On 20 August 2018, the European Central Bank (ECB) published a presentation which introduces its views on “empty shells” and booking models.
The ECB’s supervisory expectations cover a broad range of topics and focus on the risk framework from a first / second line perspective, and will be used in the assessment of Brexit cases and for carrying out ongoing supervision of existing banking groups that undertake capital markets operations. The ECB’s expectations are in line with the October 2017 European Banking Authority opinion on key principles on internal governance, outsourcing, risk transfer and “empty shells”.
The ECB’s supervisory expectations regarding the assessment of booking models on risk management and governance span five areas:
- internal governance, staffing and organisation. The ECB’s expectations include that a robust governance and risk management framework is in place, including relating to documentation. Entities within the Single Supervisory Mechanism (SSM entities) should be adequately staffed with sufficient knowledge, experience, capabilities and technology to manage both the existing and relocating business and associated risks;
- business origination and financial market infrastructure (FMI) access. This includes no heavy reliance on third country risk hubs, SSM entities are expected to manage their market and counterparty risk independently and have independent trading capability as well as diversified counterparties within the EU27. When accessing FMIs via a third country entity or branch, SSM entities should consider which alternative FMIs are available in the event that their access to these FMIs via the third country entity or branch is lost or no longer guaranteed. Cost synergies are not to be used as the sole determining factor for utilising third-country risk hubs;
- booking and hedging strategy. Local decision making capacities must be safeguarded, SSM entities to retain control over the balance sheet. Hedging strategies, procedures, controls and governance in a booking model policy must be clearly defined;
- intragroup arrangements. Undue complexity should be avoided, there should be ability to independently monitor and manage risks arising from intragroup exposures; and
- IT infrastructure and reporting. This covers the ability to produce daily complete and accurate reports. In a crisis, operational continuity and access to necessary operational assets should be ensured via adequate contractual provisions and business continuity plans.