Primary tabs

European Banking Federation

KEY POINTS:

- The EBF welcomes this general review of the SREP Guidelines since it would enhance the current framework improving clarity on certain aspects and ensuring greater harmonization. In this sense, the clarifications on the Pillar 2G and the link between other supervisory activities and the SREP decisions are welcomed.
- We appreciate EBA’s efforts to improve proportionality and recommend adapting all aspects of the Guidelines to the proportionality principle. It is important that the SREP process reflects differences in size, complexity and business models.
- Transparency must be ensured regarding the use of peer groups, these should be explicitly communicated to institutions, including the methodology for their constitution. Entities must be able to understand their relative positioning which is a key information for a total understanding of their SREP assessment.
- The benefits of diversification are not adequately recognized in the guidelines, both between risks and across geographies. We consider the approach to Pillar II should not be just a Pillar I plus some add-ons, but a comprehensive overview of the risk profile of an institution.
- The EBF welcomes the efforts undertaken in order to ensure transparency in relation to the methodology of computation of the Pillar 2 Guidance and the clarification provided in relation to its link to relevant supervisory stress tests. Notwithstanding this, EBA must specify how results of supervisory stress tests are used to determine P2G and provide more detailed, quantitative explanations on the inclusion of stress test results in P2G.
- The EBF recommends to EBA to specify that P2G disclosure should not be required by local authorities under any circumstances. concerns arise from the possibility that local market authorities may require the disclosure of P2G which has no relevance for the Maximum Distributable Amount. This may create disclosure pressure across the markets and possibly make the requirement binding.
- The EBF opposes the requirement that imposes on institutions to meet their P2G requirement only with CET1 instruments. Institutions must be allowed to use other instruments to meet their P2G requirements such as AT1 and T2 capital instruments. On the other hand P2G should also be used to cover a AT1 or T2 shortfall. This is supported by the definition of the stacking order.
- Overlaps between P2G and other applicable macro-prudential measures should be avoided. In this sense, competent authorities should consider the extent to which the existing combined buffer requirements and other applicable macro-prudential measures already cover risks revealed by stress testing. The P2G should in general be offset against the capital conservation buffer and in some cases the countercyclical capital buffer.


RESPONSE TO QUESTION 1:

The EBF welcomes the general review of the Guidelines since it enhances the current framework by adding more clarity on certain aspects and by ensuring greater harmonization. In this sense, the clarifications on the Pillar 2G and the link between other supervisory activities and the SREP decision are welcomed.
The EBF considers this revision is carried out with appropriate timing. With two years of functioning of the SREP framework, it is a good time to take stock of how the framework is working and to propose changes. However, we find it important that the Guidelines are adapted as soon as the CRRII and CRDV are agreed upon.
We appreciate the focus on proportionality and recommend adapting all aspects of the Guidelines to the proportionality principle. It is important that the SREP process reflects differences in size, complexity and business models. We are still missing specific improvements in terms of proportionality for stress testing. The concept of “anchor” test in not sufficiently elaborated. For credit risk, it must be clarified if the supervisory stress test for smaller and less complex banks will be formulated in terms of shocks of macroeconomic variables or in terms of shocks of “standardized credit approach” risk factors. In case the first alternative were the prescribed one, care should be taken of the fact that, in general, the above-mentioned category of banks has no satellite models readily available and some “bridge solution” would therefore need to be provided.

Furthermore it has also to be noted that the benefits of diversification are not adequately recognised, both between risks and across geographies(*). We consider the approach to Pillar II should not be just a Pillar I plus some add-ons, but a comprehensive overview of the risk profile of an institution. This could only be achieved by assessing the risk holistically using models or approaches which reflect the benefits of no correlation between the different elements. Any assessment that does not take fully into account the benefits of diversification would be limited for the purposes of the SREP. We understand that the framework should incentivise the development of comprehensive models by accepting their use in Pillar II, when they meet the supervisory expectations in terms of quality and reliability. Another option could be a simple and comparable methodology that captures the main features of diversification. Even though this would be a second best, in our opinion this would offer a better trade-off between an accurate risk assessment and ensuring harmonization than the current framework.
(*) Paragraph 352 represents a clear limitation of these benefits when determining additional own funds to cover unexpected losses. We agree that Pillar I requirement should be a floor for the overall capital requirements but it does not mean, however, that Pillar I requirement for credit risk set a floor for credit risk internal economic capital. Otherwise, the EBA guidance would not be aligned with the incentive of Institutions to develop sound, effective and comprehensive internal capital processes that is clearly defined in article 73 of Directive 2013/36/EU.

