Toronto Centre provides high quality capacity building programs and guidance for financial supervisors and regulators, primarily in developing nations, to advance financial stability and inclusion. Since inception, Toronto Centre has trained over 28,000 officials from 190 jurisdictions.

Supervision of Financial Institutions’ Business Models
Tuesday, Dec 10, 2024

Supervision of Financial Institutions’ Business Models

Financial institutions may fail due to underlying issues in their business models. Flawed business models may lead to inadequate capital, consumer misconduct, money laundering or market harm. The recent bank failures in 2023 highlighted the increasing need for supervisors to assess and intervene when business models pose risks to stability and integrity.

This Toronto Centre Note and accompanying podcast explores how financial supervisors can evaluate business models to prevent prudential and conduct failures and how to engage with boards and senior management on this topic to mitigate risks and ensure long-term resilience.

Speaker: 

Clive Briault, Chair, Banking Advisory Board, Toronto Centre

Host: 

Demet Çanakçı, Senior Program Director, Toronto Centre

Listen to the podcast here. Read the transcript hereRead their biographies here.

Read the TC Note:

TABLE OF CONTENTS

Introduction

Supervisory practices

Renewed impetus

How to undertake business model analysis

Governance

Assessing viability and sustainability

Standard metrics

Follow the money

External environment

Scenario analysis and stress testing

Peer group analysis

Support for supervisors

Business model analysis and risk-based supervision

Using the results of business model analysis

Governance

Financial resources

Changes to the business model

Overcoming supervisory (and financial institution) reluctance

Conclusions

Annex 1: Supervisory practices

Annex 2: Example of a supervisory approach to business model analysis

References

Copyright © Toronto Centre. All rights reserved.

Toronto Centre permits you to download, print, and use the content of this TC Note provided that: (i) such usage is not for any commercial purpose; (ii) you do not modify the content of this material; and (iii) you clearly and directly cite the content as belonging to Toronto Centre.

Except as provided above, the contents of this TC Note may not be transmitted, transcribed, reproduced, stored or translated into any other form without the prior written permission of Toronto Centre.

The information in this TC Note has been summarized and should not be regarded as complete or accurate in every detail.

SUPERVISION OF FINANCIAL INSTITUTIONS’ BUSINESS MODELS

Introduction1

Financial institutions fail for many reasons. These failures are often the symptom or consequence of one or more underlying root causes. Until recently most supervisory attention on root causes focused on weaknesses in corporate governance and risk management, but since the Global Financial Crisis there has been growing interest in financial institutions’ business models. This was given further impetus by the bank failures in 2023.

A misconceived (or poorly executed) business model may result in a financial institution becoming unviable (in the sense of having inadequate capital or liquidity) or causing significant harm to consumers, investors or market integrity through retail or wholesale misconduct, money laundering and other failings. Indeed, in some financial institutions business model weaknesses may be combined with weak corporate governance and poor risk management.

There is therefore a strong case for financial supervisors - across all sectors - to analyse the business models of the financial institutions they supervise (on a proportionate basis) and to intervene if necessary to reduce the probability of a flawed business model leading to prudential, conduct or other failures.  

Business model analysis should not be a stand-alone supervisory activity. It should be closely integrated with other aspects of supervision. It relates to how a strategy and business model are developed, overseen, executed, and updated in response to events; how the board and senior management of a financial institution understand the risk implications of their business model, including through scenario analysis and stress testing; and the linkages between business model risk, governance and risk management, and the adequacy of financial resources.

This Toronto Centre Note discusses ways in which supervisors can assess the business models of financial institutions, and can intervene to reduce or mitigate the risks inherent in a flawed business model. This should help supervisory authorities to consider how to incorporate business model analysis within their supervisory frameworks, and how to engage with the boards and senior management of financial institutions on this topic.

Supervisory practices

Supervisory review of business models is not an entirely new practice.

Many supervisory authorities require firms applying for authorization to provide a business plan and a description of their intended business model as part of the application process. Some supervisory authorities also require financial institutions to notify them of significant proposed changes to their business activities. However, any initial analysis of the business model may not be repeated or revisited once a firm has been authorized and as it grows and enters new lines of business.

Some international standard setters have included business model analysis within the expectation that supervisors should perform forward-looking assessments of financial institutions. And some supervisory authorities have increased their focus on business models following the Global Financial Crisis, when many financial institutions failed as a result of some combination of excessive risk-taking, weak corporate governance and risk management, and inadequate financial resources. Annex 1 provides some examples of these initiatives.

Renewed impetus 

The failures of Silicon Valley Bank and Credit Suisse in March 2023 gave renewed impetus to business model analysis.

In its report on these events, the IMF (2023) concluded that:

“Business model analysis has become integral to supervisory frameworks in many jurisdictions, supporting early identification of vulnerabilities and the supervisory dialogue on the sustainability of banks. Such scrutiny is a critical part of the ongoing supervision process and is updated to reflect the evolving macroeconomic outlook, market conditions, business environment, and bank strategy.”

Similarly, the Basel Committee (2023) concluded that the events:

“…. underline the importance of supervisors developing a thorough understanding of the viability/sustainability of banks’ business models as part of their supervisory process, including identifying any areas in which a bank is an outlier, so they can identify, assess, and take action to address any weaknesses at an early stage.”

These conclusions were reflected in the April 2024 revisions to the Basel Core Principles.2  Revised Core Principle 8 on Supervisory approach states that the assessment of business model sustainability is a key component of effective supervision, and a tool that supervisors should use to assess the safety and soundness of individual banks and the stability of the banking system.3

The Basel Committee emphasizes that when conducting business model analysis, the supervisor should assess the soundness of a financial institution’s strategies to generate sustainable returns, and its capacity to execute its business plan and strategy, taking account of potential changes in its operating environment (including the challenges posed by technology-driven innovation and digital finance). However, the ultimate responsibility for designing and implementing sustainable business strategies lies with a financial institution’s board.

Many supervisory authorities are taking steps to make business model analysis an integral part of their supervisory approach, either by adding it to their supervisory framework or by enhancing their existing work on business model analysis. Hopefully the Basel Committee will provide further guidance to help supervisory authorities develop their approaches to business model analysis, and to introduce greater homogeneity in these approaches across supervisory authorities.

Although the recent impetus for business model analysis originated from bank failures, business model analysis has clear benefits for supervisors across all sectors, and across both prudential and conduct supervision.

How to undertake business model analysis      

If a supervisory authority is going to make business model analysis an integral part of its supervisory approach, then it will need to decide how this analysis is to be undertaken; provide guidance to supervisors on this; and ensure that the necessary resources, skills, and expertise are in place to deliver high quality business model analysis. 

