Successful structuring of regulatory audits as a bank? With Backing your external audit!
Audits are a vital instrument used by banking oversight authorities worldwide. Bank audits can be leveraged perform thorough analyses of various risks, internal auditing systems, business models, and corporate governance models. For the institutions being audited, however, these kinds of audits are associated with enormous workloads and expenditures. Accordingly, it is of key importance to understand the underlying motivation, the specific procedure, and the corresponding backgrounds to regulatory audits.
With the objective of increasing transparency in oversight practice, the European Central Bank (ECB) recently published its Guide to on-site inspections and internal model investigations.
Institutions need to have a solid understanding of auditing and react accordingly. Audit execution can be rendered efficient and resource-conserving by having a structured approach and determining corresponding measures before, during, and after an audit.
Background and development of regulatory measures
The European System of Financial Supervision (ESFS) was founded in 2011 in the interest of central steering in banking and financial oversight. In addition to harmonizing regulatory requirements on the European level, it also guarantees consistent and uniform oversight of institutions. Supervision is performed in line with a risk-based approach under which the intensity of oversight is based on the significance of an institution.
In order for an institution to be classified as “system-relevant,” at least one of the following five criteria needs to be met:
- Size: Total asset value exceeds €30 billion
- Financial support: It has requested or received funding from the European Stability Mechanism or the European Financial Stability Facility
- Cross-border activities: The total value of its assets exceeds €5 billion and the ratio of its cross-border assets/liabilities in more than one other participating Member State to its total assets/liabilities is above 20%
- Economic importance: For the specific country or the EU economy as a whole
- Top 3 – Banks: The institute is one of the three most-important banks in a specific country
System-relevant banks are subject to direct ECB oversight. A “Joint Supervisory Team” (JST) is formed for each such institution. Those teams consist of employees from the ECB as well as the national regulatory authorities (in Germany’s case, the Bundesbank and Federal Financial Supervisory Authority). System-relevant banks are subject to a much higher frequency of special audit measures in accordance with their significance and position in national and international interbank relationships.
Regulatory auditing priorities of the Federal Financial Supervisory Authority, Bundesbank, and the ECB
In line with risk-oriented oversight as well as effective and efficient auditing practice, both the national supervisory authorities and the ECB define auditing priorities on a regular basis. In Germany, they are defined jointly between the Federal Supervisory Authority and the Bundesbank.
Central issues here include:
Sufficient capitalization to bridge times of economic crisis,
Liquidity requirements in order to guarantee the solvency of credit institutions at all times, and
Appropriate risk control mechanisms to identify risks at an early stage as well as analyze, correctly classify, and manage those risks.
Every year, new auditing priorities are established for additional scrutiny alongside the central issues named above. The following diagram shows a review of the supervisory priorities for the year 2018.
Review of the supervisory priorities 2018
The supervisory authority has already defined new significant risk factors for the year 2019 and will be prioritizing those points increasingly. One of them is non-performing loans (NPLs), as the current aggregate level of NPLs remains elevated compared to international standards. Credit risk remains an important supervisory priority, resulting in a focus on the lending guidelines of banks. In the field of risk management, the supervisory authority is placing focus on the targeted review of internal models (TRIM), primarily models for assessing credit risks. It is in this field especially that audits will continue to be performed based on internal capital and liquidity adequacy assessment processes (ICAAPs and ILAAPs). Banks also need to make preparations for the the United Kingdom’s upcoming departure from the EU, which will also be monitored by the supervisory authority with a high level of priority. The following diagram re-summarizes the supervisory authority’s auditing activities.
Supervisory Priorities 2019
Procedure and scope of regulatory audits
Not only is the number of regulatory audits constantly rising, the complexity of the requirements being audited is too. This leads to a high level of resource expenditure as well as harsher sanctions and fines for non-compliance with obligations among banks.
Furthermore, audits are frequently performed on short notice to guarantee the attainment of audit objectives and evaluate a realistic picture of the actual situation. It becomes necessary to process a highly comprehensive and detailed level of documentation in the shortest period of time. During the average auditing period of around six to eight weeks, one must count on a high number of staff being directly involved in the audit and an institution experiencing an extremely high workload. The involvement of many resources and the comprehensive scope pursued by on-site auditors regularly lead to an increased level of objection points. Those objection points then need to be cleared swiftly after the audit. Here, too, the institution must count on seeing a high workload.
Targeted and effective steering is required to attain organized structuring for a pending audit. Audits often cover multiple – and tangent – departments, making close and diligent collaboration an absolute necessity. Furthermore, daily operations are usually hampered during an audit period by requests for information and meetings. Strategic planning for the institution’s audit execution and efficient corresponding processes can compensate for that additional workload. Specific resolution proposals and professionalism increase the probability of a positive audit outcome.