Finally, we also note that further transparency on the setting and communication to institutions of P2R should be prescribed by the Guidelines, respectively in the “Articulation of own funds requirements” (section 7.5) and in the “ Communication of prudential requirements” (section 7.9) sections. It would be important for institutions to receive a quantitative breakdown of the P2R - on a risk by risk basis – in the various components of: a) add-ons for elements of Pillar I risks not covered by Pillar I requirements, and b) add-ons for risks not covered under Pillar I requirements.

To improve transparency, the EBF also underlines the importance of:
• making the Risk Assessment System methodology as transparent as possible, including the disclosure of the entire assessment report (not only the SREP Letter).
• clarifying the relation between the score of each SREP area of analysis and the overall score and the relation between the overall score and the SREP final capital and liquidity requirements;
• disclosing the clustering of the peer groups a bank belongs to, in order to have a better understanding of the relative positioning which is a key pillar in the SREP assessment.

We consider that further clarification is required on how competent authorities will decide, and the grounds on which it is based, whether or not future regulatory changes(*) should be considered. In our view, to avoid different interpretations among jurisdictions, objective criteria should be defined in the final guideline.
(*) In paragraph 127, the consultation paper sets: “In the assessment of stress testing results, competent authorities should also consider all known future regulatory changes affecting institutions within the scope and time horizon of the stress test exercise”.

We recommend introducing more precise criteria to qualify the evaluation low, medium or high (see table 13).
The recovery plan is part of the entity governance and supervisory reporting documents, so it is fair to include its assessment in the SREP methodology guidelines as an additional tool for a complete evaluation.

With regard to the evaluation of the “recovery capacity” as a new criterion for awarding the overall SREP score, it is not appropriate to include it at the same level as, inter alia, the assessment of the business model and of the internal governance. Rather, the “recovery capacity” should be considered as a subcategory of the assessment of risks to capital and liquidity. Therefore, the criteria in table 13 relating to the recovery capacity should be adjusted.

In relation to figure 4, we recommend further improving the explanation of the differences between the dotted and the other lines. Furthermore we would like to mention that it is far too early to initiate supervisory measures according to CRD when the SREP score is 2. At a SREP score of 2, there is a medium-low level of risk to the viability of the institution. The supervisory measures should not be initiated before the score is set at 3. In addition we would suggest a line to be drawn between supervisory measures (CRD) and early intervention measures (BRRD). A situation could occur where a further deterioration of the situation of the institution happens after CRD measures are taken. In figure 4 that should lead to resolution. However we think that early intervention measures from the BRRD could be the next step on the way. Finally we think that all lines should have arrows in both directions since a recovery of the institution could be a result of the interventions by the authorities.
A. International standards in the assessment of internal governance

Before examining the way in which the draft SREP Guidelines have accommodated the new Guidelines on internal governance, we wish to address the issue of SREP assessments requiring institutions to comply with “international standards” (paragraph 88 of the draft Guidelines).

International standards per se should not be imposed on institutions as if they were binding legal instruments, nor should they be equated to EU or national laws and other regulations, especially if the latter allow institutions a degree of discretion in their application which international standards do not.

The EBA should consider that the introduction of a reference to international standards in the Guidelines’ could undermine the achievement of their objective of establishing harmonised, efficient and effective supervisory practices.

Indeed, including international standards as part of competent authorities’ assessment tools poses much uncertainty for institutions – especially for cross-border Groups - given that the Guidelines do not specify the framework of application of said international standards. The draft Guidelines are not clear regarding what is to be considered “international standards” and whether any international standards in the field of corporate governance are potentially applicable for the purposes of the SREP. Likewise, the Guidelines may create an uneven playing field where different competent authorities make use of different standards, at the expense of achieving a common and uniform application of Union law, which remains the objective of the Guidelines (article 16 of the EBA Regulation).


B. Integration of the new EBA Guidelines on internal governance (EBA/GL/2017/11)

With regard to the assessment of the suitability of members of the management body and key function holders, EBA should clarify how the elements listed in paragraph 92, c to f, must be assessed. Indeed, these elements are referred to “soft” qualities that are not easy to quantity and/or compare against peers. Further indications should also be provided with respect to the application of the “diversity policy”, in relation to the institution’s Organizational Model (monistic or other) and the role of the “management body” (be it strategic supervision, management or control).

