- The CBSL Direction No. 09 of 2021 requires to identify the full range of recovery options available to a licensed bank to deal with shocks to capital, liquidity, and all other aspects that may arise from institution-specific stresses, market-wide-stresses, or a combination of both, effective 30 June 2022.
- Each licensed bank shall have an RCP Governance Framework in place and shall identify critical functions and critical shared services of the banking group; recovery indicators, recovery triggers, recovery actions (short term, long term, and intermediary); and conditions or threshold for activation of resolution measures.
- Recovery plans (RCP) components to draw from and align with existing risk management processes on capital, liquidity, stress testing, business continuity, among others.
- A properly formulated RCP acts as a tool and prompts management to take appropriate actions to restore the bank’s financial strength and viability on time to prevent, mitigate, or manage the plausible adverse financial and non-financial impacts.
Ernst & Young Sri Lanka (EY Sri Lanka), together with Ernst & Young India LLC (EY India), successfully conducted two webinars on the Central Bank of Sri Lanka (CBSL) Direction No. 09 of 2021 on Recovery Plans. The webinars were very well-received by the CRO Forum and risk and compliance professionals in the banking industry and was conducted by subject-matter experts Rajith Perera, Partner – Financial Accounting Advisory Services, EY Sri Lanka, and Sanjay Pantula, Director – EY India. The CBSL Direction No. 09 of 2021 requires to identify the full range of recovery options available to a licensed bank to deal with shocks to capital, liquidity, and all other aspects that may arise from institution-specific stresses, market-wide-stresses, or a combination of both.
Rajith Perera, Partner, Financial Accounting Advisory Services, EY Sri Lanka emphasized the importance of establishing a robust governance framework and effectively embedding RCP within the existing risk management framework. He also stressed the importance of looking at the RCP from a broader risk type perspective and not restricting RCP scope to capital, liquidity, and other selected risks.
What is an RCP and why is it critical: Historical large-scale financial crises demonstrate the destabilizing effect that severe stress events banks can have on the overall financial stability of the capital markets, banking system, and economy. The purpose of an RCP is to provide the bank with a governance framework to effectively and efficiently address the financial effects of such severe stress events and avoid failure or resolution. A properly formulated RCP acts as a tool and prompts management to take appropriate actions to restore the bank’s financial strength and prevent, mitigate, or manage the plausible adverse financial and non-financial impacts.
An RCP’s components should draw from and align with existing risk management processes on capital, liquidity, stress testing, business continuity, among others. A bank’s corporate governance framework and risk control culture should be robust, effective, comprehensive, and proactive enough to identify, report, escalate and respond to early warning indicators timely. In essence, an RCP should be integrated into and complement the bank’s existing risk governance framework.
The key element of an RCP – triggers and indicators: Triggers and indicators alert the management of severe stress situations to the financial strength and viability of the bank. Banks are required to perform an analysis of intragroup and external dependencies and systemic interconnectedness associated with their business strategy, risk appetite, continuum of business-as-usual operations, business model, and organizational structure and set triggers and indicators. A trigger or an indicator can be quantitative or qualitative and should be well defined, plausible, and tailored to the risks faced by the bank.
Trigger and indicator thresholds are set at different levels so that adequate response time is available for the bank to trigger initial recovery options. Stress scenarios help the management to identify, develop, calibrate, and validate the appropriateness of triggers and indicators. Among other areas, triggers and indicators should be set covering bank’s financial position and performance (revenue sources, funding sources, profitability, liquidity, capital, and other key financial parameters) and other changes such as asset quality impairment, significant market share or operational losses, destructive cyber attacks, leadership vacancies, material litigations and counterparty action, natural disasters, potential disruptions to supply chain, and other idiosyncratic and market-wide parameters.
The likelihood and severity of the breach of triggers and indicators should be assessed under each risk type individually and at the aggregate level. These risk assessments should be extended to assess the overall impact on the bank’s risk appetite and other material financial, non-financial, and regulatory indicators. The senior governance committees should review and challenge current, forecasted, and backtested results to determine that defined triggers and indicators remain relevant and responsive to the changing macro and micro factors. This process may result in making some adjustments to existing strategies, triggers, and recovery plans. The bank may run firm or group-wide simulation tests to ensure that the overall RCP governance framework remains fully compliant, resilient, and fit-for-the-bank’s strategies and risk exposure.
What are CBSL expectations under RCP Direction No. 09 of 2021: The CBSL Direction is effective from 30 June 2022. Licensed banks with assets above one trillion rupees are required to formulate and submit RCPs to the Director of Bank Supervision annually by 30 June of each year or whenever the recovery plan is significantly amended. Licensed banks with assets below one trillion rupees shall maintain RCPs from 30 June 2022 and such RCPs will be subject to review during the CBSL statutory examination. In addition, licensed banks are required to immediately inform the Director of Bank Supervision when a bank reaches a trigger point activating RCP actions or experiencing a higher level of stress.
Accordingly, each licensed bank shall have an RCP Governance Framework in place and shall identify critical functions and critical shared services of the banking group; recovery indicators, recovery triggers, recovery actions (short term, long term, and intermediary); and conditions or threshold for activation of resolution measures. An RCP then should outline recovery options to deal with shocks to capital, reduction in revenue and profitability, withdrawal of deposits and other funding arrangements, difficulties in raising funds at current market rates, adverse court orders, or other adverse changes in the macroeconomic environment. The RCP shall integrate with the bank’s existing business continuity plan and factor in any legal, reputational, and operational impediments on a timely and effective implementation of the recovery options.
RCP shall be approved or endorsed by the Board of Directors for locally incorporated banks. Each licensed bank requires to appoint a member of senior management to oversee the RCP process and allocate sufficient resources to support the RCP process. The roles and responsibilities of each person involved in RCP should be clearly defined, assigned, and documented. A bank’s recovery planning process should be an iterative and dynamic process and be updated at least annually or whenever necessary. A communication plan on the RCP shall be in place, and all information shall be current and part of the prevailing risk data aggregation and reporting process.
Rajith Perera, Partner, Financial Accounting Advisory Services of Ernst & Young
EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.
This news release has been issued by Ernst & Young Sri Lanka.