ESMA provides implementing rules for MiFID II & MiFIR
Transcription
ESMA provides implementing rules for MiFID II & MiFIR
On 19 December 2014, the European Securities and Markets Authority (ESMA) published its final technical advice (TA) and launched a consultation on its draft regulatory technical and implementing standards (RTS/ ITS) regarding the implementation of the Markets in Financial Instruments Directive (MiFID II) and Regulation (MiFIR). With a total of 2,069 pages to read and almost 250 questions to answer, market participants have some work ahead of them in order to provide feedback to ESMA by 2 March 2015. The current draft standards are a result of a previous consultation round in 2014 and show that the regulator has, in part, listened to industry concerns. What’s next? The TA is now finalised following extensive consultations with stakeholders and has been sent to the European Commission. ESMA’s draft RTS/ITS, already consulted upon, are open for public comment until 2 March 2015. In addition, an open hearing will be held in Paris on 19 February 2015. ESMA will use the input received from the consultations to finalise its draft RTS, which will be sent for endorsement to the European Commission by mid-2015, its ITS by January 2016. MiFID II/ MiFIR and its implementing measures will be applicable from 3 January 2017. ESMA provides implementing rules for MiFID II & MiFIR BCBS 261 – Possible timeline revision for margin requirements for uncleared derivatives EMIR – Amended draft RTS on the clearing obligation EMIR – Feedback statement of ESMA on the clearing obligation for Non-Deliverable Forwards T2S – CSDs and central banks of migration wave 1 started multilateral interoperability testing CSDR – ESMA published consultation papers and provides 18 month respite to CSDR discipline regime BCBS consultation on outstanding issues in the Fundamental Review of the Trading Book (FRTB) IT-outsourcing, governance and accounting New IDW exposure draft for accounting principles for property valuation Results of the comprehensive assessment in Germany MISCONDUCT BY BANKS REGARDING DATA PROTECTION LAWS – complaints by German supervisory authorities Market participants are now required to provide feedback to ESMA on the ongoing consultation in a very short timeframe. We recommend that institutions align with other banks (e.g. via existing banking associations) to get a clear message across to the regulator and distribute the workload among members of such associations. Please find ESMA’s Technical Advice (TA) to the Commission on MiFID II and MiFIR here. Please find the consultation documents regarding ESMA’s MIFID II RTS/ITS here. The size of this newsletter’s means that we can’t detail all the relevant aspects out of the current RTS/ITS but let’s have a look at a few highlights: On the definition of “independent advice” ESMA has somewhat watered down its original proposal, that a firm must advise on a "substantial" number of financial instruments available in the market before they can claim to be independent – the new wording is "adequately representative". Transaction reporting under MiFID II sees a host of new and changed fields, e.g. the buy/sell indicator fields and counterparty and client fields will be replaced by a buyer field and a seller field and a new "matched principal capacity" field will be required, alongside principal and agent. Those of our readers who have been involved in EMIR trade reporting can imagine the herculean task ahead. MiFID II proposes new rules that apply to investment firms to ensure that remuneration requirements do not create unnecessary conflict. ESMA proposes that they should apply to "relevant persons who can have a material impact" on the "investment and ancillary services" or "corporate behaviour" of a firm. This will require market participants to overhaul remuneration schemes as well as firm-wide policies. The post-trade transparency requirement for equities is currently three minutes (and, as part of the MiFID II reviews, this will be reduced to one minute). For non-equity products, the proposal is that this period be 15 minutes for the first three years following the entry into force of MiFID II, and five minutes thereafter. This will surely put a huge strain on existing IT systems within banks. Third-country access remains a thorny issue with non-EU firms required to register with ESMA to provide products and services in the EU, but only if their home regulations are deemed equivalent to those of MiFID II / MiFIR. Although, under ESMA’s proposals, only factual information needs to be provided by the non-EU firm, we think there is a risk of running into another lengthy cross-jurisdictional substituted compliance issue. Overall, we urge market participants to get acquainted with the consultation papers and start deducing the impact on their respective organizations and get a programme set up. 700 days to go and counting… Steven Maijoor, who chairs the European Securities and Markets Authority (ESMA), spoke to journalists and stated that they are hoping to agree to a revised timeline for the adoption of regulations, which predominantly address the margining processes around uncleared OTC derivatives. This timeline revision was brought about by resistance from within the global banking community. ESMA is the first regulator to break ground by publicly stating