With regard to the evaluation of the institution-wide controls and risk management, the use of quantitative results from internal stress tests should be explicitly excluded when deriving the SREP assessment. Although the analysis of the qualitative suitability of stress tests makes sense, particularly in the context of an examination of risk management, it is nevertheless possible that the takeover of quantitative results from stress testing results lead to misleading incentives. In other words, internal stress tests would deliberately be calculated positively in order to obtain lower P2R/P2G requirements. This is diametrically opposed to the basic idea of internal stress testing - making negative developments visible at an early stage and clearly identifiable. Subitem a. of par 112 should therefore be deleted.

Supervisors should also inform the institutions in an early stage on the regulatory changes that must be considered into the stress testing. (Paragraph 127).

It is also questionable whether the SREP Guidelines require the incorporation of certain – selected – paragraphs/sections of the Guidelines on internal governance or if it would be more convenient to state their general application by direct reference to them. This would avoid institutions and competent authorities a double process of interpretation, seeing as the SREP Guidelines only include certain extracts of the Guidelines on internal governance (without expressly excluding all the rest from the scope of the SREP assessment) and not always with the exact same wording. Some examples of these might be (paragraphs 91.j; 91.k; 92.h; 94.e; 96.h; 97.b; 97.h; 97.i; 100.4. (See annex 1).

EBA should provide more precision on the definition of the risk strategy and other risk-related concepts:
• Throughout the document, some risk-related terms are used not always consistently, creating confusion (e.g. “risk strategy”, “risk appetite”, “risk appetite statement”, “risk management framework”, “risk policy”). Also, there is no definition of the “risk policy” (see Paragraph 100 f)) neither in the SREP Guidelines nor in the EBA Guidelines on internal Governance.
• Additionally, the risk strategy seems to encompass the risk appetite and the risk management framework under the EBA Guidelines, but the SREP Guidelines frequently treat risk appetite and risk management as separate elements from the risk strategy (e,g. paragraph 99 “ Competent authorities should, in particular, assess if there is an appropriate and consistent link between the business strategy, risk strategy, risk appetite and risk management framework, capital and liquidity management frameworks”).

With regard to the use of peer groups, these should be explicitly communicated to the institutions, including the methodology for peer group formation. Transparency is important in this step so that institutions may have the opportunity to comment on their classification and possible relevant differences with peer banks. This approach would also enable institutions to gain a better understanding of the regulatory approach and promote the learning of best practices within their peer group.

It is important that the SREP assessments are conducted taking into account the wide-array of national differences that may exist within subsidiaries of CRD institutions, and which are taken into account in the Guidelines on internal governance inter alia, in paragraph 83, 87 and 196 (see Annex 2). The way in which group-wide arrangements, processes and mechanisms are implemented in a Group’s subsidiaries will depend on whether the subsidiaries are themselves subject to CRD on an individual level and, importantly as regards subsidiaries not themselves subject to CRD, on whether these arrangements, processes and mechanisms can be accommodated to their national laws and regulations, given that, in many instances, subsidiaries will have to make the necessary changes in group policies, processes and mechanisms in order to comply with their national law. The draft SREP Guidelines should thus not only envisage whether “group-wide policies and procedures are implemented consistently at subsidiary level” but also note that the assessment to be done by competent authorities will duly account for national differences and the principle of proportionality.

It should also be noted that diversity targets will only be measurable once the deadline set by the institution, if applicable, has been met. Therefore, diversity targets should not be measured before these deadlines and should not imply any downgrading of SREP scores for the institution.
The EBF welcomes the transparency of the draft Guidelines related to the methodology of computation of the Pillar 2 Guidance and the clarification provided in relation to its link to relevant supervisory stress tests (including those performed by the EBA), yet is of the opinion that the Guidelines should provide further clarity. The possibility to update the computation of a P2G using a simplified version of a stress test is also welcomed. Notwithstanding this, it would be urgent to specify how the results of supervisory stress tests are used to determine P2G and provide more detailed, quantitative explanations on the inclusion of stress test results in P2G, e.g. concerning the set of risk factors and the calibration of such factors. This is essential for the harmonization of supervisory stress test scenarios across jurisdictions. Significant differences between the calibration of NCAs stress tests will on the other hand cause a fragmented setting of the P2G throughout the EU/EEA and thus be an additional source of regulatory divergences.

Furthermore the current draft states that supervisors should determine P2G based on the change observed in the CET1 ratio. Based on this, a bank with a higher CET1 ratio will, if the same stress is applied, be required to meet a higher P2G than a bank with a lower CET1 ratio. This should be reviewed and it is suggested that the applicable parts of the TSCR is used when determining the P2G.
In addition, it also noteworthy that internal stress testing results should have no quantitative effect on the P2G as this would create disincentives for the institutions when designing stress tests.