As with other aspects of risk assessment, business model analysis can be undertaken in part through off-site analysis of a diverse range of quantitative indicators and qualitative information. This is likely to include a combination of information that is already available to the supervisor (published accounts, regulatory reporting, ICAAPs, ORSAs, recovery plans, etc), and requesting additional information specifically for the purpose of business model analysis. Some supervisors may already be well positioned to undertake business model analysis, using existing information that has not previously been used to support business model analysis.

In addition, on-site interviews of senior management and directors can be used to provide valuable insights into how a financial institution determined its chosen business model; how this relates to the institution’s strategy and risk appetite; the expected risk-reward characteristics of the business model; and how the business model adapts to shifts in the external environment. 

Supervisory authorities should adopt a proportionate approach. As with risk-based supervision more generally, the intensity of business model analysis should depend on both the impact of the (prudential or conduct) failure of a financial institution, and the extent of the risks and vulnerabilities faced by a financial institution (the probability of a failure).4 

Governance

The board and senior management of a financial institution should establish its business model in a manner that is consistent with its strategy and risk appetite; understand the risks and vulnerabilities that its business model is exposed to; ensure that the business model is implemented effectively; and adjust the business model as circumstances change.

In their own business model analysis, supervisors should consider whether the board and senior management of a financial institution have undertaken these roles and responsibilities effectively, and therefore whether a financial institution’s business model is well governed.

Supervisors should ask the directors and senior management of a financial institution probing questions about:

  • How they established its strategy, risk appetite and business model
  • Whether the chosen business model is consistent with its strategy and risk appetite
  • Whether the board and senior management understand the risks and vulnerabilities, including through the use of scenario analysis and stress testing
  • How the board and senior management satisfy themselves that the business model is achieving the expected goals in terms of risks and returns
  • The ability of the financial institution to execute and - when necessary - to adjust its business model5

The strength (or weakness) of the governance and processes relating to a financial institution’s business model should determine the extent to which supervisors can place reliance on the institution’s own assessment of its business model. The quality of the governance of a financial institution’s business model should also feed into the supervisory assessment of the institution’s governance more generally.6

Assessing viability and sustainability

Viability and sustainability are more likely to be achieved when a financial institution is characterized, currently and prospectively, by:

  • Business plans based on a range of plausible assumptions about the future business environment
  • A strong competitive position in its chosen markets, and a strategy that is likely to maintain or reinforce this strength
  • Strong and stable profitability, consistent with, and sufficient to support, its strategy and risk appetite
  • Diversification (no excessive concentrations) of its assets and liabilities, and of its sources of income
  • Resilience to shocks
  • Strong governance and risk management
  • Adequate resources to support its business model, including financial resources, staffing, and IT
  • Capability to execute its business model and to respond to adverse developments7

Warning signs of non-viability and unsustainability are essentially the opposite of each of these characteristics, although this does not necessarily mean that a financial institution will fail as a result. Such warning signs include:       

  • Weak competitive position
  • Low and/or volatile returns
  • Rapid growth based on high-risk strategies, without commensurate governance, risk management and financial resources, or based on underpricing
  • Frequent shifts in strategy (and business model) to chase the latest opportunities
  • Vulnerability to external factors such as macroeconomic variables, technological innovations, and climate and biodiversity-related risks
  • Excessive asset and liability concentrations8
  • Complexities without adequate understanding and risk management
  • An excessive or poorly understood and controlled reliance on third parties (outsourcing)
  • Weak governance, risk management and resourcing

Supervisory authorities therefore need to decide how they are going to assess each of these characteristics of a financial institution, to reach a judgement about viability and sustainability.

The European Banking Authority (2022) provides an approach to business model analysis (see Annex 2) that incorporates most of the points discussed in this Note on assessing the viability and sustainability of a financial institution’s business model. Supervisory authorities might therefore want to consider this approach when developing their own approach to business model analysis. However, the EBA approach focuses primarily on the analysis of the business model itself. Supervisors should also focus on the governance issues discussed above.

Standard metrics

One starting point for business model analysis, and a way to provide both a degree of consistency and peer group comparison, is to use a set of standard metrics. These may extend beyond the usual regulatory ratios.

For all types of financial institution these metrics could include the return on equity; the volatility of profits, income and expenses; the return on assets; the cost to income ratio; measures of concentration (on both sides of the balance sheet, so for assets and liabilities); conduct and AML metrics such as the number of complaints and the number of suspicious transaction reports; and various capital, solvency and liquidity ratios.    

More sector-specific metrics could include the net interest margin (and the impact of changes in interest rates) and non-performing loans for banks; and net premiums, loss ratios (claims as a percentage of premiums), expense ratios, cost per claim, commission rates, and various measures of investment returns for insurers.

Some of these metrics can be calculated not only at group or parent level, but also for individual legal entities, geographies, business lines, etc.

However, while standard metrics may be useful in providing a common benchmark, identifying where a financial institution makes its profits and highlighting some vulnerabilities to external shocks, they are essentially backward-looking (they provide information on what has already happened, or are calculated using data submitted at the last reporting date) and may not be sufficient to assess viability and sustainability over the years ahead. Here, and elsewhere in business model analysis, it is therefore important that financial institutions and supervisors undertake a range of scenario analyses and stress tests (see below), to help to identify and quantify the potential impact of prospective shocks and other events on profitability and other metrics.

Moreover, some metrics may appear strong only because they are not risk-adjusted and may provide a misleading indicator of how well a financial institution might be able to withstand adverse events – the metrics may look much weaker when risks crystallize. For example, a financial institution pursuing a high risk and high reward business model may exhibit misleadingly strong metrics during the “good” years.

Follow the money

Understanding the business of a financial institution includes an understanding of how it makes its money. Standard metrics may help supervisors to identify how and where a financial institution makes its profits (and any losses). This could be supplemented by supervisors asking financial institutions for additional information, such as management information and other internal reports.

Analysis of where a financial institution makes its profits may reveal some surprising or unexpected results. For example, an institution may be making a large proportion of its profits from a small number of its business lines, or from business lines that (using measures other than profitability) are a relatively small proportion of the institution’s overall business activities, or from operations in one or more overseas operations.9

Another key issue that supervisors need to understand is whether the level and sources of a financial institution’s profits are consistent with the institution’s strategy and risk appetite. For example, supervisors should consider whether – and if so, why – a financial institution’s strategy is to expand business lines that appear to be unprofitable, or a financial institution is making high profits in areas of little strategic importance. Strategic decisions may also require a financial institution to change its business model, sometimes significantly.