that a timeline revision is possible for Margin Requirements for Uncleared Derivatives. The current documentation identifies December 2015 as the go live date for the regulation, which impacts both existing variation margining and imposes new initial margin requirements. It has been reported that a number of regulators are in discussions with IOSCO to agree a new timeline, however, it is unclear what the implications of this may be. ISDA has previously hinted at a ‘softstart’ approach which builds up to full collateralisation by: Moving to an April annual date to navigate year-end code freezes Phasing in revised variation margin agreements to cover the same relationships as those required for initial margin A gradual approach to initial margin first by issuing trade populations, sensitivities and initial margin numbers (SBA model) on a monthly basis from April 2016, moving to weekly frequency from November 2016 then to the full margining process from April 2017 (following the designated tiers for inclusion) Whether this suggestion is adopted, a delay to the regulation is chosen, the regulatory burden is lightened or some other option is selected, remains to be seen. However, this will be welcomed by the market given the significant amount of work that is required, especially within Risk, Operations, IT and Legal departments, in order to meet the regulation. Until this view has been ratified, the 1 December 2015 date should still be the date for delivery of a working solution. Category 3: FCs and AIFs not belonging to Category 1 or 2 On 18 December 2014 the European Commission sent a letter to the European Securities and Markets Authority (ESMA) saying that it had received the draft Regulatory Technical Standards (RTS) on the clearing obligation for Interest Rate Swaps (IRS) on the 1st of October 2014 and that they decided to endorse, with amendments, these draft RTS. On 29 January 2015 the ESMA published an opinion on the letter from the European Commission concerning the draft RTS on the clearing obligation for IRS. This opinion was submitted within the six week period after receiving the letter from the European Commission enabling ESMA to change and amend the draft RTS. The extension of the initial approach to postpone the start date of the frontloading obligation is supported by ESMA in order to provide counterparties with sufficient time to determine whether their contracts are subject to the frontloading obligation. However, despite the overall approval of the European Commission’s objectives, ESMA proposes using a different process to exclude non-EU intra group transactions from the clearing obligation. The amended draft RTS differentiates between four categories of counterparties depending on their activity level in OTC derivatives: Category 1: clearing members Category 2: financial counterparties (FCs) and alternative investment funds (AIFs) which belong to a group whose aggregate month-end average of outstanding gross notional amount of non-centrally cleared derivatives for three months after the publication of the RTS in the OJ excluding the month of publication is above EUR 8 billion When no objection of the European Parliament or Council, publication in OJ ESMA delivers its formal opinion with amended draft RTS 18.12.2014: Commission endorses with amendments 01.10.2014: ESMA sends final Draft RTS to the Commission Figure 1 Category 4: non-financial counterparties that do not belong to Category 1, 2 or 3. The start of the clearing obligation will be phased-in, based on these categories. The amended draft RTS further provide that the frontloading obligation is limited to Category 1 and Category 2. The frontloading period for Category 1 begins two months after the RTS enter into force and five months after the entry into force for Category 2. For Category 1, the clearing obligation for IRS will take effect 6 months after the entry into force of the RTS, i.e. end of 2015. For Category 2 the effective date will be around mid 2016. However, if these counterparties intend to avoid the frontloading requirement, they should start to clear earlier: mid 2015 for Category 1 and end of Q3 2015 for Category 2. It is important that counterparties start by analyzing their portfolios to identify the contracts that are in scope of the clearing obligation. Based on the results, strategic decisions can be made in regards to capital optimization, which central clearing counterparties (CCP) to connect to, how to connect to these CCPs (direct or indirect), how to handle intragroup transactions, etc. Please find the opinion of ESMA here. Please find the letter of the Commission to ESMA here. Please find the amended technical standard here. of the first migration wave. With the last software release delivered for user testing, it is full speed ahead for T2S go–live on 22 June 2015. On 4 February 2015 the European Securities and Markets Authority (ESMA) published a feedback statement in which it declared not to propose a clearing obligation on non-deliverable foreign exchange forwards (NDF) at this stage. This decision was driven by the time needed to address the comments received on the consultation paper concerning the clearing obligation for the NDF class issued by ESMA on 1 October 2014. According to ESMA, the most critical points of the comments received were: The timing for the entry into force of a clearing