The draft Guidelines should also clarify the implications of breaching the P2G vis-à-vis other requirements. In this regard, it would be welcomed that the Guidelines establishes the proper framework to understand the “binding degree” of this guidance/recommendation and in the same vein to include a menu of options available to supervisors in case banks breach the P2G.

The EBF opposes the requirement that imposes to institutions to meet their P2G requirement only with CET1 instruments. Instead, intuitions must be allowed to use other capital instruments as allowed for P2R.
We also understand only to a limited extent the arguments put forward by the EBA at the hearing on 16 January 2018. In EBA's view, P2G in the form of CET 1 is necessary because P2G protects" the combined buffer requirement.
According to paragraphs 384 et seq., P2G has to be measured so high that sufficient capital is available that even in an adverse stress scenario the TSCR is not breached over a period of at least two years. On the one hand, this would allow to reduce buffer capital in the case of a loss. On the other hand, AT 1 capital instruments are also suitable for absorbing losses. In this way, an adverse scenario that would materialize could initially be absorbed by AT 1 capital without the buffer requirement being affected. But even if the losses extend to the buffer, compliance with the TSCR would still be guaranteed. In our view, the requirement to use only CET 1 for the P2G would be far too conservative, which is why we are strongly in favour of allowing other capital instruments similar to Art. 92 CRR.

The requirement in par 400 is not in line with the recent understanding of the stacking order that is given in par 394 and is also being discussed in the current review of the CRD. As the P2G should first of all assure that institutions do not breach the TSCR in adverse situations, it should be possible, that a shortfall of AT 1 and T2 capital instruments is covered by P2G.
In addition to that is should be on the discretion of the competent authority how to communicate the overall capital requirements. It is common practice that some supervisors only communicate a desired CET 1-ratio but not an overall capital requirement. This leeway should be maintained. We therefore ask to delete par 400 and 401 as well as the table in chapter 7.9.

Double counting of risks should be avoided. We note that the Table 8. Supervisory considerations for assigning a score to capital adequacy introduces as a new input to determine the capital score and therefore the Pillar 2R whether or not the institution is able to comfortably meet its P2G. According to this, we understand that the same risks that justified a determined Pillar 2G could also impact on Pillar 2R in case the institution is breaching, or close to breach, the Pillar 2G. We see this as a source of double counting since the same risk could be considered twice in Pillar 2 decisions. It should also be added that the notion of “comfortably” is subjective and adds an additional discretionary element to the buffer.
In addition, EBA should also explain which particular aspects of the P2R can also be taken into account in the P2G (paragraph 393).

Overlaps between P2G and other applicable macro-prudential measures should also be avoided. In this sense, competent authorities should consider the extent to which the existing combined buffer requirements and other applicable macro-prudential measures already cover risks revealed by stress testing. Competent authorities should offset P2G against the capital conservation buffer (CCB), as P2G and CCB overlap in nature. Furthermore, while no overlap is in principle expected between P2G and the countercyclical capital buffer (CCyB), competent authorities should, in exceptional cases, offset P2G on a case-by-case basis against the CCyB based on the consideration of underlying risks covered by the buffer and factored into the design of the scenarios used for the stress tests, after liaising with the macro-prudential authority.

Currently ECB and EBA diverge in their publications over the inclusion of the systemic risk buffer in the stressed minimum capital requirements. That is, ECB’s ICAAP Guides offset P2G against both the capital conservation buffer and the systemic risk buffer. These differences in approach have a very material impact on the minimum capital requirements; e.g. inclusion of the SRB in the minimum requirement might raise this minimum CET1 ratio with 3.0 %-points. Such differences in the requirements greatly complicate capital planning at banks, but are also unnecessarily damaging for both investor’s and consumer’s confidence in banks.

At this respect, it is also important to note that transparency is crucial and information on possible overlapping and the avoidance of double counting should be made available for banks. The ‘opportunity to comment’ that is provided to banks on the SREP’s draft decision can only be fully seized if all the relevant information is disclosed.

