On 10 January 2023, the PRA published a letter setting out its 2023 supervisory priorities for UK deposit takers.

The priorities include the following:

• Credit risk: In recent years, firms have tightened underwriting standards, enhanced forbearance tools, and increased operational preparedness for collections. However, these enhancements are untested under the current combination of risk factors. Therefore, it is important that firms ensure their credit risk management practices are robust, portfolios are closely monitored, customer support and collections arrangements are appropriately scaled, and expected credit loss provisions are recognised in a timely manner.

• Financial resilience: The PRA will continue to focus on financial resilience, through ongoing assessment of individual firm’s capital and liquidity positions as well as how these may evolve in light of potential headwinds. The PRA expects firms to take proactive steps to assess the implications of the evolving economic outlook on the sustainability of their business models. This should include consideration of broader structural changes to the banking sector such as the evolution of new financial technology competition. In terms of risk management and governance, the market reaction to Russia’s invasion of Ukraine, and volatility in the nickel and long-dated gilt markets, reinforced the importance of a robust risk culture and sound risk management practices at firms. In 2023 firms must ensure that the lessons from past crises are definitively learned in full, and thoroughly embedded across the first and second lines of defence. The PRA will continue to assess firms’ risk management and control frameworks through individual and cross thematic reviews.

• Operational risk and resilience: Following PRA Supervisory Statement 1/21 ‘Operational resilience: Impact tolerances for important business services’ firms are, by now, expected to have identified and mapped their important business services (IBS), set impact tolerances for these, and commenced a programme of scenario testing. In the coming year, the PRA’s focus will be on using this framework, and the testing that firms are conducting, to assess whether they can remain within their impact tolerances for each IBS in the event of a severe but plausible disruption to their operations. Furthermore, the PRA has seen a material increase in services being outsourced, particularly to cloud providers, as such, firms are expected to manage the risk arising from this accordingly. The PRA will also be continuing to monitor firms’ use of new technologies, such as crypto products, and advancements in asset tokenisation. The PRA expects firms to have fully understood the impact of offering crypto products on their operational resilience, and to have met the supervisory expectations set out in SS1/21 before engaging with these opportunities in any material way.

• Real Time Gross Settlement (RTGS): The Bank of England (BoE) is introducing the delivery of ISO 20022 messaging in CHAPS on 19 June 2023 as part of the RTGS Renewal programme. The PRA expects firms to be ready for this change, ensuring cut-over to the new messaging standard without interruption to customer payments or liquidity management. A number of similar ISO migrations are happening in parallel, and firms should be clear on the dependencies between them in their own systems, including in the event of further changes to the timelines for one of more of these events.

• Model risk: To support the strengthening of model risk management (MRM) practices in firms, the PRA published Consultation Paper 6/22 ‘Model risk management principles for banks’ and expects to publish finalised MRM principles in H1 2023. The PRA will expect firms to review these and make any changes to their MRM approach that are necessary to ensure they comply with the principles.

• Data: Firms should consider the thematic findings set out in the PRA’s communications on regulatory reporting to inform how best to improve their submissions going forward. The PRA will continue to use skilled person’s reviews in this area in 2023. Furthermore, the PRA will be engaging with firms in 2023 on which data they collect as part of the Banking Data Review, and will continue to consult firms on the long-term reforms to the way they collect data as part of the Transforming Data Collection Programme.

• Financial risks arising from climate change: The PRA has found that firms have taken tangible and positive steps to implement the PRA’s expectations, however, the level of embeddedness varies from firm to firm and further progress is needed by all firms within scope of Supervisory Statement 3/19 ‘Enhancing banks’ and insurers’ approaches to managing the financial risks from climate change’. Firms are expected to take a proactive approach to addressing risks in this area, with the recent Dear CEO letter highlighting the progress made by firms since the publication of SS3/19 providing some specific examples of areas where, by now, firms would be expected to demonstrate capabilities in meeting supervisory expectations.

• Other areas of supervisory focus: Diversity, equity and inclusion (DEI) remains an important focus and a topic the PRA expects firms to continue to embed in their cultures. The PRA plans to issue a consultation paper in 2023 setting out proposals to introduce a new regulatory framework on DEI in the financial sector. Finally, the Bank, as resolution authority, and the PRA continue to prioritise resolution as this is an important component of ensuring that the UK has a resilient, efficient and competitive banking system. The Resolvability Assessment Framework (RAF) applies to firms where the preferred resolution strategy is bail-in or partial-transfer. These firms should continue to work to ensure that they achieve and can continue to maintain, the resolvability outcomes of the RAF, and ensure that they are transparent in their disclosures about their preparations for resolution.