16 February 2010
The Committee of European Banking Supervisors (CEBS) today publishes its high level principles for risk management. These principles should be considered both by institutions (as part of the ICAAP) and supervisors (as part of the SREP) within the supervisory review framework under Pillar 2.
In responding to the call of the EU Economic and Financial Committee (EFC) for CEBS to develop enhanced guidance to strengthen banks' risk management practices, CEBS has conducted an analysis of its existing risk management guidelines. This analysis showed that in general the EU and international supervisory bodies have produced a comprehensive set of guidelines. However, it also revealed areas where the coverage of risk management practises was somewhat fragmented. We herewith provide guidance to some of these areas where weaknesses have emerged during the financial crisis, such as (i) governance and risk culture; (ii) risk appetite and risk tolerance; (iii) the role of the Chief Risk Officer and risk management functions; (iv) risk models and integration of risk management areas; and (v) new product approval policy and process.
The guidelines strive to strengthen the risk culture within institutions through enhancements in the risk management function. A full understanding of the nature of the business and its associated risks facilitates a sound recognition of risks within institutions strategies and ongoing business activities. This implies also that decisions should be based not solely on quantitative models but also on qualitative assessments. This also applies for the approval process of new products.
In developing the current high level principles, CEBS has benefited from market participants' views. Input was provided in the industry's responses to the public consultation (CP24) published in April 2009. CEBS has considered the feedback received and has revised its initial proposals in order to address the main issues raised by market participants.
CEBS expects its Members to implement the high level principles into their procedures by 31 December 2010 at the latest. The high-level principles for risk management are aimed mainly at large and complex institutions. However, according to the principle of proportionality, they can be adapted to any institution under review, taking into account its size, nature, and complexity