European Central Bank

ECB Speech on Climate Change and Central Banking

On November 27, the European Central Bank (“ECB“) published a speech by Yves Mersch, ECB executive board member, on climate change and central banking. Key points included:

  • Three principal sources of risk have been identified by the Financial Stability Board’s (“FSB“) taskforce on climate related financial disclosures, the European Systemic Risk Board and other bodies: (i) physical risk from exposure to climatic events; (ii) transition risk; and (iii) the undervaluation risk in new “green” financial products leading to price bubbles.
  • The physical risk falls mainly on insurers who need to ensure capital adequacy (the ECB is excluded from supervising insurance firms under the Treaty of the Functioning of the EU) but the banking sector may also be affected to the extent that climatic events affect the physical collateral underpinning lending, such risk is increased if banks have loan portfolios concentrated in particular geographic areas.
  • The ECB is not a regulator for financial markets or banks, so cannot vary the capital requirements of supervised banks to take into account their climate risks, or to encourage climate finance.
  • Climate risks have been identified in the ECB Banking Supervision’s risk assessment for 2019 and will be among the topics covered in the qualitative discussions held with banks on an individual basis.


Third European Commission Progress Report on Reducing NPLs in EU

On November 28, the European Commission published a communication setting out its third progress report (COM(2018) 766 final) in reducing non-performing loans (“NPLs“) and further risk reduction in the banking union.

There is an overall trend of improvement, with NPLs declining to an average of 3.4% which is approaching pre-crisis levels, due to action taken by member states and market players. However, there are high NPL ratios still in some member states.

The Commission has delivered all elements of the Council’s July 2017 NPLs action plan. However, it needs to be fully implemented by all actors in order to address the challenge of high NPLs, both in terms of reducing existing stocks to sustainable levels and preventing future accumulation. In particular, the Commission calls on the European Parliament and the Council of the EU to swiftly agree on the banking risk reduction package and all the elements of the legislative proposals to tackle NPLs.

A staff working document (SWD(2018) 472 final) was produced at the Council’s request and following collaboration with the European Central Bank (“ECB“) and the European Banking Association (“EBA“). The document, which is stated to not represent the views of the Commission, the ECB or the EBA, consider the set-up of an EU NPL electronic marketplace platform where banks and investors could trade NPLs to help stimulate development of the secondary market.

Framework for Cyber-Attack Testing Published by ECB


On May 2, 2018, the European Central Bank (“ECB“) published the “TIBER-EU” framework, a document which outlines the process for European and national authorities to work with financial institutions to put in place a program to test and improve resilience against cyber-attacks.

The TIBER-EU introduces intelligence-led red team tests to mimic the tactics, techniques and procedures of threat-actors, which will allow a financial institution to assess its protection, detection and response capabilities.

The framework, available here, details the key phases, activities, deliverables and interactions involved in a test.

The tests are not mandatory and it is for relevant authorities and institutions to decide if the tests are required, however the ECB has encouraged relevant authorities within jurisdictions to engage with each other in deciding how to adopt the framework, whilst financial institutions are encouraged to work closely with relevant authorities in order to enhance cyber-resilience.

ECB Consults on Cyber Resilience Oversight Expectations for FMIs


The European Central Bank (“ECB“) published for consultation a draft version of the cyber resilience oversight expectations (“CROE“) for financial market infrastructures (“FMIs“) on April 10, 2018.

The CROE are based on guidance on cyber resilience for FMIs that was published by the Committee on Payments and Market Infrastructures (“CPMI“) and the International Organization of Securities Commissions (“IOSCO“) in June 2016. The 2016 guidance was immediately applicable and the CROE form part of the oversight of the guidance, setting out assessment criteria for supervisors to use.

The CROE also provides FMIs in the euro area with steps on how to implement the guidance and enhance their cyber resilience.

In line with the guidance, the CROE covers five primary risk management categories:

(i).   Governance.

(ii).  Identification.

(iii). Protection.

(iv). Detection.

(v).  Response and recovery.

It also covers three overarching components which relate to testing, situational awareness, and learning and evolving.