obligation on NDFs The fact that only one clearing house offers NDF clearing The experience of the counterparties in clearing NDFs The international consistency of the implementation schedule of a clearing obligation on NDFs This consultation paper was the third on the clearing obligation after interest rate swaps (IRS) and credit default swaps (CDS) and until the final deadline of 6 November 2014 38 answers had been received. At the end of 2014, ESMA published consultation papers on 1) the draft technical standards on settlement discipline, CSD requirements, and internalized settlement; 2) the Draft technical advice on penalties for settlement fails and on the substantial importance of a CSD; and 3) the Draft guidelines on the access to CCPs or trading venues by CSDs The implementation of a ‘settlement discipline regime’ in Europe is set to be delayed until the second quarter of 2017. The industry welcomed ESMA’s announced delay of the implementation of a settlement discipline regime, as a strict timeline is creating too many conflicts for the industry in relation to the T2SImplementation running in parallel and additional analysis is still required. ESMA is not proposing a clearing obligation for NDFs at this stage; however this may be the case at a later point in time. Until then, the counterparties of NDFs clearing may continue to clear these contracts bilaterally. Please find the feedback statement of ESMA here. Early January 2015, the T2S user testing moved one step further: the central securities depositories (CSDs) and national central banks (NCBs) of wave 1 started multilateral interoperability testing activities. Additionally, an important T2S software release was delivered for user testing in mid-January. As such, the full set of T2S functionalities foreseen for the go-live date (22 June 2015) is now available. Since 1 October 2014 CSDs and NCBs have been involved in bilateral interoperability testing, where each CSD tests the T2S software in isolation from the other CSDs and NCBs. In the current phase of multilateral interoperability testing, each CSD can test settlement processes in interaction with the other participating CSDs and NCBs Following the two QIS exercises performed in 2014 on a hypothetical portfolio and the comprehensive one, the Basel Committee for Banking Supervision (BCBS) released its last consultative document to address identified issues in December 2014. Comments are expected by 20 February 2015. In parallel, another important step is the follow-up QIS that is conducted over Q1 2015. The final publication will be made after the analysis of the QIS results. Implementation details and timelines will still be discussed by the BCBS and will be communicated prior to the final publication. Major changes introduced in the current consultation are the following: Internal Risk Transfer extended to Equity Risk and GIRR The recognition of Internal Risk Transfers (IRT) as risk mitigators is extended to Equity Risk and Global Interest Rate Risk (GIRR) (2 options proposed for GIRR). When recognized as hedges, the internal deal used to transfer risk from the banking book to the trading book and the external hedge, which must be its exact match, are not included in the market risk capital requirements. A revised standardized approach based on sensitivities Following the unanimous feedbacks from the industry, the Committee decided to abandon the cash-flow based approach in favor of a sensitivity-based approach (SBA) for the standardized method. Tested through the second QIS exercise in 2014, this method can be implemented at less cost and permits more granularity in the definition of risk factors. The new method is based on the simple sum of delta, vega and curvature risk by asset class plus a requirement for default risk (with specific definitions for nonsecuritizations, securitization non-correlation trading and correlation trading portfolio). Basis risk has been reconsidered by changing the 90% disallowance factor method in a correlation method deemed to be more risk sensitive. It consists of defining a 0.1% basis risk correlation parameter between sensitivities to risk factors where basis risk is detected. Risk weight and correlations are provided in the method description. Incorporating liquidity in the internal model approach The Expected Shortfall (ES) method using varying liquidity horizons has been assessed as too costly to implement and its complexity could lead to a lack of comparability between banks’ models. The new method introduces approximations based on 10-day shocks scaled to the prescribed liquidity horizons of risk factors. The revised framework is comprised of a base ES computation with shocks over a baseline horizon of T=10 days. Risk factors are then grouped into subsets of increasing liquidity horizons (LH i) longer than a certain limit. For each subset, 10-day shock ES is computed considering shocks to the subset of risk factors only. The ES is then scaled to the subset liquidity horizon (square root of (LHi - LHi-1)/T). This is repeated until the largest liquidity horizon is reached. The final ES is aggregated using the square root of the sum of the square of all scaled ES and ES computed on all risk factors. In addition, for the correlated risk factor, a floor liquidity horizon (minimum of the liquidity horizons) is introduced to cope with liquidity horizon