The following sections provide a more detailed description of the methodology for assessing the market risk of significant institutions (SIs), as part of the Supervisory Review and Evaluation Process (SREP). The ECB uses a standardised risk-based methodology to assess market risk.

1 Introduction

The SREP market risk methodology:

• is consistent with the European Banking Authority (EBA) guidelines on the SREP and assesses whether banks are complying with the ECB’s supervisory expectations;
• is applied proportionately to SIs, taking into account the nature, scale and complexity of their activities;
• supports Joint Supervisory Teams (JSTs) in performing risk-based supervision while providing sufficient flexibility to cater for bank-specific elements, which means that the frequency, scope and depth of assessments vary in line with European banking supervision and bank-specific priorities;
• is comprehensive and includes backward and forward-looking perspectives that consider all relevant risk components and their possible mitigants;
• draws on best practices and is periodically updated to ensure alignment with the EBA guidelines on the SREP and any relevant changes to regulations.

The factors that the ECB considers relevant when assessing the market risk of an institution include:

• the size and materiality of market exposures/activities;
• risk factors underlying the instruments held: interest rate risk^[1] (excluding positions in the banking book), equity risk, credit spread risk (excluding positions in the banking book)^[2], foreign exchange (FX) risk (including the gold position), commodity risk (including the precious metal position), and default and migration risks in the trading book;
• features of the positions taken: complexity, model risk, non-linear risk and gap risk;
• uncertainty regarding the fair value/exit price of a position: risks related to market liquidity, market price uncertainty, bid-ask spreads and close-out costs;
• relationships with the counterparties of transactions: credit valuation adjustment (CVA) risk and risks related to other fair value adjustments (whereby, despite being hybrid in nature, between credit and market risk-like drivers, counterparty credit risk is assessed under credit risk, in line with the EBA guidelines);
• the risk management practices of the institution: hedging strategies, basis risk, concentration risk and correlation risk.

External factors – such as the economic environment, climate-related and environmental aspects, and geopolitical developments – are also considered.

Market risk is gauged as part of the assessment of risks to capital (Element 3) of the SREP (Figure 1).

Figure 1

Overview of the SREP methodology

The market risk assessment is based on (i) a quantitative assessment that considers the inherent risk (risk level) and (ii) a qualitative assessment that considers the management and control framework (risk control) (Figure 2). In the risk level assessment, JSTs assess risks or vulnerabilities that could have an impact on prudential elements of the institution if they were to materialise. During the risk control assessment, JSTs assess whether credit institutions have adequate processes and systems in place to identify, measure, evaluate, monitor, report and mitigate the level of market risk.

The risk level assessment is performed by JSTs in three phases:

• Phase 1: supervisors gather data and assess the materiality of the risks;
• Phase 2: an automated anchoring score is generated based on common key risk indicators;
• Phase 3: supervisors carry out a more in-depth market risk assessment, taking into account supervisory judgement regarding the specificities of the bank and applying constrained judgement.

The risk control assessment has two phases:

• Phase 1: supervisors gather information;
• Phase 3^[3]: supervisors carry out a more in-depth market risk assessment, taking into account supervisory judgement regarding the bank specificities and applying constrained judgement.

The assessment of market risk covers both the risk level and risk control components, which are combined to form an overall market risk assessment. The supervisory judgement is summarised in an overall market risk score of between 1 and 4 (with qualifiers) and a rationale for that score.

Figure 2

Overview of the SREP market risk assessment

The SREP methodology is rooted in the EBA guidelines on the SREP and in documents in which the ECB communicates its supervisory expectations as an integral part of the SREP framework.

2 Market risk level methodology

2.1 Phase 1

The primary objective of Phase 1 is to conduct a materiality assessment of market risk – gaining an overview of potential pockets of vulnerability, evaluating the market risk framework and gathering the data that are required to perform the main assessment in Phase 3.

The Phase 1 methodology has three main modules, which cover (i) regulatory market risks, (ii) non-regulatory market risks and (iii) pricing-related risks. These three modules are further divided into sub-modules. This enables JSTs to focus on the most pertinent risks (Table 1).

• In the regulatory market risk module, JSTs assess any vulnerability to market risk stemming from exposures in the trading book (looking at all asset classes), as well as foreign exchange and commodity positions in the banking book^[4] as defined in the EU’s Capital Requirements Regulation (CRR).
• In the non-regulatory market risk module, JSTs assess the risk of losses in banking book activities arising from adverse movements in market prices or risk factors, covering banking book equity instruments measured at fair value and structural FX risk.
• In the pricing-related risks module, JSTs assess the risk of losses in fair value positions arising from adverse movements in market prices or risk factors which have an impact on the fair value adjustments used for accounting purposes – notably, CVAs and other valuation adjustments (xVAs) – or arising from inaccurate determination of their fair value (valuation risk).

In addition, JSTs can assess any other aspect which is materially important to the market risk profile of an institution. The modular structure introduced in Phase 1 therefore facilitates a more proportionate assessment, while the supervisory efforts in Phase 3 focus on the material risk drivers for each institution.