The CROE use a maturity model that provides supervisors and FMIs with a benchmark against which they can evaluate FMIs’ current level of cyber resilience, measure progression and establish priority areas for improvement.

The webpage for the consultation invites FMIs and other interested parties to provide their input on the draft CROE. The deadline for responses is June 5, 2018.

The ECB provided an overview of the Eurosystem cyber resilience strategy for FMIs in a speech in November 2017.

ECB Speech on Risk Appetite Frameworks


The European Central Bank (“ECB“) published a speech, “Risk appetite frameworks: good progress but still room for improvement“, given by Daniele Nouy, ECB Supervisory Board Chair, at the International Conference on Banks’ Risk Appetite Frameworks on April 10, 2018.

In her speech, Ms. Nouy explains that a bank’s risk appetite framework includes the policies, processes, limits, controls and systems it puts in place to define, communicate and monitor how much risk it is willing to take on. Supervisors expect risk appetite frameworks to be comprehensive, effectively governed, consistently used and fully integrated into strategic decision-making.

Ms. Nouy acknowledges that banks’ risk appetite frameworks are now better structured and subject to clearer governance. Most banks have clarified the role of the relevant stakeholders involved in the risk appetite framework and many banks’ internal auditors have reviewed the effectiveness of risk appetite frameworks.

However, she highlights four areas in which banks need to improve:

  • Banks need to improve how they embed risk appetite frameworks in their strategic processes. They need to take a holistic approach to risk culture and risk management and to align risk modifiers and key performance indicators with their risk appetite frameworks. The board must challenge the senior management and ensure that each strategic decision is based on a sound risk analysis.
  • Risk appetite frameworks still do not cover enough risks, particularly non-financial risks (such as compliance and reputational risks, IT risks, legal risks and conduct risks).
  • The governance of risk appetite frameworks must be improved. Boards and banks’ risk functions need to play a larger role in defining and reviewing risk appetite frameworks
  • Risk appetite limits need to be set and used comprehensively. Banks need to break these limits down to business lines, entities and countries and need to work on how they calculate and apply limits.

Ms. Nouy previously stated that banks’ progress had been too slow in relation to risk management frameworks in a speech in March 2018.

The ECB identified risk management as one its supervisory priorities for the single supervisory mechanism (“SSM“) for 2018.

ECB Publishes Opinion on Proposed Regulation Amending EBA Regulation


The European Central Bank (“ECB“) published an opinion (CON/2018/19) (dated April 11, 2018) on a proposed Regulation amending (among other things) the EBA Regulation (Regulation 1093/2010) on April 12, 2018.

The proposed Regulation forms part of the European Commission’s legislative proposals for reforms to the European System of Financial Supervision (“ESFS“), which were published in September 2017. In November 2017, the Council of the EU requested an opinion from the ECB on the proposed Regulation.

In the opinion, the ECB welcomes the proposed Regulation’s objective of fostering effective and consistent prudential supervision and regulation across the EU. It supports further integration of the supervisory framework at EU level for the banking sector and strengthening supervision by re-examining the current set-up of the European supervisory authorities (“ESAs“) (that is, ESMA, EIOPA and the EBA).

The opinion sets out the ECB’s general observation that the banking union and the capital markets union (“CMU“) are at different stages of progress. The review of the ESAs should not necessarily produce three identical outcomes for the three ESAs, but should address their respective mandates and functions.

The ECB considers that certain of the proposed amendments to the EBA Regulation do not adequately distinguish between the scope of the ECB’s microprudential supervisory tasks and the EBA’s competence to set regulatory standards to promote supervisory convergence. It states the importance of avoiding duplication or inappropriate allocation of tasks, as this could blur the responsibilities of the two authorities and render the system less effective overall.

The ECB also makes some specific observations in the opinion concerning the revised EBA governance framework, strategic supervisory plans, stress testing and independent reviews of national competent or supervisory authorities.

A technical working document accompanied by an explanatory text is appended to the opinion, setting out the ECB’s proposed amendments to the text of the proposed Regulation.

