How to get ready for the ECB knock on your door: 3 ways to prep for your TRIM audit
With the objective of regaining public trust in banks’ regulatory capital, the European Central Bank (ECB) is performing a Targeted Review of Internal Models (TRIM) and already began sending out teams of auditors to banks’ offices.
Some 68 banks are in the scope of this Europe-wide review, and the ECB has conducted more than 100 reviews in 2017. For those banks whose internal models have not yet been scrutinized, there’s still time to prepare for the audit in three critical areas: documentation, documentation, documentation.
Humor aside, banks can take important steps to make the audit smoother, and at the same time, you can use the TRIM process to make sure your bank’s internal model framework is a tool for improving the business, and not only a means for meeting regulatory requirements.
What to expect
The audit is intended to improve credibility and confirm the adequacy and appropriateness of approved Pillar 1 models. In addition, the project was designed to reduce inconsistencies and unwarranted variability in calculations of risk-weighted assets (RWAs) and capital requirements. Depending on what the ECB finds, banks will be required to take specific actions to improve their internal models.
In a worst-case scenario, banks could be required to stop using particular internal models for certain asset classes and adopt standard approaches, which would increase the bank’s capital requirements. Even if a bank does well, it’s still likely that the ECB’s inspectors will find areas of improvement in the bank’s model framework that would require follow-up and remediation.
In this context, TRIM might be seen as an opportunity for banks to improve internal processes. A comprehensive assessment of banks’ internal models will put light on key issues in modelling practices, providing banks with valuable information on their risk-management practices.
BDO is deeply involved in the ECB’s onsite inspection process, as a member of the pool of auditors who have been selected to assist the ECB inspection team during the so-called “missions.”
What the ECB wants
From my perspective, banks should focus on being able to answer the following key questions during the review of their Internal Model Validation processes:
- Which models are your bank using?
- Why is your bank using the respective models (e.g. to model which type of risk)?
- What data are the models relying on, and do you ensure the quality of that data?
- How were the models built (e.g. what is the calculation behind the model)?
- How does your bank make sure the models operate properly (e.g. what is the validation processes)?
- How are the models back-tested?
To answer these questions to the ECB’s satisfaction, I have three suggestions.
Recommendation 1: Perform a health check
Banks’ internal models will be inspected by the ECB for the first time as part of the TRIM review. Previously, those models were approved by each country’s regulator. This means that models used by banks in the eurozone have not yet been harmonized or subject to the same supervisory practices.
One typical problem is that internal models no longer fulfil the same purpose they did when that model was initially approved by supervisors in an individual country. Another problem is that a bank may have introduced new internal models or modified models heavily without the changes having been approved.
A good place to start is to conduct a health check or pre-audit with an external party that will evaluate existing documentation and highlight potential problems that may arise in the actual audit. The goal should be to understand the scope of models your bank is using, and, based on this understanding, provide the right documentation about the bank’s internal model framework. It sounds simple, but models have become increasingly complex since they were introduced under Basel II, making them difficult to map correctly and to understand.
Banks will also need to document the work of their internal validation team and provide internal audit reports. With these documents, a pre-auditor will be able to flag those points that may draw the scrutiny of the ECB.
Recommendation 2: Do a dry run
After a health check, the next step is to do a dry run with the selected external party. The dry run will highlight potential gaps relating to TRIM investigation and could help improve the outcome of the inspection.
Some banks use hundreds of models to estimate different types of risk, and many models were custom-built or adapted and reworked many times over. Therefore, I recommend using a risk-based approach for selecting the models on which you will do a deep-dive review. For example, portfolios with low default rates can be particularly difficult to model, and this should be taken into account in the selection process. In my opinion, these are the areas to focus on in anticipation of the ECB running its own calculations with the models.
As discussed, the results of the audit could impact a bank’s business significantly, leading to costs for migrating to different models or even prompting some banks to leave a particular line of business. These are additional reasons for a dry-run that will help your bank prepare for questions about governance and internal controls, and prove that data quality is sufficient.
Recommendation 3: Get your documentation lined up
In the ECB’s TRIM guide, there’s a full section on documentation requirements. It spells out which types of documentation will be needed on the first day of the audit and at which level of detail. I know from speaking with people in the market that some banks are scrambling to put their documentation together.
Since many banks are under cost pressure, the task of getting documentation together often becomes a matter of resources. Banks may have too few people who can pull together the documentation for too many models, and they may have trouble hiring and retaining staff with the right skills to oversee and manage models for the long term. Both points can lead to weak spots or blind spots regarding models.
For these reasons, my third recommendation is to find the resources necessary to get documentation lined up before the ECB shows up, and keep in mind that the ECB will also be examining the governance that is in place for overall model monitoring – e.g. the ECB wants to know which high-level process your bank is using to monitor the monitoring of models.
All in all, those banks that act early to prepare with house-cleaning, a dry run and immaculate documentation will save themselves time, money and effort in the long run.
Indeed, I do expect the audits to uncover problems with internal procedures, internal controls, governance, data quality and resources related to models. This will mean the next step is remediation actions of some sort. The question is whether those actions are small changes or big changes to a bank’s operations.