mismatch for long/short positions on correlated risk factors. Other technical adjustments The liquidity horizon for FX rate is reduced for Liquid pairs to 10 days (20 previously for all rates). The new consultative documents take into consideration many comments raised during the second consultative period and introduces simplifications to both the standard methods and the internal model. The sensitivity-based approach is deemed less costly and may leverage existing validated risk infrastructures. The clarification on the internal model concerning liquidity horizons scaling aims to reduce model and technical complexity and to cope with the mismatch of liquidity horizon between long/short correlated risk factors. The standard approach remains up to date, despite being mandatory for all banks and despite the introduction of a floor to the internal models based on the standard approach. With this simplification, the FRTB is still a challenging evolution in terms of banks’ risk management processes and organization. Please find the BCBS Consultative document here. Once more the German standard setter for auditing principles, the Institute of Public Auditors (IDW), has issued a draft for a new Accounting Principle (ED IDW AcP FAIT 5: “Generally Accepted Accounting Principles in regard to outsourcing of reporting relevant services including Cloud Computing”). The scope of this draft is valid for all industries and frames the requirements for IT-outsourcing and Cloud Computing for companies (user entities) that are using accounting relevant sourcing services and for their service providers. According to the definitions of this draft, IT-outsourcing includes all accounting-relevant technology aided services, foremost data center operations, business process outsourcing and relevant services provided by shared service centers. Modern business processes of all financial institutions are nowadays highly dependent on information technology. Therefore a company’s entire IT-structure has serious direct and indirect implications for its accounting systems and, due to the nature of its business, is even more relevant for banks, insurance companies and leasing firms. To help businesses in the preparation of their financial statements and to raise awareness of unforeseen risks in that process, with this draft the IDW clarifiescertain principles and requirements for the user entity and the service provider to ensure the reliability and the general validity of the user entity’ss financial reporting. Businesses in general have been trying to achieve competitive advantages by outsourcing entire business processes as well as relying on cloud-computing to reduce their IT-costs. Financial institutions that are suffering from today’s low-interest-rate environment are focusing on their core competencies and are prone to outsource non-essential business processes. Banks and leasing firms commonly outsource IT-functions as well as a wide range of front-office to back-office functions (i.e. payment processing, regulatory reporting, workout management) and. more and more often, entire parts of their financial accounting. Insurance companies are already picking from a wide array of service providers for processes as diverse as policy issuance, debit collections, risk analysis and all the way up to claims management. All these business processes are technology-aided and fall under the draft’s definition of IT-outsourcing and therefore its scope of application. • Companies are fully liable in all 3 phases of IT-outsourcing (design stage, implementation stage, operational stage) • High safety requirements for data and It-systems are a premiss for the reliability and validity of all information in the financial statements • Unclear definition of responsibilities • Interface management • Change management • Incomplete or delayed data processing • Erroneous data transfer • Compliance with national and international legal requirements regarding data protection, data exchange and data retention • • • • Implementation provider management function Clear definition of duties, responsibilities and processes Interlocking of participants processes Documentation of all measures in an operations manual • Compilation of all processes in a comprehensive operations manual (service provider) • Access and data protection within the service providers data processes • Design and implementation of controls • Input, processing- and output-controls • Customizing assignments through service provider • Documentation of all business processes in one central operations manual for compliance purposes Figure 2 Every user entity that transfers any IT-supported business process to a service provider suffers a significant loss of control over the process as a whole. The draft seeks to minimize this loss of control and the accompanying exposure to risks. The ED IDW AcP FAIT 5 demands that all user entities that transfer any IT-supported business process to a service provider establish a provider management to monitor the different stages of the IToutsourcing process (design stage, implementation stage and operational stage), to record all the additional risks contained in the outsourcing process (security risks, processing risks and compliance risks) and to gauge its influences on the service provider’s internal control system. The design stage of the IT-outsourcing