P2G should not be taken into account in the recovery plan. In addition to capital planning and risk management, the guidelines set P2G should also be taken into account in the recovery plan. We interpret this passage as meaning that P2G should also be taken into account when determining the threshold value of the recovery plan indicator CET1 quota prescribed by the EBA. However, we believe that P2G should not be included in the recovery plan for the following reasons:
a) The P2G requirement is above the combined capital buffer requirement and does not impose any automatic distribution restrictions (MDA) in accordance with Art. 141 of the EU directive 2013/36/EU.
b) Consideration of the P2G requirement with the threshold value of the Recovery Plan Indicator CET1 ratio would run counter to the buffering concept of the combined capital buffer requirement - which deliberately provides for a temporary shortfall in the event of a crisis.
c) Inclusion of P2G in the threshold value of the Recovery Plan Indicator CET1-quota could result in an ad hoc obligation (at the latest after falling below the threshold value) and thus the (unintended) publication of the P2G requirement.

Capital resources should be above the P2G requirement in day-to-day business operations (no crisis) and the latter should therefore only be anchored in risk management as an early warning signal. In the event of a crisis, it must be possible to temporarily fall below the P2G requirement without having to make an automatic decision about a recovery state. P2G should therefore not affect the recovery plan."
The EBF recommends not requiring the disclosure of P2G. Pillar 2 disclosure requirements should be limited to P2R, which can be relevant for investors since it has an impact on the Maximum Distributable Amount.
Notwithstanding this, concerns arise from the possibility that local authorities (e.g. market authorities) may require the disclosure of P2G, which is likely to create disclosure pressure across the markets and possibly make the requirement binding. In this sense, the EBF recommends to EBA to specify that P2G disclosure should not be required by local authorities under any circumstances.
Supervisory stress testing:

The concepts of “baseline” and “adverse” scenarios should be defined more precisely. In addition, the links between both scenarios with the EBA stress test exercise should be clarified. Additionally it should be emphasized that the stress test should not become an excessive administrative burden taking into account the size and the business model of banks according to the proportionality principle.

It should clearly be a role for supervisory stress testing to challenge institutions’ own stress testing and to support supervisors’ decisions. There must however be a balance between the emphasis put on supervisory stress tests in decision-making and the quality of the whole stress testing process.

Stress testing is becoming a maturing discipline, but in a supervisory stress test where different participating institutions use different models, it may still be a challenge to make reliable comparisons between institutions. Such comparisons should therefore be used carefully. Supervisory bodies in different countries require stress test results with different degree of details and on different forms and formats. It might be more efficient and time-saving – both for the participating institutions and for the supervisors – to establish a general interface organised like a database.

A characteristic of severe downturns is reduced economic activity, reduced fixed in-vestments, fewer transactions on the housing market as well as reduced risk appetite among financial institutions, with negative credit growth as a consequence. Banks’ balance sheets will reflect the contraction in terms of reduced credit exposures, which in turn also have a mitigating impact on the increase in risk exposure amount that comes with reduced credit quality. Thus a credit growth different from zero – and in stress scenarios normally below zero - can be considered a dynamic balance sheet assumption.

A static balance sheet assumption implies on the other hand zero credit growth, and can - inter alia - be used as a way to isolate the credit quality impact on the risk exposure amount. It is a useful assumption for such a purpose, but it can also be seen as an assumption that reduces the realism and thus the probability of a scenario. The approach should therefore be applied carefully, and if results are published, the consequences of the approach on the results should be communicated.

While it makes sense to compare recovery scenarios used in recovery plans with ICAAP and ILAAP scenarios, recovery scenarios are not comparable with supervisory stress test.
• The consultation document proposes in point 574 the use of supervisory stress test outcomes and scenarios as additional source in the assessment of institutions’ recovery plans, in particular, when assessing the severity of scenarios. In that respect, the EBF is of the opinion that that recovery scenarios are based on specific risks and vulnerabilities of the entity, so it makes sense to compare them with other internal stress test scenarios such as ICAAP or ILAAP.
• However, recovery scenarios are not comparable with the supervisory stress test outcomes, as they have different processes, purposes and methodologies (recovery scenarios are focused on the entity’s risks while supervisory stress is common for all entities).

For the purposes of supervisory dialogue with institutions regarding the outcomes (point 584.c), more transparency would be appreciated in terms of the identified sources or deficiencies which leads to supervisory measures.

The EBF welcomes the initiatives to encourage the dialogue with colleges of supervisors overseas when applying supervisory stress testing to cross-border groups (point 585). In particular, paying particular attention on scenarios definitions and the range of risk factors provided.

Regarding the publication of results of supervisory stress test, although this is always done by Competent Authorities, banks should consent the publication after checking that the final version is consistent with the final submission. In this regard, in point 586 which covers the publication process should be complemented with comments on that respect.

