this imbalance by ensuring that banks disclose accurate information and maintain sufficient capital to absorb losses.

And because financial systems are interconnected, and the failure of one financial institution can have cascading effects on others, prudential supervision is crucial to maintaining overall financial stability.

That’s why our role is twofold. The first is of a detective nature. We keep a close eye on banks, both to gauge whether they are adhering to regulatory requirements and to detect any practices that might undermine financial stability.

Second, our role is to ensure that banks take timely and commensurate corrective action on issues of prudential concern that surface during the detective phase.

This means that, in certain circumstances, we should stand ready to get banks to do things they don't necessarily want to do and to stop them from doing things they would like to keep doing.

The IMF identified some common pitfalls that supervisors around the world should look out for. Supervisors not only need to identify weaknesses, but also have the appropriate powers, ability and willingness to drive concrete and timely remedial action at banks.

So how do we go about it?

I will highlight three areas. First, the detective phase of our supervisory assessment. Second, whether we have the right corrective tools to get banks to change their behaviour. Third, our willingness to act using our supervisory powers.

Supervisory assessment

When we identify issues, or ‘findings’ as we call them, what we are really trying to identify are one of two things: either whether a bank does not, or within the next 12 months likely will not meet a prudential requirement^[5] or that a bank has unsound management and coverage of risk.^[6]

In the start-up phase of European banking supervision, we consolidated the best practices that supervisors across the banking union had built up in decades of hands-on experience. This gave us robust analytical capabilities. Our analytical machine is fuelled by well qualified staff from across the banking union, from Nicosia to Tallinn, from Dublin to Madrid, leveraging on cutting edge supervisory technology. Our supervisory teams do this through our annual Supervisory Review and Evaluation Process (SREP) which includes the outcome of peer benchmarking to identify outlier banks, on-site inspections, internal model investigations to just name a few. Instead of focusing only on the symptoms, our supervisors are working hard to identify the root causes of the shortcomings.

But our expert resources are not infinite. We cannot always look, or at least not in the same level of detail, at every risk in every bank and do this every year. So we need to prioritise in a risk-based manner. In fact, we have already increased our risk focus, for instance by introducing so-called multi-year planning in the SREP and by implementing a supervisory risk tolerance framework that empowers supervisors to focus on the most impactful matters.

Tools

So we have the analytical capabilities and increased the risk-focus in the detective phase.

But can we give banks the right incentives to remedy the deficiencies we identify? Do we have the powers to get banks to do things they don’t want to do?

Let me emphasise that we do not come to the task empty handed.

European banking supervision has at its disposal a broad set of very powerful tools.

But what are these tools, exactly?

The first is what we supervisors refer to as moral suasion. This approach relies on persuasion and informal pressure rather than formal, legally binding requirements. Our experience shows that myriad supervisory findings can be resolved in this way. Very often, when we find something, banks concur with our assessment, promptly fix the issue and that’s the happy end of the story. But there are also times when moral suasion doesn’t lead to the desired outcome or works only because banks know that there are more intrusive tools available.

These more intrusive tools are the binding supervisory measures laid down in Article 16 of the SSM Regulation.

Many think that requiring banks to hold additional own funds is the main tool that supervisors have. But it is far from being the only one. Article 16 of the SSM Regulation gives the ECB the power to impose what we call “qualitative requirements”, based on the bank’s specific circumstances. Let me dwell on just a few of these qualitative requirements.

We have the power to require the reinforcement of arrangements, processes, mechanisms and strategies.

We have the power to require institutions to apply a specific provisioning policy or treatment of assets in terms of own funds requirements.

We have the power to restrict or limit the business, operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution.

We have the power to require the reduction of the risk inherent in the activities, products and systems of institutions.

We have the power to restrict or prohibit distributions by the institution to shareholders, members or holders of Additional Tier 1 instruments where the prohibition does not constitute an event of default of the institution.

And we have the power to remove at any time members from the management body of credit institutions who do not fulfil the requirements set out in the relevant acts.

Additionally, we can impose periodic penalty payments as enforcement measures, which are designed to compel banks to restore compliance with prudential requirements.^[7]

Last, we can impose sanctions that are aimed at punishing the misconduct of a bank and deterring future infringements by that bank as well as the entire banking system.^[8]

I think you will all agree that the ECB has a rather extensive and intrusive toolbox at its disposal.

So to answer the IMF’s question: do you have the tools? Yes, we have the tools.

The European legislators gave us these tools for a reason. The legislator gave us these tools with the expectation that we use them in accordance with the level of risk mitigation we are expected to bring about.

But have we always used our full toolbox as extensively as we might?

Effectiveness of European banking supervision

In almost ten years of European banking supervision, we have certainly been effective in many risk areas.

For instance, the SSM effectively tackled the legacy asset quality problems that plagued many banks across the banking union. High levels of non-performing loans (NPLs) have been a key priority since the start of European banking supervision. In 2017 we published our Guidance to banks on non-performing loans, which sets out supervisory expectations regarding the identification, management, measurement and write-off of NPLs. We supplemented this in 2018 by announcing our supervisory expectations when assessing a bank’s levels of prudential provisions for NPLs, which the ECB started to follow in 2021. This announcement played a crucial role in accelerating the reduction in NPLs.

This tangible impact has been well recognised in several external reviews. In September 2022, the ECB proactively tasked five international high-level experts on banking supervision to review our supervisory processes and benchmark us against the highest international standards. In spring 2023, the ECB received not only the report of this external expert group but also reviews by the European Court of Auditors and the European Commission. The reports unanimously confirm that ECB Banking Supervision has successfully established itself as an effective supervisor.

But there is no reason for complacency. There are also areas in which banks have been dragging their feet.