begins with the definition of the scope of service to be outsourced by the user entity and the identification and subsequent classification of all associated risks along the entire workflow. It concludes with a service level agreement that reflects all of the above. At the implementation stage of the IT-outsourcing adequate control mechanisms and appropriate measures are determined between the user entity and the service provider to ensure the consistency of the process and the service provider’s adherence to the agreement. The service provider shall be required to install a service related internal control system to measure the agreed KPI´s. The user entity, in turn, expands its internal control system to include these external controls and determines measures to verify that these controls are carried out in an effective way. These control measures shall be carried out on any level of the service provider’s business infrastructure or IT-Application that is being used for the delivery of the service. According to ED IDW AcP FAIT 5, all these processes, interfaces and responsibilities are to be documented in an operating manual without exception. This operational manual shall further include all IT-related processes under normal as well as emergency operation. During the operational stage the user entity needs to monitor and incorporate the service provider’s internal control system into its own internal control system. Thereby safeguarding all information used in the preparation of its financial statements. The IDW requires all user entities to implement a full scale control system for its IT-Outsourcing that covers, in all detail, every interface, every process step and all transferred responsibilities and to document all these measures without any gap in a stand-alone operating manual. These requirements once more emphasize the importance of an integrated control system for banks, leasing firms and insurance companies that are using sourcing services. As cited by the market researcher Gartner in its study “Cloud Heat Map in Banking, 2015“, the global Banking industry has been ramping up its investment in the development of digital products and services which rely more and more on cloud-applications. Apart from these applications, IT-outsourcing in general falls in the scope of the new ED IDW AcP FAIT 5 on IT-outsourcing and requires that banks do not take the risks involved in cloud-computing lightly, better they start a diligent assessment of the wide-ranging implications for their accountancy’s compliance sooner than later. The final challenge for the banks will be to write the requested operating manual in an audit-proof way. The above mentioned challenges might sound familiar to banks that are already struggling to comply with the demands of BCBS 239 by the Basel Committee on Banking Supervision. Its 14 principles for effective risk data aggregation and reporting are also applicable to processes that have been outsourced to third parties. Insurance companies that have already been outsourcing many processes will also need to heed the IDW´s draft and meet its regulatory requirements by overhauling existing SLA´s and crafting new operating manuals. Furthermore, insurers are currently discussing several issues regarding outsourcing in the context of the transformation of the European Solvency II directive into national law. The new IDW standard will surely help this implementation process along by answering a lot of the open questions about the scope and definition of outsourcing and their implications. answers. To ensure their ability to meet their long-term obligations in the current macroeconomic environment of low interest rates, insurance companies increasingly invest in property. • Land and buildings are measured and accounted for as separate assets in financial statements • The purchase-price of property is split into land and bulding in proportion of their open market value • At each balance sheet date, land and buildings are to be checked seperately for impairment • Buildings for permant use • Buildings for demolition • Buildings for sale On 7 July 2014 the Institute of Public Auditors in Germany (IDW) published a draft for a new Accounting Principle (ED IDW AcP IFA 2: “Valuation of properties (fixed assets) in financial statements”). The draft’s objective is to establish how the principles of valuation for property (IDW S 10) are reflected in the valuation for the annual financial statement in accordance with the German accounting principles (Handelsgesetzbuch; HGB). Moreover, this draft also has an impact on financial statements published in accordance with IFRS. The current European Accounting Directive that forms the basis for the German accounting principles has been in an ongoing process of harmonization with the IFRS. Thus, the new standards laid out by IDW ERS IFA 2 are important for all European banks, insurance companies and leasing firms that prepare their financial statements in accordance with IFRS. According to the German accounting principles, assets have to be valued at every balance sheet date. In respect of fixed assets (such as property), impairments shall be made, so that they are valued at the lower figure to be attributed to them at the balance sheet date (“attributable value”) if it is expected that the reduction in their value will be permanent. In practice, the following