The EBF is supportive on the recommendation addressed to Competent authorities according to consider appropriate timelines for conducting supervisory stress tests.


Stress test results as an input to calibrate P2G:

The EBF is of the opinion that supervisory stress test outcomes may serve as a relevant input for determining P2R/P2G. In that sense and concerning point 580, the EBF does not see the relevance of establishing a predefined target capital ratio by competent authority that defines a pass or fail. It should be noted that such approach was last applied in 2014’s EBA wide stress test exercise where no SREP programme was in place.

When determining the size of Pillar 2 Guidance, the EBA draft guidelines set (paragraph 395) that competent authorities should consider the year when maximum stress impact occurs in relation to the starting point and time horizon of the scenario of stress tests. A more holistic view on how losses are distributed over the forward looking time horizon would be needed. In this sense, the EBA proposal which focuses on the year when maximum stress impact could, in some cases, distorts the results.

Regarding paragraphs 385(*) and 580(*) in EBF’s opinion, the criteria that justify the following circumstances; (1) Banks participating in the same wide-stress test exercise may have different target-levels depending on the jurisdiction; and (2) Banks participating in the same wide-stress test exercise, even in the same jurisdiction, may have different target-levels justified by idiosyncratic reasons, should be more objectified and harmonized. Otherwise, the EBA guidelines would leave supervisors with wide leeway to size the pillar 2G without the due transparency between the supervisor and the specific institution.
(*) Paragraph 385 states: “In cases where a pre-defined target ratio is set for a system-wide stress test (including country level stress tests) as referred to in paragraph 580, the competent authorities should assess the adequacy and quality of the institution’s own funds also considering such target ratio” and;
(*) Paragraph 580 states: “Competent authorities may also consider setting pre-defined target capital ratios, especially in the context of system-wide stress tests (including country level stress tests), or setting general or idiosyncratic thresholds. In such cases, those must be suitable by taking into account the supervisory objectives….”


ANNEX 1:

Examples of inconsistencies between both texts: the new EBA Guidelines on internal governance (EBA/GL/2017/11) and the SREP guidelines:

Paragraph 91 j) – “ the internal governance framework is set, overseen and regularly assessed by the management body ” where the Guidelines on internal governance provide that “ the internal governance framework and its implementation should be reviewed and updated on a periodic basis taking into account the proportionality principle, as further explained in Title I ” (para. 27).

Paragraph 91 k) – “ the internal governance framework is transparent to stakeholders, including shareholders ” where the Guidelines on internal governance state that “ the structure of an institution and, where applicable, the structures within a group, taking into account the criteria specified in Section 7, are clear, efficient and transparent to the institution’s staff, shareholders and other stakeholders and to the competent authority” (para. 71).

Paragraph 92 h) – “ appropriate internal governance practices and procedures are in place for the management body and its committees, where established ” which has no clear direct reference to the Guidelines on internal governance.

Paragraph 94 e) – “ institutions have implemented independent whistle-blowing
processes and procedures ” where the Guidelines on internal governance are much
more flexible in this sense (“ it should be possible for staff to report breaches outside regular reporting (e.g. through the compliance function, the internal audit function or an independent internal whistle-blowing procedure)”, para 118; “ institutions may also provide for a whistle-blowing process ”, para. 120).

Paragraph 96 h) – “ the institution has the capacity to produce risk reports and uses them for management purposes and whether such risk reports are: i. accurate, comprehensive, clear and useful; and ii. produced and communicated to the relevant parties with the appropriate frequency” which has no clear direct reference to the
Guidelines on internal governance.

Paragraph 97 b) – “[the internal audit function] has its purpose, authority and responsibility defined in a mandate that recognises the professional standards and that
is approved by the management body” where the Guidelines on internal governance do not envisage the obligation of the management body to approve said mandate.

Paragraph 97 h) – “[the internal audit function] adequately covers all areas in a risk-based audit plan, including ICAAP, ILAAP and new product approval process
(NPAP)” which has no clear direct reference to the Guidelines on internal governance.

Paragraph 97 i) – “[the internal audit function] determines if the institution adheres to internal policies and relevant EU and national implementing legislation and addresses any deviations from either” which has no clear direct reference to the Guidelines on internal governance.

Paragraph 100 a) – “the responsibility of the management body in respect of risk strategy, risk appetite and risk management framework is exercised in practice by
providing appropriate direction and oversight” which has no clear direct reference to the Guidelines on internal governance.
Saïf Chaibi
+3225083711