This is especially true for internal governance, risk management and business model sustainability for which too many supervisory findings have not been fully addressed for too long. For instance, there is a high number of outstanding findings for weaknesses in risk data aggregation and reporting, which was the lowest-scoring sub-category of internal governance in the 2022 SREP. The Basel Committee issued the relevant prudential standards in 2013 and the ECB conducted a thematic review on the topic seven years ago. But despite supervisory efforts, too many banks still don’t have adequate risk data aggregation and reporting capabilities.

This is just one example where we ask ourselves how we can incentivise and significantly step-up banks’ effective remediation. This is particularly relevant for weaknesses in internal governance and risk management that are often at the root cause of various problems that subsequently materialise in risks to capital. The tumultuous events at SVB were a stark reminder of what can happen when banks leave material shortcomings unaddressed for too long. The Federal Reserve’s report is quite clear that although supervisors had identified the issue, they were unable to escalate to enforcement fast enough. Our key lesson from the March 2023 turmoil is that we need banks to accelerate the pace of remediation. The group of independent international experts^[9] also recommended that the ECB should establish more timely and forceful escalation processes, leveraging on the full range of supervisory tools.

But how do we do that?

The ECB’s willingness to act

Having progressed from a start-up to a mature supervisor, we must now focus more systematically on which tools we use and under what circumstances. We are taking a structured approach in full respect of the principle of proportionality, which is a general principle of Union law enshrined in Article 5 of the Treaty on European Union. This means that having identified a number of potentially effective measures, the supervisor should always choose the least intrusive one. Supervisors must be clear as to how the chosen measure addresses the unmanaged and uncovered risk and why other measures would not be as effective as the measure chosen.

Central to this is embedding our supervisory actions in an escalation ladder. In other words, if we identify a material risk that needs to be mitigated, we ask ourselves ex-ante: which measure should we adopt to remedy this, and which would be a proportionate timeframe for remediation to take place?

We thus set out a proportionate and time-bound remediation path. By using supervisory escalation, we give banks sufficient opportunities to address the root cause of a problem within a defined timeline.

Fortunately, many banks address the root cause of the problem in response to our supervisory pressure and that’s the end of the story.

But if banks fail to fix the issue timely, we will follow up proportionately, but decisively, by deploying more intrusive supervisory tools.

The IMF report reminds us that the risk of a supervisory decision being reversed by the courts sometimes hinders supervisory action. Let me assure you that the ECB weighs legal risk carefully and does not shy away from effective supervisory action within the remit of its legal framework. In cases where the legal framework is not entirely clear, we seek the most adequate interpretation that gives full effect to the intention of the legislators, and we defend our interpretation in court. Winning a case affirms our interpretation and application of the law and reinforces our initial approach. If the ECB were to lose, I would not necessarily see this as a setback but rather as a valuable opportunity for continuing our work as clarified by the court, in our case, the European Court of Justice. Such outcomes play a crucial role in refining the legal landscape and bring about a clearer understanding of the law.

Taking action through enforcement

Let me now turn to climate-related and environmental (C&E) risks as a recent and tangible example of supervisory escalation following a multi-year strategy.

Back in 2019 our early supervisory assessment suggested that although most banks under our supervision considered C&E risks material, less than a quarter had reflected on how the climate and environmental crises affected their strategy and risk management. Faced with this concerning observation, in 2020 the ECB published its Guide on climate-related and environmental risks, setting out supervisory expectations for how banks should integrate these risks into their risk management, strategy and governance. However, our supervisory exercises in 2022 showed that banks do not yet adequately manage C&E risks just as any other material risks that they are exposed to.

Building on what banks themselves found reasonable when we first started discussing C&E risk management with them, we set a series of expected interim deadlines: the first at the end of March this year and the second at the end of 2023 and a last one at the end of 2024 − by which banks should fully satisfy all of our expectations on the sound management of C&E risks. We have been very clear that we expect this of all banks and that we will use all tools at our disposal to enforce appropriate risk management, strategy consideration and internal governance also of C&E related risks by these deadlines if necessary.

Unfortunately, a number of supervised banks did not achieve the progress expected for March 2023. This means, for example, that two and a half years after we published our guide, these banks had not yet performed an adequate materiality assessment of the impact of C&E risks across their portfolios, which is the basic starting point for managing any type of risk.

So it should be no surprise that we acted on this, in line with what we communicated before. We have started to adopt enforcement measures. We have issued supervisory decisions imposing binding requirements on banks to strengthen their internal control framework in this area, including the potential imposition of periodic penalty payments if banks fail to meet those requirements. In other words, we have told a number of banks to remedy the shortcoming by a certain date and, if they don’t comply, they will have to pay a penalty for every day the shortcoming remains unresolved.

I acknowledge that this is a tool that we have not used very often. It is a step that we do not take lightly. It is not about forcing banks to do something that is merely nice to have. It is about compelling banks to manage material financial risks adequately and in a timely manner.

Conclusion

The turmoil of March 2023 was a clear reminder of what can happen if issues are detected but not acted upon. This crisis episode confirms that intrusive and effective supervision is needed more than ever.

As we approach our 10-year anniversary, European Banking Supervision is putting greater emphasis on impact and effectiveness. To be effective in our supervision we need to have both a razor-sharp analytical focus on risks and insist that the weaknesses we identify are remedied in time.

We recognise that moral suasion is often, but not always, sufficient to get banks to adequately manage their risks. In the latter case, we must actively and proportionally use the legal powers entrusted to us to compel timely compliance with prudential requirements. This approach is vital in preventing identified risks from crystallising into threats to bank solvency or financial stability.

Equipped with the necessary tools and resources, we ensure that our decisions are informed, timely and, crucially, enforceable.

Promoting timely and effective remediation is an essential part of our supervisory DNA and it will be central to European banking supervision in the years to come.