The market risk assessment is based on a wide range of information, including supervisory reporting and other relevant sources.

First, the materiality of the different modules is calculated automatically on the basis of the available data sources, which include:

• implementing technical standards on supervisory reporting, such as financial reporting (FINREP) and common reporting (COREP), in addition to fundamental review of the trading book reports;
• additional information derived from the short-term exercise (STE), e.g. from the STE on market risk.

A number of key risk indicators are calculated in order to check the materiality of the three modules and their respective sub-modules. These indicators fall into three different categories, seeking to capture three complementary time perspectives: backward-looking indicators (e.g. indicators that measure the historical volatility of market impacts over several quarters); point-in-time indicators (e.g. indicators that capture the size of positions exposed to market risk relative to the overall size of the balance sheet); and forward-looking indicators (e.g. indicators that measure the potential impact of market movements on current positions in prudential terms). These indicators signal riskiness and are considered when deciding which modules to include in the in-depth assessment in Phase 3.

Second, JSTs make a final decision on the material modules, also taking into account additional information such as:

• internal management data available in banks’ internal reports, such as internal capital adequacy assessment process (ICAAP) reports and internal audit reports;
• qualitative information, such as market risk budgets and strategies, risk appetite frameworks for market risk, market risk policies and procedures, accounting policies and procedures for the trading and banking books, and details of banks’ assets and liabilities committees and board risk committees;
• supervisory information, such as findings from on-site inspections, deep dives, previous risk assessment system reports and other routine reporting templates;
• non-harmonised reporting forwarded by national competent authorities.

JSTs will flag modules as either “material” or “immaterial”. In making their final decision on the materiality assessment, JSTs always consider the results of the automatic assessment and the specificity and complexity of the institution in question.

2.2 Phase 2

The purpose of Phase 2 is to produce an automatic anchoring score for the institution’s market risk level. The Phase 2 score is risk-based and the methodology is applied consistently across all SIs. It serves as a starting point for JSTs to consider more detailed bank-specific circumstances and thus apply expert judgement. The Phase 2 methodology captures different dimensions to ensure that the preliminary assessment of an institution’s market risk profile is sufficient and comprehensive.

The automatic score for the overall market risk level is based on key risk indicators for the three time perspectives considered in Phase 1 and covers all aspects of market risk (i.e. all three modules).

Figure 3 summarises the approach followed in Phase 2. The scores for the quantitative risk indicators used in Phase 2 are calculated by comparing the supervised institution’s values with predefined thresholds based on the risk appetite of the Single Supervisory Mechanism (SSM).

Figure 3

Approach for determining the Phase 2 score

The Phase 2 framework is purely quantitative in nature, which ensures that it is based on harmonised and consistent indicators and thresholds. The objective of the Phase 2 score is neither to capture all idiosyncratic elements linked to a bank’s market risk profile nor to assess specific features, such as its business model (e.g. a diversified lender, global systemically important bank or universal bank). These aspects are considered during the in-depth assessment performed by the JSTs in Phase 3.

2.3 Phase 3

In Phase 3, JSTs conduct a comprehensive bank-specific assessment. This results in a final risk level score which reflects the institution’s specific market risk level. While the Phase 2 market risk score serves as an anchoring score, Phase 3 gives JSTs the flexibility to consider institution-specific aspects of the various risk drivers. Phase 3 follows a consistent risk-based framework and can lead to an adjustment of the Phase 2 score.

JSTs consider information from various sources, including peer comparisons. During the Phase 3 assessment, JSTs take into account insights gained from on-site inspections, deep dives and horizontal analyses (such as targeted or thematic reviews) when available. Peer comparison is also embedded in this assessment and supported by internally available tools.

The adequacy of processes and procedures is essentially a risk control topic and feeds into the risk control assessment. However, there may be consequences for the reliability of quantitative information analysed in the risk level assessment. The quality and reliability of quantitative metrics reported by the supervised entity are considered, in order to prevent metrics from being biased. Such bias (which could, for example, stem from a lack of prudence or deficiencies in the area of risk control) could result in an overly positive assessment of the supervised entity’s risk position.

The Phase 3 assessment allows JSTs to focus on the material modules and sub-modules as identified in Phase 1. This main assessment phase takes account of the five key perspectives described in the EBA guidelines to provide comprehensive analysis of a given area of market risk (e.g. for a module or sub-module):