In terms of risk appetite, supervisors should consider whether a financial institution is undertaking higher risk business without a commensurate risk/reward trade-off. For example, a strategy of achieving rapid growth based on underpricing to gain market share may expose a financial institution to relatively low profitability and a high risk of loss. Alternatively, a rapid growth strategy based on accepting high risk business may boost profitability in the short term but leave a financial institution exposed if the risks crystallize. Risks from rapid growth may be compounded by inadequate governance, controls and financial resources to support the rapid growth.

Bank of England (2014) offers an example of some of these supervisory considerations, in the context of an insurer seeking to increase volumes or to sell higher-margin products. This may be inherently risky, and the risks may increase if these markets are highly competitive, or if there are shifts in consumer preferences or the macroeconomic environment.

External environment

Financial institutions may have business models that leave them particularly exposed to vulnerabilities arising from external events. Boards and senior management – and supervisors – need to understand the extent to which external events could threaten the viability and sustainability of a business model. Financial institutions should also be prepared to change their strategy and business model in response to external shocks and other developments.

These events may include:

Changes in market structure - incumbent banks, insurers or securities firms may be following business models that fail to recognize the extent to which their profitability may be adversely affected by new entrants using new technologies. New entrants are likely to seek to capture market share in business lines that were previously a source of strong profitability for incumbent financial institutions (for example retail payment systems); and to use technology to reduce costs (for example by distributing digital financial products and services through the internet and mobile phones) and to make key business decisions more accurate and effective (for example credit scoring and insurance underwriting).

Another important aspect of market structure may be customer behaviour and the opportunities for customers to move their business from one financial institution to another. For example, Financial Stability Board (2024) discusses how deposit runs can be facilitated and accelerated by technology and social media, and finds that vulnerability to liquidity risks is a cross-sector issue that can emerge not only at banks but also at life insurers, and at managed funds (collective investment schemes) with large holdings of commercial real estate.

Macroeconomic developments – some financial institutions may be following a business model that makes them highly sensitive to macroeconomic variables such as economic growth, inflation, interest rates and exchange rates. For example, the failure of Silicon Valley Bank in March 2023 was in part due to a failure to anticipate the impact of an abrupt increase in interest rates on a large portfolio of fixed income bonds.

Asset and commodity prices – similarly, some financial institutions may be particularly sensitive to movements in asset prices (including equities, bonds and property prices) or commodity prices. In some countries many banks may have a common high level of exposure to their national government, creating the possibility of a “bank-sovereign doom loop”.10

Climate and biodiversity related risks – physical (for example temperature changes, droughts, flooding, rising sea levels, and damage to ecosystems) and transition (for example as a result of government taxes and subsidies intended to reduce climate change) risks may increase the inherent risks facing financial institutions, including adverse impacts on credit, insurance, market, and operational risks. Some financial institutions may be particularly exposed to these risks because their business model is focused on business lines that are heavily exposed to such risks (for example lending to, insuring, and investing in, customers from the agricultural and fossil fuel sectors, or to residential and commercial properties in regions subject to flooding and rising sea levels).11

Legislative and regulatory changes – the business models of some financial institutions may be sensitive to legislative and regulatory changes that have a significant impact on the profitability of some business lines.

Scenario analysis and stress testing

Financial institutions should – on a proportionate basis – be expected to run scenario analyses and stress testing.12 They can be used to analyze the impact of alternative scenarios and stresses relating to both the internal and external factors that might have an impact on the viability and sustainability of a financial institution’s business model.

Internal factors would include a financial institution’s chosen markets, lines of business, balance sheet structure, funding, concentrations of assets and liabilities, and changes in market structure; while external factors would include macroeconomic variables, asset and commodity prices, and climate and biodiversity-related risks.

The way in which scenario analyses and stress testing are conducted, and the use that is made of them, can tell supervisors a great deal about how seriously a financial institution takes business model analysis.

This should also be part of a more general supervisory expectation that financial institutions should (on a proportionate basis) undertake scenario analysis and stress testing; boards and senior management should oversee this process and discuss the results; and the results should feed into an institution’s strategy, risk appetite and business model.

Similarly, supervisors can undertake their own scenario analysis and stress testing as an input to their own assessment of the viability and sustainability of a financial institution’s business model.13        

Peer group analysis     

Failed financial institutions are often (but - importantly - not always) “outliers” compared to their peers. Business model analysis of a group of broadly similar financial institutions can reveal not just institution-specific supervisory concerns, but also concerns relating to differences in business models across financial institutions. For example, peer group analysis can identify which financial institutions are exhibiting:

  • An unusual business model in comparison with the rest of the peer group
  • Relatively rapid growth
  • Frequent shifts in strategy
  • Relatively high levels of risk taking
  • An unusual customer base (including high levels of exposure to connected parties)
  • Relatively high levels of concentration in assets or liabilities
  • Unusual balance sheet structures (for example the mix of assets or the sources of funding or capital)
  • Heavy reliance on third parties (outsourcing) to provide IT and other services (which could be a source of either strength or weakness)
  • Relative weaknesses in governance, culture, risk management, and financial resources

There is no shortage of examples of “outlier” financial institutions, including:

HIH - rapid growth; ill-advised expansion into new overseas markets; entering new lines of business where it had little or no experience; inadequately researched acquisitions and joint ventures; under-reserving and mispricing.14

Northern Rock - rapid growth; riskier lending (high loan to value ratios) than other mortgage lenders; highly competitive markets for lending and for retail deposits; over-reliance on wholesale funding.15

Lehman Brothers – rapid growth; high level of gearing; concentrated exposures to the assets (residential mortgages) underlying complex traded instruments; lack of board understanding of the risks being taken.16    

Silicon Valley Bank – rapid growth; concentrated deposit base in uninsured, on-demand deposits; sensitivity of fixed income securities portfolio to rising interest rates.17

Credit Suisse - succession of strategic shifts under a succession of CEOs; failure to execute plans to reduce the size of, and de-risk, its investment banking business; failure to address the cultural root causes of a succession of scandals and investment losses; low levels of profitability; high rates of variable remuneration (bonuses); inadequate recovery planning.18

In many of these cases, shareholders, customers, depositors and other market counterparties – rather than the supervisors of these financial institutions – eventually became the “judges” of business model viability and sustainability, with this loss of confidence proving fatal to the ability of these institutions to continue to operate. But the prospect of such a “tipping point” should have been identified – and acted upon – earlier by the boards and senior management of these institutions, and by supervisors. The absence or inadequacy of supervisory intervention led to the supervisors being overtaken by events.