questions usually arise: How is the “attributable value” for fixed asset property defined? Are land and buildings valued separately? How to calculate this impairment? Answers to these questions are provided by the draft under discussion, the ED IDW AcP IFA 2. Accounting for risks and losses due to property holdings is important for the financial statements of banks as well as insurance companies and leasing firms. Banks, who own property on their proper accounts as well as due to salvage acquisitions, tend to be exposed to these uncertainties only for a confined period of time whereas the business model of insurance companies covers a much greater time span and thereby highlights the importance of the • Intersubjecitve verifiable value • Subjective value • Separately measured from land • Measured according to the subjective value • ‘Attributable value’ for rented buildings corresponds to the ‘capitalised earnings value’ • Separately measured from land • Measured according to the intersubjective verifiable value • Buildings and land are measured and accounted for as one unit • Measured according to the intersubjective verifiable value • ‘Attributable value’ is derived from the seller‘s market Figure 3 The current ED IDW AcP IFA 2 summarizes and emphasizes certain principles regarding property valuation already published in other IDW Accounting Principles. In particular, the draft clarifies the statement expressed in the IDW AcP WFA 1, that for the purpose of financial reporting and subsequent valuation, land and buildings have to be recorded and measured as two separate assets. Consequently, increases in land value are not allowed to be set off against depreciations of buildings. Moreover, the ED IDW AcP IFA 2 points out that for the purpose of financial reporting the “attributable value” for property shall be defined according to the guidelines published in the standard IDW S 10 “Principles for the Valuation of Property”. IDW S 10 distinguishes two definitions for the “attributable value” - an intersubjective value (owner-perspective or potential buyer-perspective) and a subjective value (concrete buyer-perspective). In this framework, the ED IDW AcP IFA 2 defines three categories of buildings and their valuation approaches (not applicable to land): buildings for permanent use, buildings which are subject to demolition and those that are held for sale. The “attributable value” for buildings for permanent use shall be determined according to the subjective approach. In this case, ED IDW AcP IFA 2 clarifies that the “attributed value” for rented buildings, is the subjective value and shall be calculated according to the “capitalized earnings value” approach. In case of owner-occupied buildings, the calculation of the “attributable value” can be made using a replacement costs- approach. For the second and third category of buildings (demolition-buildings and buildings for sale), the “attributable value” is determined according to the intersubjective verifiable value. Except for buildings held for sale, the “attributable value” for buildings and land is always determined separately. Apart from the above-mentioned clarifications, ED IDW AcP IFA 2 only needs to be taken into account when property is permanently reduced in value. According to the draft a permanent reduction in value exists when at the balance sheet date the “attributed value” is significantly below its book value and when this decline in value is considered not to be of temporary nature (i.e. three to five years). For property with a remaining life of more than 50 years, the draft extends this period up to ten years. Information about impairments for property determined in accordance with the guidelines in the ED IDW AcP IFA 2 has to correspond with associated information about property published in the financial reporting. This applies in particular to insurance companies. Due to industry-specific accounting and reporting standards, insurance companies have to provide further information about investments in property such as the market value (published in the disclosures) and imputed rent expenses or imputed rent income for owner-occupied property (published in the p&l). Information about the imputed rent income and expenses are only for informational purposes because both figures correspond to each other (i.e. there is no net effect) and the information facilitates a comparison of imputed rent income/expenses across the insurance industry. External auditors and therefore banks, insurance companies and leasing firms will have to comply with the requirements of the draft during the preparation of the annual financial statements. Furthermore, banks, insurance companies and leasing firms will have to analyze the impact of ED IDW AcP IFA 2 on the valuation of their fixed asset property. They will have to ensure that the valuation of rented property at the balance sheet date is based on a “capitalized earnings value”-approach. Additionally, banks, insurance companies and leasing firms will have to assess if the new principles will lead to differences between the carrying amounts for property according to German accounting principles and IFRS. In this case, these differences have to be separately considered in all reconciliation or reports. In case of differing carrying amounts for property according to the German accounting principles/IFRS