The ECB has decided to adopt separate opinions on the Commission’s legislative proposals for reforms to the ESFS, so it advises that the opinion should be read in conjunction with an opinion it published in March 2018 on a proposed Regulation amending the European Systemic Risk Board (ESRB) Regulation (Regulation 1092/2010).

Second ECB Consultation on New Euro Unsecured Overnight Interest Rate


On March 15, 2018, the European Central Bank (“ECB“) published its second consultation paper on a new euro unsecured overnight interest rate, available here.

The ECB announced in September 2017 that it intended to start providing a euro unsecured overnight interest rate based on data already available to the Eurosystem (that is, the rate will be calculated entirely on transactions in euro that are reported by banks in the ECB’s money market statistical reporting (“MMSR“)). The ECB aims to produce the new rate before 2020 and plans for it to be consistent with the principles on financial benchmarks developed by the International Organization of Securities Commissions (“IOSCO“). The interest rate will complement existing benchmark rates produced by the private sector and will serve as a backstop reference rate.

ECB Consultation on Guide on Assessment Methodology for IMM and A-CVA

On December 14, 2017, the European Central Bank (“ECB“) published its first consultation on the draft ECB guide on the assessment methodology (EGAM) for the internal model method (“IMM“) and the advanced credit valuation adjustment risk (“A-CVA“) charge for counterparty credit risk (“CCR“).

The guide relates to the supervisory assessment methodology used by banks to calculate capital requirements for CCR under the Capital Requirements Regulation (Regulation 575/2013) (“CRR“).

The ECB developed the guide, as there is no mandate in the CRR for the EBA to produce regulatory technical standards (RTS) for the assessment methodology for the IMM and the A‑CVA models.

The guide is intended to clarify the methodologies that the ECB uses to assess CCR model components within model investigations when determining if institutions meet those requirements.

The deadline for responses is March 31, 2018. The ECB intends to finalize the guide following another call for feedback in 2018.

The draft guide is available here.

ECB Speech on Eurosystem Cyber Resilience Strategy for FMIs


The Director General Market Infrastructure and Payments of the European Central Bank (“ECB“), Marc Bayle de Jessé, gave a speech on the ECB’s views on the regulation of cyber security on November 21, 2017.

In his speech, Mr. Bayle de Jessé provided an overview of the Eurosystem cyber resilience strategy for financial market infrastructures (“FMIs“). The strategy was approved by the ECB’s governing council in March 2017 and is intended to implement the June 2016 joint guidance (Guidance) of the Committee on Payments and Market Infrastructures (“CPMI“) and the International Organization of Securities Commissions (“IOSCO“) on cyber resilience for FMIs.

The strategy is based on three pillars:

  • Pillar 1. Working with financial firms and FMIs to ensure that they build defenses and enhance their level of cyber maturity. The Eurosystem is developing a harmonized approach to assessing payment systems in use in the Eurozone against the CPMI-IOSCO guidance. It is also developing tools for use by FMI operators to enhance their cyber resilience maturity. These tools include a cyber survey, which has been sent by the ECB to all payment systems in the Eurosystem, and a “European Red Team Testing Framework”, which involves testing FMIs’ cyber resilience without prior warning by mimicking the tactics of real cyber attackers.
  • Pillar 2. Strengthening the resilience of the sector. The ECB is working on cross-regulatory collaboration, information sharing, improved threat intelligence, close collaboration with European law enforcement agencies, market-wide exercises based on cyberattack scenarios, and a deeper understanding of third parties and the supply chain.In particular, the ECB is developing an analytical framework and methodology for sector mapping with the aim of producing sector and network maps that will be used to understand key risk areas and improved crisis communication procedures. The ECB also calls for cross-authority collaboration to be enhanced to ensure that authorities have a similar approach and focus on cyber resilience and for the efficient sharing of information on threats by market participants and regulators.

Pillar 3. Establishing strategic dialogue between the industry and regulators. The ECB is in the process of establishing the Euro Cyber Resilience Board. The aim of this board is to provide a forum that brings together market participants, competent authorities and cyber-security service providers. The aim of the Forum is to raise awareness and catalyze joint initiatives for developing effective solutions for the market, as well as sharing best practices and fostering trust and collaboration.