To the extent that a financial institution is identified as an outlier, supervisors should consider how to engage proactively with the institution concerned to understand the risks and to assess whether the institution is capable of managing these risks effectively and holds sufficient financial resources to support these risks. Such engagement should intensify in line with the significance of the issues/risks posed.

Support for supervisors

As discussed above, supervisors should – on a proportionate basis - assess the sustainability and viability of a financial institution’s business model, based on quantitative and qualitative information. Supervisors should assess whether a financial institution’s business model is capable of generating strong and stable returns in the coming years, commensurate with its risk profile, and assess whether potential developments may adversely affect the business environment in which the institution operates.

Supervisors therefore need to be equipped with sufficient skills and expertise to be able to identify business model issues and to respond appropriately through supervisory intervention. This is likely to require a combination of:

  • Financial analysis skills.
  • The ability to discuss business models during on-site meetings with board members and senior management as part of a forward-looking and judgement-based assessment of a financial institution.19
  • An understanding of how financial institutions’ business models are evolving, and may need to evolve, in response to market, macroeconomic and other developments.
  • A willingness and ability of supervisors to initiate supervisory intervention.20
  • The use of specialist teams that might focus on macroeconomic developments, financial trends, peer group analysis, emerging risks, or provide specialist support in the analysis of specific risks such as credit, insurance underwriting, market, and operational risks.

Supervisory authorities should therefore consider the need to support supervisors through:

  • Changes to regulations or guidance to provide firm foundations for supervisory engagement on business models and to provide clarity and transparency to financial institutions on supervisory expectations in this area, including the processes and procedures for business model analysis, and the possible types of supervisory intervention that may result from this analysis.
  • Developing an internal framework that provides clear guidance to supervisors about the supervisory authority’s approach to business model analysis, including what should be assessed; how it should be assessed; how business model analysis can be linked to other risk assessments, including risk-based supervision and the supervisory review and evaluation of ICAAPs and ORSAs; what types of supervisory judgement might be reached; what constitutes a trigger for supervisory intervention; and what forms this intervention might need to take.   
  • Similarly to risk-based supervision more generally, establishing supervisory manuals for consistency of approach; standard data sets, IT analytical tools and processes for business model analysis; Review Panel oversight of assessments and proposed supervisory interventions; and a Quality Assurance function.21
  • Training and development to build the capabilities of supervisors.
  • The creation of specialist teams that focus on current and emerging risks, and on how financial institutions should be managing these risks.
  • Taking a proportionate approach under which detailed business model analysis is applied only to higher impact and higher risk financial institutions, while smaller and lower risk institutions are assessed primarily as a sector, with a focus on common vulnerabilities and outliers. Supervisory authorities undertaking business model analysis for the first time might begin with a small sample of major financial institutions, and use this to identify methodological issues within the supervisory authority, outlier institutions, examples of stronger and weaker business models, and examples of strong and weak governance of business models.

Business model analysis and risk-based supervision

Business model analysis could be conducted by supervisors as an entirely stand-alone exercise; as part of the supervisory assessment of a financial institution’s ICAAP or ORSA (as with the European Banking Authority (2022) approach described in Annex 2); or as a thematic approach (as with the European Central Bank (2018) review described in Annex 1).22 

However, a risk-based approach is the most efficient and effective way of identifying significant risks and seeking reassurance that these are being properly managed. As discussed in Toronto Centre (2020a), there is value and efficiency in integrating supervisory reviews into the broader risk assessment of a financial institution. Moreover, under a risk-based supervisory framework, supervisors are already expected to be at least mindful of financial institutions’ business models, even if they do not focus specifically on business model analysis.

There are close and iterative interlinkages between business model analysis and risk-based supervision. Business model analysis can provide a more rigorous and comprehensive understanding of supervised firms and risks as an input to risk assessment, while the process of undertaking risk-based supervision will itself provide insights into business models which can be built on as part of a more specific business model analysis.

As discussed in Toronto Centre (2018), key steps in risk-based supervision are to:

  • Understand the business of supervised institutions.
  • Understand significant activities – those which are potentially the sources of significant risks – and the inherent risks embodied in these activities.
  • Consider how effectively these risks are managed and controlled and whether the financial institution has sufficient financial resources to support the risks.
  • Take action to address significant weaknesses at an early stage.

Some supervisors might take the strategy and business model of a financial institution as “given,” and assess whether governance, controls and financial resources are sufficient and effective to reduce “net” risk to an acceptable level. This Note suggests that there is often a strong case for going further than this and viewing business models and the risks associated with them as a specific area of supervisory scrutiny, and intervening if the risks appear to be unacceptable or inadequately managed.

A deeper assessment of business models along the lines set out in this Note can support risk-based supervision by providing enhanced insights into a financial institution’s strategy; the identification of significant activities; the assessment of the inherent risks in significant activities (based on the risks and vulnerabilities arising from the business model); the quality of governance (based on discussions with the board and senior management about how well they understand and manage their strategy, risk appetite and business model); and the adequacy of financial resources to support the chosen business model.

The supervisory risk assessment of a financial institution can feed into business model analysis. The viability and sustainability of a business model cannot be assessed in isolation from the supervisory risk assessment of inherent risks, governance and risk management, and financial resources. This may include the supervisory assessment of a financial institution’s strategy as an inherent risk, and the analysis of the inherent risks and vulnerabilities across each significant activity that a financial institution undertakes. Moreover, the assessment of the "Earnings" component of financial resources should be a key element of business model analysis because earnings are key to the ability of a financial institution to generate sufficient capital to support its growth.23 

Whether or not supervisors undertake a separate and comprehensive business model analysis there is a strong case for supervisors, having completed their risk assessment for a financial institution, to stand back and pull together the relevant elements of the assessment – perhaps in combination with some additional analysis - to determine whether the financial institution has a viable business model.