and tax law entities will have to calculate deferred taxes. In preparation for assuming banking supervision tasks in November 2014, the European Central Bank (ECB) conducted a comprehensive assessment to check the financial health of 130 banks in the euro area, including 25 banks from Germany. This exercise combined an Asset Quality Review (AQR) with a macroeconomic stress test. In the first step, the accuracy of the carrying value of banks’ assets as of December 31 2013 was reviewed on a point-in-time assessment. For this task banks were required to have a minimum Common Equity Tier 1 (CET 1) ratio of 8%, due to the Capital Requirements Regulation and Directive (CRR/CRD IV). In the second step, the resilience of banks’ solvency to adverse economic conditions was assessed, taking into account the findings of the AQR. The required minimum CET 1 ratio was 8% for the baseline scenario and 5.5% for the adverse scenario. Outcomes The Comprehensive Assessment revealed that German banks are healthy with respect to capital endowment and accounting rules. The AQR resulted in a reduction in aggregated CET1 ratio of only 0.27 percentage points to 12.86%. This decline was primarily driven by supervisory assumptions that were much stricter than national accounting rules. After considering the AQR results, the stress test led to a decline of the average CET 1 ratio in the baseline scenario by 0.36 percentage points to 12,50% and in the adverse scenario by 3.76 percentage points to 9,10%. Both ratios are well above the corresponding thresholds of 5.5% for the adverse scenario and 8% for the baseline scenario, respectively, showing the good financial situation of German systemically important banks. Only a German mortgage bank revealed CET 1 capital gap of €229 million. The graphic below illustrates these results. However, because the reference date for the assessment was 31 December 2013 and that mortgage bank carried out a capital increase of €408 million during January and September 2014, all 25 German banks passed the stress test. After considering all capital increases of the German banks during 2014, the average CET 1 ratio for the adverse scenario raises to 9.94% showing that these banks are well capitalized even under tough economic conditions. Although the average and median values of CET 1 capital ratios are well above the thresholds, they show a wide spread. In the baseline scenario, CET 1 ratios range from 5.81% to 33.76%. For the adverse scenario the ratios range from 2.93% to 31.47%. Furthermore, the exercise showed that 20 of 25 participating German banks are already able to meet forthcoming Basel III targets. These targets cover an adjustment in the calculation of CET 1 capital ratio (“fully loaded Basel III ratio”), which has to be applied from 2024 on, as well as a leverage ratio of at least 3%, applying in 2018. Although the Comprehensive Assessment revealed that German banks are well endowed with capital to withstand even severe economic turmoil, they are only average compared with other participating European banks. According to the Assessment, German banks are required to make an effort to improve their capital position as well as their profitability to keep up with their competitors across the European Union and the rest of the world. The evaluation of operating profits under the different scenarios compared with other participating institutions in particular shows that German banks fall behind their competitors. So, German banks will have to focus on both, meeting regulatory targets and trying to keep up with their competitors. The company itself is responsible for verifying that the conditions cited to justify processing in each case are fulfilled. Banks are subject to even more stringent verification requirements, since they must comply with banking secrecy law. This requires them to maintain secrecy regarding any circumstances that relate to existing business relationships with customers in case they have become privy to those data. Interests of the financial institution that are to be protected rarely legitimise a breach of the banking secrecy obligation. Customers' interests in maintaining the confidentiality of their data is deemed to be more important than the commercial interests of the bank. Supervision of data processing Efficient data protection cannot be ensured merely by the imposition on companies of a legal obligation to comply with the prescribed prohibitions and laws. This is why both internal and external, state supervisory authorities monitor the data processing activities and work toward ensuring their legality. The scope of the powers of these institutions varies. The state authorities have strong intervention rights and sanctioning options at their disposal in the event of data privacy breaches. To reach these two goals, German banks should adapt to the potential risks arising from the stress test and be able to react to possible shortfalls induced by severe economic turbulence. Furthermore, these institutions should keep on improving their risk situation as well as their risk management framework to meet regulatory requirements, on the one hand, and operate more efficiently on the other. Please find all values for the German banks here, and the European-wide values here. Limiting corporate data processing by means of data protection laws Like other companies, when dealing