Global Equity Finance Businesses – the PRA/FCA require urgent action

Following global losses of over $10 billion suffered through the failure of Archegos Capital Management earlier this year, the PRA and the FCA have engaged in a multinational review and assessment of the losses conducted by the major global regulators, particularly focusing on counterparty risk management. 

The UK response - under the umbrella of the Bank of England - was a ‘Dear CEO’ letter sent in December to selected firms, operating in this space, requiring review and assessment of their equity financing business .

The regulators are highly concerned that the lessons learned in the 2008 Global Financial Crisis have either been forgotten or that changes made to risk management practices were not embedded in firms’ operations strongly enough. 

In their letter the Bank of England identified several common key deficiencies: 

• A risk culture where first line of defence business executives failed to take accountability for ownership of their risk

• An independent, second line of defence, risk function that lacks standing and authority.

• A lack of holistic management of risk across business units.

• An absence of comprehensive limit frameworks.

• Too narrow a focus on onboarding arrangements.

• An inadequate reassessment of client relationships thereafter and,

• Senior management incentives that did not promote safe, sound and sustainable outcomes for the firm.

Whilst this particular episode did not result in financial instability, it led to material losses for a number of firms and highlighted the effects of high leverage in the non-bank sector on other counterparties and markets. 

Given the impact of these issues and to try to prevent a recurrence, the PRA and FCA have set out a remediation process for these firms to which they are attaching great importance. 

All firms who have been sent this letter are expected to carry out a specific and systematic review of their equity finance business coupled with its risk management and controls and benchmarks, and then extend that review to consider the regulators’ observations across the broader areas of all its sales and trading business. This should include coverage of all prime brokerage services. 

Time is limited and relevant firms have to submit their findings to the PRA and FCA jointly by the end of Q1, 2022, together with remediation plans where appropriate.  

Following their usual practice of personal accountability, the regulators require relevant firms to nominate one or more Senior Managers to be responsible for providing the letter and any necessary remediation plan. 

The areas the regulators request to be systematically reviewed are: 

1.     Business Strategy and Organisation 

Senior management should ensure that equity finance business strategies are vigorously evaluated and challenged on an ongoing basis, with appropriate prominence given to business expertise, infrastructure, resources, and risk control considerations, commensurate with revenue projections and growth aspirations. 

Where equity finance products and structures with similar risk profiles are offered by more than one desk or business unit, firms should establish clear and detailed mandates for each of these businesses. 

Risk measurement, monitoring, and control frameworks, in both the first and second lines of defence, should be consistent and joined up across such business units, enabling a holistic approach to risk ownership and risk management. 

2.     Onboarding and Reputational Risk 

Firms should embed senior-level decision-making governance committees in their reputational risk and client selection processes, with escalation criteria clearly defined. 

These reputational risk processes should set out formal arrangements for holistic and dynamic re-assessment of client relationships on an ongoing basis. Firms should ensure there is adequate oversight of onboarding and reputational risk processes to ensure that the firm’s policies and controls are operating effectively. 

3.     Financial Risk Management Controls and Governance  

a.     Documentation Standards and Contractual Rights 

Firms should ensure that they have consistent and robust policies and procedures for the negotiation of client agreements and contractual terms, with such terms being suitable for the risk profile of each client. These arrangements should define a risk appetite related to documentation, setting out standard contractual terms for different types of client account and relevant investment strategies, irrespective of business unit. Processes should include appropriate escalation and governance procedures for contractual arrangements that are outside of established risk appetites. 

b.     Margining 

-Firms should ensure that the margin methodology used is appropriate for the risk profile of each client account. There should be clearly defined policies and procedures covering different types of margin methodology adopted by firms for products with a similar risk profile.

 -In the first instance, firms should rigorously review any such differences in methodologies, and their suitability for use in specific agreed circumstances. Different business units offering similar products should apply a consistent margining methodology and risk appetite unless specific exemptions are agreed, based upon legitimate risk management grounds. 

-Margin models should be appropriately calibrated, reflecting effectively different exposure profiles including concentration risk and illiquidity of each client portfolio. Firms should establish a formal risk appetite for deviations from their standard margin terms and put in place arrangements to measure and monitor exposures against this risk appetite. 

This risk appetite, measurement and monitoring process should be independently owned by the second line of defence. Firms should define and agree formal actions and escalations with respect to any breach of this appetite. 

c.      Ongoing Due Diligence and Disclosures 

Firms should systematically review their risk appetite for accounts that do not provide wider disclosure of their investment strategy, leverage and financing relationships. 

Risk management practices, including client onboarding decisions, setting of risk limits and margin requirements, should formally take into account the level of disclosures provided by individual accounts. 

Firms should review their use of public sources of information covering economic and ownership interests in securities, ensuring that their approach is sufficiently comprehensive. Furthermore, firms should assess their ongoing account due diligence processes to ensure that adequate proof, supporting assurances and verification is sought with respect to client financial disclosures. 

d.     Risk Management and Governance 

• Risk management resources supporting risk ownership within the first line of defence should be proportionate to the size and complexity of the business activity. Where no dedicated in-business risk resources are employed, firms should ensure that the scale, nature and complexity of their business activities are appropriately calibrated to the front office’s capacity and capabilities.

• Where firms offer similar products and structures across different business units, they should ensure that in-business risk resources, where deployed, support risk ownership holistically across all such units.

• Firms should review their risk culture and assess the stature and prominence of their independent risk management function. Firms’ boards should satisfy themselves that this function has sufficient investment, tools, resources, expertise and status, to ensure its impact on decision making. Furthermore, there should be appropriate checks and balances in place to ensure that the role of independent risk management within the firm is adequately supported and reinforced by senior management on an ongoing basis.

• Firms should review their escalation policies and procedures within both the first and second lines of defence to ensure that escalation triggers for exceptions to risk appetite are clearly articulated and followed up in a timely manner. Management information supporting these escalations should be formally assessed by senior management and all relevant governance fora as fit for purpose.

• Firms should review legal entity booking frameworks, accountability and controls to ensure that clearly defined and well-understood roles and responsibilities are established for all relevant business managers, local legal entity control functions, registered Senior Managers and Committee structures.
  
  e. Limit Frameworks

-Firms should ensure that their independent counterparty risk limit and systematic exposure monitoring frameworks are sufficiently comprehensive to adequately represent their risk appetite for all types of client portfolio exposure, including highly concentrated positions under stress. 

-Sufficient resources and focus should be assigned to data quality issues and other modelling limitations in these risk measurement and monitoring tools, so that the outputs from these risk models are reliable. 

4.     Liquidation and Close-Out 

Firms should ensure that exposures are scaled and calibrated to their own capabilities to exit risk positions upon default of a counterparty. Furthermore, firms should put in place a default playbook setting out detailed scenarios, roles, and responsibilities that would support any future close-out and liquidation event. 

Whilst this ‘Dear CEO’ letter is aimed at selected firms operating in a defined space, much of it can be applied to the management of risk across the banking spectrum as a whole and highlights some of the areas that regulators will assess for weaknesses in the event of material losses. 

Authorised firms of all types would do well to study the letter and conduct a review of relevant areas to ensure that these weaknesses do not exist in their own institution. 

FMCR has considerable senior practitioner experience and expertise in first and second line of defence risk management both in the specific area of sales and trading businesses and more general areas of banking.  We can undertake both primary and secondary ‘health checks’ and provide an independent view to support and back-up the in-house resources. 

In the first instance please contact FMCR at contact@fmcr.com