The supervisor might take the same approach to a small number of other high-level considerations, including an overall supervisory view of a financial institution’s financial resilience and operational resilience.24 These high-level considerations can be captured in additional “boxes” sitting above the risk matrix, which can be used by the supervisor to provide an organizing framework for the overall risk assessment, for communicating this assessment to the financial institution, and for structuring supervisory intervention.25  

For example, the Office of the Superintendent of Financial Institution’s (2024) new risk-based supervision framework uses four such high-level categories:

  • Business risk (the viability of a financial institution's business model, its relation to strategy and risk appetite, and the ability of the institution to execute its plan)
  • Financial resilience
  • Operational resilience
  • Risk governance

The UK PRA (2023a and 2023b) uses five high-level categories, which are similar to OSFI’s except for the addition of resolvability:

  • Risk context (which includes Business risk)
  • Operational mitigation (governance, risk management and controls)
  • Financial resilience
  • Operational resilience

Using the results of business model analysis  

Having undertaken business model analysis, whether on a stand-alone basis or as part of a wider risk assessment of a financial institution, supervisors should consider whether any supervisory intervention is then necessary, and if so, what form such intervention should take.26     

As with any other supervisory intervention, supervisors should begin by communicating clearly their supervisory findings and recommendations to the financial institution. Supervisors should then seek a constructive dialogue with the financial institution to explore ways forward, in the expectation that “moral suasion” might be effective.

However, and again as with other supervisory interventions, if moral suasion does not lead to the desired supervisory outcomes, then supervisors will need to consider the use of more formal requirements to achieve a viable and sustainable business model.

Three broad approaches to supervisory intervention can be considered here, if a supervisor has concerns about the viability or sustainability of a financial institution’s business model.

Governance

A supervisor might seek to test – not least through discussions with the financial institution’s board and senior management – whether a financial institution has fully considered its chosen business model, including the risks and vulnerabilities associated with it, and that this has been properly discussed by the board of the financial institution. A supervisor should address the issues covered in the section on Governance on pages 4-5 above.

For example, the supervisory analysis of a financial institution’s business model may identify significant vulnerabilities, risk concentrations, or other aspects of the business model that the supervisor judges should be identified, addressed and mitigated by the board and senior management of the institution.

If a financial institution can provide sufficient assurance to the supervisor that its strategy, risk appetite and business model are properly governed, then the supervisor might take some comfort about the business model and the governance and risk management of the financial institution.

However, if such assurance is not forthcoming then a supervisor should intervene with the objective of improving the governance and risk management of the financial institution, so that the risks and vulnerabilities inherent in the business model are adequately understood, governed and managed. As a first step here, a supervisor should seek to persuade the board and senior management of a financial institution to undertake a more in-depth analysis of its business model.

In this situation the supervisor might also - if they have the powers to do so - consider imposing a “Pillar 2” capital requirement to provide an incentive to the financial institution to improve its governance and risk management, and in the meantime to provide a capital buffer in case the financial institution begins to make unexpected losses as a result of the crystallization of the risks and vulnerabilities inherent in its business model.27    

This is no different conceptually from supervisory interventions in response to other supervisory concerns about governance and risk management.

Financial resources

Even if a supervisor judges that a financial institution’s business model is well governed and managed, the risks and vulnerabilities might be judged by the supervisor to require the financial institution to hold additional capital and/or liquidity to protect itself against unexpected losses or funding pressures (such as a high rate of deposit or other liability withdrawals).

For example, scenario analysis and stress testing (by either the financial institution or the supervisory authority) might reveal that a financial institution needs to hold additional capital or liquidity, so that it would be able to meet some minimum capital, solvency or liquidity ratio even if various scenarios and stresses were to occur.

Again, this is no different conceptually from supervisory interventions more generally in response to concerns about the adequacy of a financial institution’s financial resources.28    

Changes to the business model

As mentioned earlier in this Note, international standard setters and individual supervisory authorities are clear that it is the responsibility of the shareholders, board and senior management of each financial institution to determine its business model. Moreover, supervisors may be concerned about the moral hazard that could arise if a supervisor instructs a financial institution to change its business model and the institution then fails (when perhaps it would not have failed had it stuck with its original business model).  

The key question here is whether the combination of a financial institution’s business model, inherent risks, governance and controls, and financial resources is acceptable to a supervisor. If the combination is not acceptable, then a supervisor needs to consider which elements need to be improved to create a combination that is acceptable to the supervisor. This may be possible through improvements in governance and controls, and/or through a financial institution holding sufficient financial resources.

However, a supervisor may conclude that improvements in governance and financial resources are unlikely to establish a position in which the risks and vulnerabilities inherent in the institution’s business model are mitigated sufficiently, even by a high standard of governance and by a high level of financial resources. There may not be any acceptable combination if the business model is too badly flawed – for example because the business model is essentially reckless. In these relatively extreme circumstances, a supervisor may seek changes in the business model itself. It might be possible to achieve this through discussions with the board and senior management. But if this does not work then the supervisor may need to be more directive in requiring a financial institution to change its business model so that it is less subject to risks and vulnerabilities.

This is no different conceptually from situations in which – within a risk-based supervision framework – an inherent risk is judged by a supervisor to be too high to be capable of being adequately mitigated by some combination of governance, risk management and financial resources. A supervisor might then restrict the business activities of a financial institution (through limits on the type or amount of business it can undertake, or restrictions on the distribution channels it can use).

There may also be occasions where a supervisor requires a financial institution to change its business model (or at least its organizational structure) in response to concerns that it is not possible to supervise the institution effectively29, or that the business or structure of the institution prevents it (or the resolution authority) from developing a credible recovery (or resolution) plan.30          

A supervisor might also use a potential requirement on a financial institution to change its business model as a “last resort” option that might need to be activated if a financial institution was unwilling or unable to implement sufficient improvements to its governance and financial resources.

For example, as is clear from the Federal Reserve Board (2023) report into the failure of Silicon Valley Bank, there were opportunities for the supervisors to have intervened more forcefully in the governance of the bank’s business model, the use of scenario and stress testing, and contingency and recovery options in the event of deposit withdrawals. If these interventions had failed to result in a situation that was judged to be acceptable to the supervisors, then they might have had to resort to requiring the bank to change its business model.

Overcoming supervisory (and financial institution) reluctance

A supervisory authority, or an individual supervisor, may be reluctant to intervene in matters relating to a financial institution’s business model, even with respect to the governance and financial resources issues discussed above. This could arise where:

  • A supervisor is more comfortable analyzing risks and completing a risk matrix than taking supervisory actions. Business model analysis could be a sub-set of this unwillingness or inability to focus on supervisory intervention.
  • A supervisor views business model analysis as judgement-based, leading to results that contain a high degree of uncertainty, and do not provide a sufficiently robust basis for supervisory intervention. This may be compounded where supervisors have a low level of expertise on strategies, business models, and scenario analysis and stress testing.
  • A financial institution is currently comfortably compliant with all regulatory requirements, including those relating to minimum capital, solvency and liquidity ratios, governance and risk management; and the institution has healthy profits, a strong share price, and a good market reputation. In these circumstances, a supervisor may be reluctant to take pre-emptive actions on the basis that a business model may become unviable or unsustainable at some point in the future.
  • A supervisor views any supervisory intervention relating to business models as interfering in matters that are the responsibility of a financial institution.
  • A supervisor may be concerned that they do not have the formal powers to require a financial institution to improve its governance or to hold additional financial resources in response to concerns about the institution’s business model.
  • Business model analysis can be a resource intensive activity that is not adequately resourced supported by the senior management of the supervisory authority.