with personal customer data, financial service providers must comply with the rules of applicable data protection legislation. These rules are found in numerous general and specialised laws, among which the German Federal Data Protection Act (Bundesdatenschutzgesetz BDSG) plays a central role. All of the aforementioned rules and regulations are based on the principle of “prohibition with reservation of authorisation”. Pursuant to this, the processing and use of personal data is strictly prohibited and permitted only if the company can invoke an authorising provision. Such legitimising circumstances primarily include the data subject's consent to the processing of his data, and – alternatively – the necessity of the processing in order to safeguard business interests that are worthy of protection. Data Protection Officer Ensuring compliance with data protection provisions; right to complain and report directly to the Board of Directors; no instruction authority Compliance Officer General obligation to notify the Board of Directors in the event of irregularities (not restricted to data protection) Data Protection Supervisory Autorities of the Federal States of Germany Comprehensive investigation powers; right of access to the premises at any time; power of injunction – including to impose fines; power to prohibit data processing operations Figure 4 Complaints by supervisory authorities - 3 current case studies Case 1: Unauthorised use of account transaction data by a bank The case: Before addressing customers of a bank in order to sell them certain financial products, the consultants of a subsidiary of the bank were asked to “prepare” these customers. There was a checklist indicating the data of the subsidiary’s employees that was to be retrieved from the bank's database for this purpose. This included current account transactions for the last 100 days, particularly credit items, insurance contributions, tax refunds and transfers to other banks. Reaction of the supervisory authority (a State Commissioner for Data Protection): The bank was fined € 120,000. Reason: Current account transaction data is not permitted to be used for marketing purposes – neither by the financial institution itself, nor by marketing companies or freelance sales representatives. of savings deposit – had already been entered. The financial adviser had received the bank customer’s account information from a financial advisory firm for which he was working. The financial advisory firm, in turn, was a subsidiary of the bank holding the account and had taken on the task of financial marketing. Reaction of the supervisory authority (a Data Protection Officer): A fine was imposed on the bank. Reason: Breach of the banking secrecy obligation and, thus, also of the admissibility provisions of the Data Protection Act. There was no legal basis for the use of the account data for marketing purposes by the independent financial advisor. Case 2: Transfer of data to an external management consultant The case: : A credit institution had commissioned an external management consultant to investigate ways of optimizing business structures and processes in private and business customer sales. To this end, the institute set up a special drive in its IT system for the consultant and accorded him access rights to it. Thus, he was able to access at any time the data of a large number of customers over a period of several months. This included information on credit limits, credit utilization, overdraft amount and duration, credit balance and asset amounts and security account transactions. The consultant had, however, not used this facility because he did not need the data for his work. Reaction of the supervisory authority (a State Office for Data Protection Supervision): A fine was imposed on the bank. Reason: When calling in a management consultant, it must be ensured that he will be able to access the company’s personal data only to the extent absolutely necessary for the fulfilment of his mandate. The concession of further data access rights is inadmissible – regardless of whether such data was actually accessed by the management consultant. Case 3: Disclosure of account information to independent financial advisors The case: An independent financial adviser wrote to the customer of a bank in order to sell him a product. The letter included a completed “termination of a savings deposit” form in which all the data – name, address, date of birth, bank account number, amount If you would like to find out more about Capco’s Regulatory expertise around the subject areas discussed within this article or if you have any other questions related to our Regulatory Monitoring Newsletter, please contact the Regulatory Monitoring team: CE_CM_RegMonEditors@capco.com © 2015 The Capital Markets Company NV. All rights reserved The information conveyed in this message is the personal conviction of the author only. Whilst effort is applied to source timely and accurate information it cannot be warranted to always be correct or complete and should not be construed as any form of advice for financial trading decisions or as any form of tax or legal advice, nor should it be interpreted as representing any official opinion of the Capco group. Readers may not publish, license, sell, transfer, modify, copy, display or distribute any portion of the material in this document