Phase-oriented procedural model by Q_PERIOR
Bank audits generally follow specific frameworks. These frameworks provide an opportunity for institutions to prepare for a corresponding audit in a structured, efficacious manner. In order to obtain positive audit results, it is essential to perform front-to-end analysis of the audit process. That is why we recommend subdividing an audit into three phases:
Phase 1: Preparation for an audit
As soon as an audit date is announced, preparation work should start immediately. Here, Q_PERIOR provides support via a project team of experts experienced in business auditing and audit consulting. Preparation places particular focus on setting up central project management (single point of contact) to guarantee uniform communication and reporting channels and ensure consistent tracking. Additionally, tangent internal departments need to be notified of the audit at this point, as scope can also cover adjacent fields like the professional implementation of requirements, process integration, and IT implementation.
Once a request for information is issued, Q_PERIOR will prioritize items in collaboration with the client. The next step involves inventory and documenting processes, evaluating them, and updating them as needed. Parallel to this, potential weak points are identified and workarounds are created accordingly.
In addition to professional consultation, audit preparation also has a focus on briefing staff. Q_PERIOR provides targeted coaching to sensitize staff for audit interviews. We additionally study and optimize processes, and then document them in a brief, easy-to-follow, and concise manner. This process map provides staff with guidelines they can use to elucidate process sequences in detail.
Phase 2: Support during the audit
The project management created during Phase 1 then provides support through the structured management of requirements throughout the audit. Deliverables, deadlines, and current status are managed and maintained in a transparent manner. This enables ongoing reporting to the respective managers at all times during an audit for a clear picture with respect to current status and points that remain open. This approach avoids unnecessary work and secures steerability during an audit.
Individual documents and evidence are frequently requested by auditors on short notice during audits. With our expertise, those documents and items of evidence can be revised or created on an ad-hoc basis in line with the audit focus. Requirements-oriented coaching for staff is also provided during this stage in order to prepare for interviews on short notice.
Providing ongoing assistance for auditors and the corresponding high workload often result in individual employees being unable to process day-to-day business with the usual level of quality. Q_PERIOR provides relief with qualified consultants and support in standard operations to guarantee staff can fully focus on an audit.
In light of the growing number of transnational requirements, the regulatory foundations for audits are frequently written in English. Thanks to our years of experience, we are able translate and interpret those requirements for our clients and summarize them in a meaningful manner in guidance documents.
Phase 3: Follow up – Post-processing an audit
After completion of an on-site audit, the results are summarized in an audit report. In addition to objection points, audit reports also specify deadlines for their resolution. However, follow-up work should indeed start one step earlier. Immediately after ending the audit measures and before issuance of the official audit report, Q_PERIOR explores potential courses of action together with the client to ensure on-time implementation of the requisite measures and avoid potential sanctions being issued by the supervisory authority. It is of vital importance to efficient audit follow-up that the requisite actions be prioritized. Having garnered a wealth of experience in audit consulting, we collaborate with the client to create a tailored plan that accounts for all of the institution’s specific factors and facilitates complete and lasting resolution of all objection points.
Prioritization is followed by the operative processing of all objection points. The first step is to elaborate various execution options and evaluate them together with management. Accordingly, Q_PERIOR and the client establish the optimal resolution approach accounting for all individual circumstances. Then comes execution, which can take place in conjunction with support from and, upon request, steering by Q_PERIOR.
Phase 3 of our procedure model concludes with lessons learned. A workshop is held with all stakeholders for communication and documentation of the mutual experience and insights gained (depending on audit scope, it may also make sense to have multiple sessions). The findings from the workshop can be used to prepare for potential follow-up as well as for future audits. This furthermore provides an additional final overall assessment of internal processes and general procedure. Upon request, Q_PERIOR will host and document these workshops and prepare findings accordingly.
Added value through our new service Backing your external audit
Q_PERIOR combines professional and administrative banking know-how in regulatory audits to provide comprehensive and impactful assistance. This makes it possible to process objection points efficiently and lastingly reduce them.
Organization: Targeted and focussed assistance that is oriented toward the specific challenges of the respective phase and can be structured to align with requirements.
Collaboration: Q_PERIOR carries out teamwork in a manner characterized by collaboration, partnership, and constant communication. The wealth of experience wielded by our consultants means they can be deployed with a high degree of precision in an operational role as well.
Costs: The structured procedure, strategic and operative support, and tailored approach model lead to an expenditure reduction before, during, and after an audit. The potential for synergy is also recognized at an early stage.
Results: The results are what count at the end of a project. Q_PERIOR puts results into context and prepares them accordingly to ensure they can be applied in a lasting, versatile manner.
Steering: Q_PERIOR is a highly experienced partner offering full audit assistance, “front-to-end,” without the client having to relinquish the rudder.
If you are interested in receiving professional and successful assistance for your audit, simply contact us.
Q_PERIOR will also be happy to provide audit simulation in advance in order to identify potential weak points in the implementation of regulatory requirements as well as any corresponding need for action to make sure you are “audit-proof.”