Similarly, financial institutions may push back along much the same lines, not least by questioning the legal basis on which a supervisor is intervening, and by instigating political and industry-wide push back on the basis that supervisors are “overstepping the mark” and are being excessively intrusive with respect to the governance and business decisions of financial institutions.

These considerations reinforce the need for a supervisory authority to:

  • Establish clarity and transparency over supervisory expectations in this area, at an early stage, which may require changes in regulations or supervisory guidance.
  • Include (on a proportionate basis) on-site discussions about strategy and business models with boards and senior management as part of the standard approach to the risk assessment of larger and more systemically important financial institutions.
  • Communicate supervisory judgements on business model analysis to financial institutions within the context of broader risk assessment and supervisory interventions, so that business model analysis can reinforce other judgements (for example with respect to weak governance, poor risk management, risk concentrations, vulnerabilities to external events, and the adequacy of financial resources).
  • Discuss internally whether business model analysis and supervisory intervention in response to this analysis is significantly different from other aspects of supervision and other areas of supervisory intervention.

Conclusions

This Toronto Centre Note has explained why business model analysis is important for supervisors, how it can be undertaken, how it can be integrated within risk-based supervision, and the supervisory interventions that might follow from it.

This is consistent with supervisory authorities becoming more judgement-based, forward-looking and proactive, and with supervisors becoming more willing to exercise their powers to intervene. It is also consistent with supervisory authorities learning from past failures of financial institutions, which in some cases were the result of those institutions following unviable business models. This has been reinforced by reviews of the bank failures in 2023, and by the greater emphasis on business model analysis in international standards, in particular the Basel Core Principles.

Supervisory authorities are becoming more focused on identifying financial institutions’ vulnerabilities at an early stage, and on intervening accordingly. This includes supervisors:

  • Taking a proportional approach reflecting the significance of each financial institution.
  • Understanding how a financial institution generates its profits.
  • Assessing the risks and vulnerabilities that different business models are exposed to, such as macroeconomic developments, changes in market structure, technological innovation, and emerging risks.
  • Considering whether a financial institution has adequate governance, risk management and financial resources in place to support its business model.
  • Intervening where necessary (depending on the powers available to a supervisor) to improve the governance and financial resources supporting a business model or, in extreme cases, to change the business model itself.

Annex 1: Supervisory practices

The Financial Stability Board (2010) included business model assessment among its recommendations for the more effective supervision of systemically important financial institutions.

The 2012 version of the Basel Core Principles31 noted that evolving supervisory tools, such as monitoring frameworks, stress testing, and business model analysis, should be part of progressively more forward-looking supervisory approaches.

Similarly, the Insurance Core Principles, and in particular the additional “Common Framework” for internationally active insurance groups32, refer to a supervisor understanding an insurer’s strategy and business model as one component of a supervisory evaluation of the insurer’s business, financial condition, conduct of business and overall risk profile33; and to a supervisor assessing the alignment between an internationally active insurance group’s competitive position, business plans and strategy, risk appetite, and risk carrying capacity.34

The European Banking Authority (EBA) positioned business model analysis as a key element of the supervisory review and evaluation process (SREP). Chapter 4 of the EBA’s SREP guidelines is devoted to business model analysis.35 This states that:

“Without undermining the responsibility of the institution’s management body for running and organizing the business, or indicating preferences for specific business models, competent authorities should conduct regular business model analysis to assess business and strategic risks and determine:

  • The viability of the institution’s current business model on the basis of its ability to generate acceptable returns over the following 12 months
  • The sustainability of the institution’s strategy on the basis of its ability to generate acceptable returns over a forward-looking period of at least 3 years, based on its strategic plans and financial forecasts.”

Under the EBA’s approach, business model analysis should support the assessment of other elements of the SREP, including the identification of an institution’s key risks and vulnerabilities, and the adequacy of its financial resources.36 Business model analysis, and the assessment of viability and sustainability in evolving economic and business environments, should feed into an assessment of whether a financial institution has an acceptable process for assessing its overall capital adequacy in relation to its risk profile, and should enable supervisors to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular financial institution.37  

The UK Prudential Regulation Authority (PRA) describes business model analysis as a central part of its forward-looking and judgement-based supervisory approach.38 Ahead of the Global Financial Crisis supervision did not focus sufficiently on some aspects of a financial institution’s business model, such as how it made profits and whether it could continue to do so for the foreseeable future.

To be confident that financial institutions will remain viable over the longer term, the PRA assesses whether an institution’s profits are sustainable. Business model analysis helps the PRA to understand the sources of an institution’s profits, and what might happen in the future to threaten these profits. Business model analysis should also help to identify whether an institution’s profits are in line with the risks it is taking – supervisors should look closely at cases where a financial institution has a high-risk business model but is consistently making a low rate of return (or is making high returns from supposedly low risk business).

Business model analysis can therefore contribute to the ability of the PRA to:

  • Focus its limited resources on financial institutions and areas of business that have the most potential to threaten the PRA’s supervisory objectives
  • Take a forward-looking view and to respond pre-emptively on the basis of what could go wrong in the future
  • assess the adequacy of a financial institution’s governance, risk management and financial resources
  • Contribute to surveillance of risks to the financial system as a whole (financial stability)

Similarly to the EBA, the PRA is careful to stress that it is not the PRA’s responsibility to manage a financial institution, nor to determine or approve its business model.

Based in part on the EBA (2014) guidelines, the European Central Bank (ECB) undertook a thematic review between 2016 and 2018 of the profitability drivers and business models of the major banks in the European single currency area.39 The review included:

  • Assessing the consistency of the strategy, governance and risk appetite of the banks
  • Assessments of the sustainability of the banks’ net income, governance arrangements to steer profitability, and their ability to deliver/execute their strategies
  • Analyzing the composition of the banks’ income and cost by business lines, and how it would evolve over time
  • A profitability forecast exercise based on the banks’ own forecasts using selected profitability indicators on a three-year time horizon

The ECB concluded that:

  • The profitability and sustainability over the medium term of several banks’ business models were questionable and/or uncertain, because of high non-performing loan levels, competitive pressures, high cost to income ratios, and the impact of low interest rates on these banks
  • Levels of profitability varied significantly across banks - banks that were more cost-efficient, more diversified and had better internal processes to steer profitability generally performed better than their peers
  • Some banks struggled to adjust their business models to increase their profitability and to reach their long-term profitability objectives

The ECB communicated the findings of individual reviews to each bank; sent letters to each bank outlining its conclusions and recommendations, and in some cases setting out risk-mitigation actions; used the findings to contribute to the business risk assessment of each bank as part of its subsequent SREP; and in some cases undertook subsequent deep-dives and on-site inspections for individual banks.  

