On 10 January 2023, the PRA published a letter setting out its 2023 supervisory priorities for banks active in the UK.
The priorities include the following:
- Financial resilience: The PRA will continue to focus on financial resilience, through ongoing assessment of individual firm’s capital and liquidity positions as well as how these may evolve in light of potential headwinds. In terms of risk management and governance, firms are reminded that individuals within the senior managers regime will be accountable for their firm’s addressing the priorities set out in the letter.The market reaction to Russia’s invasion of Ukraine, and volatility in the nickel and long-dated gilt markets, reinforced the importance of a robust risk culture and sound risk management practices at firms. In 2023 firms must ensure that the lessons from past crises are definitively learned in full, and thoroughly embedded across the first and second lines of defence. The PRA will continue to assess firms’ risk management and control frameworks through individual and cross thematic reviews.
- Operational risk and resilience: Following PRA Supervisory Statement 1/21 ‘Operational resilience: Impact tolerances for important business services’ firms are, by now, expected to have identified and mapped their important business services (IBS), set impact tolerances for these, and commenced a programme of scenario testing. In the coming year, the PRA’s focus will be on using this framework, and the testing that firms are conducting, to assess whether they can remain within their impact tolerances for each IBS in the event of a severe but plausible disruption to their operations. Furthermore, the PRA has seen a material increase in services being outsourced, particularly to cloud providers, as such, firms are expected to manage the risk arising from this accordingly. The PRA will also be continuing to monitor firms’ use of new technologies, such as crypto products, and advancements in asset tokenisation. The PRA expects firms to have fully understood the impact of offering crypto products on their operational resilience, and to have met the supervisory expectations set out in SS1/21 before engaging with these opportunities in any material way.
- Real Time Gross Settlement (RTGS): The Bank of England (BoE) is introducing the delivery of ISO 20022 messaging in CHAPS on 19 June 2023 as part of the RTGS Renewal programme. The PRA expects firms to be ready for this change, ensuring cut-over to the new messaging standard without interruption to customer payments or liquidity management. A number of similar ISO migrations are happening in parallel, and firms should be clear on the dependencies between them in their own systems, including in the event of further changes to the timelines for one of more of these events.
- Data: Firms should consider the thematic findings set out in the PRA’s communications on regulatory reporting to inform how best to improve their submissions going forward. The PRA will continue to use skilled person’s reviews in this area in 2023. Furthermore, the PRA will be engaging with firms in 2023 on which data they collect as part of the Banking Data Review, and will continue to consult firms on the long-term reforms to the way they collect data as part of the Transforming Data Collection Programme.
- Financial risks arising from climate change: The PRA has found that firms have taken tangible and positive steps to implement the PRA’s expectations, however, the level of embeddedness varies from firm to firm and further progress is needed by all firms within scope of Supervisory Statement 3/19 ‘Enhancing banks’ and insurers’ approaches to managing the financial risks from climate change’. Firms are expected to take a proactive approach to addressing risks in this area, with the recent Dear CEO letter highlighting the progress made by firms since the publication of SS3/19 providing some specific examples of areas where, by now, firms would be expected to demonstrate capabilities in meeting supervisory expectations.
- Other areas of supervisory focus: Diversity, equity and inclusion (DEI) remains an important focus and a topic the PRA expects firms to continue to embed in their cultures. The PRA plans to issue a consultation paper in 2023 setting out proposals to introduce a new regulatory framework on DEI in the financial sector.