David Bailey and Laura Wicks of PRA have written to UK deposit takers about supervisory priorities for 2024. The Dear CEO letter stresses that this sets out the regulator’s thematic priorities, and complements its ongoing firm-specific work. Key points within the letter are:
- the need for robust governance, risk management and controls to enable proactive identification, assessment and mitigation of risks;
- the need for boards and executives continually to challenge their structures, processes, capabilities and information;
- strong cultures that promote safety and soundness;
- appreciation that previously unthinkable events could happen – especially with novel technologies;
- PRA will be focusing on each of the following areas, and explains what it expects firms to be doing to address regulatory concerns:
- credit risk and the need to build on risk appetites and underwriting standards that firms have adopted;
- financial resilience – including the need for firms to consider how depositor behaviour is changing and changes in bank funding and liquidity conditions;
- operational resilience – PRA reminds firms they have until March 2025 to meet its SS1/21 requirements, and show they can remain within impact tolerances for all their “important business services”. It also urges firms properly to manage the increasing levels of large, complex IT infrastructures within the sector;
- model risk – PRA expects firms to have considered their model risk management frameworks and prepared remediation plans to ensure they meet the PRA’s new expectations which take effect in May;
- data risk – PRA continues to drive home the message that complete, timely and accurate regulatory returns are critical;
- financial risks arising from climate change; and
- resolution and recovery.