Annex 2: Example of a supervisory approach to business model analysis

European Banking Authority (2022) approach to business model analysis

The European Banking Authority guidelines suggest that supervisory authorities should:

  • Assess the business environment in which the financial institution operates
  • Undertake quantitative and qualitative analysis of an institution’s business model
  • Consider the strategy and financial plans of the institution (including planned changes to the business model)
  • Assess the viability of the business model and the sustainability of the strategy
  • Identify key vulnerabilities to which the institution’s business model and strategy expose it or may expose it
  • Consider taking any necessary measures to address problems and concerns

Preliminary assessment

A preliminary assessment could be based on the financial institution’s:

  • Key business and product lines and geographical locations
  • Strategic plan(s), and planned changes, with current-year and forward-looking forecasts, and underlying economic assumptions
  • Financial reporting (including profit and loss, and balance sheet statements)
  • Regulatory reporting (including an institution’s own capital and liquidity adequacy assessments)
  • Internal reporting (management information, capital planning, liquidity reporting, internal risk reports)
  • Recovery and resolution plans, including the results of any resolvability assessment provided by the resolution authority
  • Audit and other third-party reports
  • Relevant studies of the external environment.

This preliminary assessment could be used to identify the business lines that are most important in terms of viability or future sustainability of the current business model, and/or most likely to increase the institution’s exposure to existing or new vulnerabilities. It could also help to identify a relevant peer group for the institution.

Business environment

Supervisors should consider the business environment in which a financial institution operates, including current and likely macro-economic conditions; the competitive landscape and how it is likely to evolve (what actions existing competitors might take, and the impact of new entrants); and other market trends (for example legislative and regulatory changes, technological trends, and societal/demographic trends.

Quantitative analysis of the current business model

To understand a financial institution’s financial performance and the degree to which this is driven by its risk appetite being higher or lower than its peers, supervisors should analyze the institution’s:

  • Underlying profit and loss, income streams, costs, impairment provisions and key ratios (for example, net interest margin, cost/income, and loan impairment)
  • Balance sheet items such as the asset and liability mix, funding structure, own funds, and key capital and liquidity ratios
  • Concentrations in sources of profit and in risk exposures
  • Risk appetite and the risks that the institution is willing to take to drive its financial performance.
  • Supervisors should consider how all these items have evolved in recent years and identify underlying trends.

Qualitative analysis of the current business model

To understand a financial institution’s success drivers and key dependencies, supervisors should analyze the institution’s:

  • Key external dependencies such as third-party providers, intermediaries and specific regulatory drivers
  • Key internal dependencies such as IT systems and operational and resource capacity
  • Strength of relationships with customers, suppliers and partners
  • Other areas of competitive advantage, such as global networks, the scale of its business or its product proposition

Analysis of the strategy and financial plans

Supervisors should undertake a quantitative and qualitative forward-looking analysis of the institution’s financial projections and strategic plan to understand the assumptions, plausibility and riskiness of its business strategy. This analysis might include:

  • The institution’s overall strategy
  • The institution’s projected financial performance
  • Success drivers of the strategy and financial plan, and key changes proposed to the current business model
  • The plausibility and consistency of the assumptions made by the institution that drive its strategy and forecasts Including macroeconomic variables, market dynamics, and volume and margin growth in key products)
  • The institution’s execution capabilities, as indicated by its track record in implementing previous strategies
  • The complexity and ambition of the strategy compared to the current business model

All of the considerations outlined above in this box should then inform the supervisory assessment of business model viability, strategy sustainability, and key vulnerabilities.

Assessing business model viability

Supervisors should form a view on the viability of the institution’s current business model on the basis of its ability to generate acceptable returns over the following 12 months, given its quantitative performance, key success drivers and dependencies, and business environment.

Supervisors should consider whether the business model generates an acceptable rate of return on equity, taking account of the extent to which the institution relies on high risk lending and funding structures to generate these returns.

Assessing the sustainability of the institution’s strategy

Supervisors should form a view on the sustainability of a financial institution’s strategy on the basis of its ability to generate acceptable returns over a forward-looking period of at least 3 years based on its strategic plans and financial forecasts and given the supervisory assessment of the business environment.

This judgement should be based on the plausibility of the institution’s assumptions and projected financial performance; the impact of the supervisory view of the business environment (where this differs from the institution’s own assumptions); and the risk level of the strategy and the institution’s execution capabilities.

Identification of key vulnerabilities

Supervisors should then assess the key vulnerabilities to which the institution’s business model and strategy expose it or may expose it, such as:

  • Poor expected financial performance
  • Reliance on an unrealistic strategy
  • Excessive concentrations or volatility
  • Excessive risk-taking
  • Funding structure concerns
  • Significant external issues (e.g. regulatory threats, such as mandating of ‘ringfencing’ of business units)
  • Emerging risk such as climate-related risks, and their impact on the viability and sustainability of the business model and long-term financial resilience of the institution

 

References

Bank of England. The role of business model analysis in the supervision of insurers. March 2014.

Basel Committee on Banking Supervision. Core Principles for Effective Banking Supervision. September 2012.

Basel Committee on Banking Supervision. Report on the 2023 banking turmoil. October 2023.

Basel Committee on Banking Supervision. Core Principles for effective banking supervision. April 2024.

Board of Banking Supervision. Circumstances of the collapse of Barings. July 1995.   

European Banking Authority. Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP). December 2014.

European Banking Authority. Final Report on Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing under Directive 2013/36/EU. March 2022.

European Central Bank. SSM thematic review on profitability and business models. September 2018.

European Union. "Post-BCCI" Directive on reinforcing prudential supervision in the financial services sector. June 1995.

Federal Reserve Board. Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank. April 2023.

Financial Stability Board. Intensity and Effectiveness of SIFI Supervision. November 2010.

Financial Stability Board. Depositor Behaviour and Interest Rate and Liquidity Risks in the Financial System: Lessons from the March 2023 banking turmoil. October 2024.

Financial Stability Institute. Supervisory practices for assessing the sustainability of banks’ business models. April 2022.

FINMA. Lessons Learned from the Credit Suisse Crisis. December 2023.

House of Commons Treasury Committee. The run on the Rock. January 2008.

International Association of Insurance Supervisors. Insurance Core Principles and Common Framework for the Supervision of Internationally Active Insurance Groups. November 2019.

IMF Working Paper. Good Supervision: Lessons from the Field. September 2023.

Office of the Superintendent of Financial Institutions. Supervisory Framework. February 2024.

Prudential Regulation Authority. The Prudential Regulation Authority’s approach to banking supervision. July 2023a.

Prudential Regulation Authority. The Prudential Regulation Authority’s approach to insurance supervision. July 2023b.

Royal Commission. The Failure of HIH Insurance. April 2003.

Securities and Exchange Commission. Testimony Concerning the Lehman Brothers Examiner's Report. April 2010.

Toronto Centre. Risk-based Supervision. March 2018.

Toronto Centre. The Development and Use of Risk Based Assessment Frameworks. January 2019a.

Toronto Centre. Turning Risk Assessments into Supervisory Actions. August 2019b.

Toronto Centre. Pillar 2 and Beyond: Issues for Supervisors in Implementing Basel II and Basel III. June 2020a.

Toronto Centre. Recovery Planning. August 2020b.

Toronto Centre. Resolution: Implications for Supervisors. August 2020c.

Toronto Centre. Operational Resilience: The Next Frontier for Supervisors. April 2021.

Toronto Centre. Supervising Corporate Governance: Pushing the Boundaries. April 2022.

Toronto Centre. A Climate and Biodiversity Risks Toolkit for Financial Supervisors. February 2023a.

Toronto Centre. Introduction for Supervisors to Scenarios and Stress Tests of Climate Change Risks. May 2023b.

Toronto Centre. The Risk-based Supervision of Liquidity. February 2024a.

Toronto Centre. Supervisory Stress Testing: A Primer. February 2024b.

Toronto Centre. Supervision of Stress Testing by Financial Institutions. March 2024c.

 

1 This Toronto Centre Note was prepared by Clive Briault. Please address any questions about this Note to This email address is being protected from spambots. You need JavaScript enabled to view it. 

2 Basel Committee (2024).

3 As discussed later in this Note, within a risk-based approach to supervision, business model assessment might include either or both of (a) using improved supervisory knowledge of the business as an input to the assessment of inherent risks, governance and controls, and the adequacy of financial resources; and (b) business model analysis as a separate stage or activity in risk assessment.  

4 See the discussion of impact and likelihood in Toronto Centre (2018).

5 Toronto Centre (2022) discusses how supervisors can ask directors and senior management probing and open-ended questions, and use the answers to develop an understanding of the strengths and weaknesses of a financial institution’s governance and risk management.

6 There is a clear parallel here to the supervisory review and evaluation of a bank’s ICAAP or an insurer’s ORSA. See Toronto Centre (2020a).

7 These characteristics are based on the approach to viability and sustainability taken by the European Banking Authority (2022). However, they could equally be applied to all sectors and to both prudential (capital/solvency and liquidity) and conduct (retail and wholesale) aspects of a business model.

8 Note however that some financial institutions may successfully pursue a business model based on a single specialist line of business in which the institution has deep experience and expertise – diversifying into areas that the institution does not understand fully is also a risky strategy.

9 A famous example of this was Barings in the early 1990s, which was making the bulk of its profits from securities trading (in its subsidiary in Singapore) rather than banking. See Section 3 of Board of Banking Supervision (1995).

10 This “doom loop” refers to a situation where banks (or insurers and other financial institutions) invest heavily in national government debt. When the government’s credit rating declines, the value of government bonds falls, leading to potential losses at financial institutions. If the government then intervenes to support financial institutions it will have to issue more debt, exacerbating concerns about the level of government debt and driving down the price of government debt, creating a self-reinforcing downward spiral.

11 See Toronto Centre (2023a and 2023b).

12 Toronto Centre (2024c) discusses the supervision of financial institutions’ own scenario analysis and stress testing.

13 Toronto Centre (2024b) discusses scenario analysis and stress testing undertaken by supervisory authorities.

14 See Section 3 of Royal Commission (2003).

15 See Chapter 2 of House of Commons Treasury Committee (2008).

16 See Securities and Exchange Commission (2010).

17 See Federal Reserve Board (2023) and Financial Stability Board (2024).

18 See FINMA (2023).

19 Again, see Toronto Centre (2022).

20 Specific types of supervisory intervention in response to the assessment of business models are discussed below in the section on using the results of business model analysis.

21 See Section 6 of Toronto Centre (2018).

22 See Financial Stability Institute (2022).

23 See also Toronto Centre (2024a) on the assessment of liquidity and funding risks.

24 Operational resilience is discussed in Toronto Centre (2021).

25 As discussed in Toronto Centre (2019a), a related type of “standing back” would be for the supervisor (or a review panel or a peer group review) to consider whether, at the end of the risk assessment process, the ratings for overall net risk, and for all the components of the risk matrix, look plausible in the light of everything that is known about the financial institution and the risk ‘story’ that has emerged as a result of the risk assessment.  Comparison of the risk matrix with wider perceptions of the riskiness of the financial institution can provide an important reality check.

26 See Toronto Centre (2019b) for a broader discussion of supervisory intervention.

27 See Toronto Centre (2020a) for a discussion of the application of Pillar 2 capital requirements.

28 Toronto Centre (2024c) discusses supervisory interventions in response to the results of scenario analysis and stress testing,   

29 For example, the European Union (1995) “post-BCCI” Directive imposed an additional requirement for  authorisation whereby if a financial institution is part of a group, the group structure must be sufficiently transparent to enable the financial institution to be supervised effectively, and a requirement that financial institutions have their registered office and head office in the same Member State.  

30 Toronto Centre (2020b and 2020c) discuss the powers that supervisory and resolution authorities should have to require such changes.

31 Basel Committee (2012).

32 International Association of Insurance Supervisors (2019).

33 See guidance note 9.1.6 under Insurance Core Principle 9.

34 See guidance note CF 9.2.b.1 under Insurance Core Principle 9.

35 European Banking Authority (2014, updated 2022).

36 Further details of the EBA’s approach are outlined in Annex 2 of this Note.

37 See also Toronto Centre (2020a) on the setting of “Pillar 2” capital ratios.

38 Bank of England (2014).

39 European Central Bank (2018).

Subscribe to receive information about
our programs, events, and Supervisory Guidance