• Strategy: this refers to the choices that the institution makes regarding the level of market exposure and market risk it is willing to accept, particularly when it comes to choices concerning its business model, business lines and products, as well as the limits set by the institution for implementing its risk appetite. It also encompasses decisions about risk mitigation (hedging strategies, collateralisation, etc.). The assessment of a bank’s strategy should also cover recent and/or planned changes.
• Nature and composition of market risk activities: this assessment reflects the realisation of institutions’ strategies (including hedging). It aims to produce an overview of exposure to market risk by business line and product (based on the complexity and liquidity of the products), as well as concentrations of risk and correlations between risk factors in the portfolios, related risk drivers and relevant risk measures (sensitivity, value at risk, expected shortfalls, etc.).
• Profitability: this refers to the actual realisation of market activities in the institution’s profit and loss and other comprehensive income as a result of its strategy, the nature and composition of its portfolios, market movements and its ability to efficiently manage its exposure to market risk. The assessment of profitability encompasses analysis of its evolution over time (i.e. trends and volatility), as well as related sources (trading revenue, commissions, etc.), broken down by business line/desk and product. In addition, profitability is assessed against the risk profile of the institution.
• Market view: this is a holistic assessment of major trends and movements in the financial markets, as well as changes and developments that could have an impact on the level of risk borne by the institution. Special emphasis is placed on the markets (both domestic and international) and macro/micro risk factors that are identified as being particularly relevant to the institution in question.
• Prudential view: this covers the impact that market risk could potentially have on the institution’s prudential position, as well as current and future capital requirements in terms of market risk, CVA risk and valuation risk. It also covers any other potential prudential impacts (e.g. the impact of market risk in the banking book). It uses the results of stress tests, as well as relevant ICAAP information, to identify possible additional sources of market risk (e.g. tail risk events).

3 Market risk control methodology

The regular analysis of banks’ internal market risk control functions complements the market risk level assessment performed under the risk level part of the SREP. It is of the utmost importance that banks manage their risks well to better withstand adverse circumstances, and that their risk appetite is subject to closer scrutiny and control at all levels of the organisation. A lack of responsiveness to supervisory measures (as well as to internal audit recommendations) signals serious deficiencies in banks’ risk control frameworks, as well as a lack of capacity to improve their control systems to ensure the risk is properly managed.

3.1 Phase 1

The primary objective of Phase 1 is to obtain information about the risk control structures for market risk. To assess risk control in Phase 3, JSTs gather information on the control set-up for market risk for both the governance structure and the control framework in place.

Phase 1, like Phase 3, has three common modules for all risks to capital which include topics that are closely related to organisational and strategic aspects of the management of a given risk, in this case market risk, and two risk-specific modules that capture the unique nature of the market risk assessment (Table 2).

3.2 Phase 3

The primary objective of Phase 3 is to assess the soundness and efficiency of the market risk control framework from different perspectives and in the light of the scale and complexity (business model, organisational structure, etc.) of the institution. The assessment performed in Phase 3 should be proportionate to the institution’s level of market risk and should be risk focused.

For this reason, the current methodology invites JSTs to adapt the scope and depth of their assessment to the risk characteristics of the supervised institution. JSTs include in their assessment the outcomes of any supervisory activity to gauge the degree to which the institution verifies compliance with, and the effective implementation of, relevant Level 1 regulation^[6] to ensure that any potential deficiency in this regard is duly reflected in the assessment and in the scores obtained. If severe weaknesses or non-compliance are identified, JSTs will design appropriate measures to restore compliance.

JSTs integrate into their assessment of risk controls the insights gained from on-site supervisory activities, deep dives and horizontal analyses (such as targeted or thematic reviews), and findings of the institution’s internal and external auditors.

Finally, nothing prevents JSTs from broadening the scope of the risk assessment to include relevant aspects that have not been addressed in the methodology.

Modularity of the Phase 3 assessment

The risk control assessment is not preceded by a materiality check, in contrast to the risk level assessment. All modules are assumed a priori to be material. The risk control modules for market risk are summarised below.

3.2.1 Modules common to all Element 3 blocks (risks to capital)

Governance and organisational framework: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

• have an appropriate organisational framework for market risk management, measurement, monitoring and control functions, with sufficient qualitative and quantitative human and technical resources;
• have a proper governance framework, with clear and adequate involvement of the management body, senior management and relevant committees in the decision-making processes for topics related to market risk.

Risk strategy and appetite: the JSTs assessments include, but are not limited to, the extent to which the institutions:

• have a sound, clearly formulated and well-documented market risk strategy, approved by the management body, which is effectively implemented, monitored and controlled;
• have a sound, clearly formulated and well-documented risk appetite framework, which is approved by the management body, consistent with the market risk strategy, which is effectively implemented, monitored and controlled.

Framework for internal capital allocation in market risk: the JSTs assess whether the institutions have an adequate framework for quantifying capital needs related to market risk, focusing on comprehensiveness, conservativeness and the risk sensitivity of the methodologies used (notably in the ICAAP).

3.2.2 Modules specific to market risk

Risk identification, measurement, monitoring and reporting: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

• have an appropriate and well-documented framework (including policies and procedures) for identifying and measuring market risk;
• have conservative and reliable mark-to-model pricing processes in place, which should be based on appropriate assumptions and periodically reviewed;
• perform adequate and independent price verification processes in addition to daily mark-to-model;
• comply with the requirements for prudent valuation (in accordance with Article 105 CRR and the related regulatory technical standards^[7]) and have established and maintained procedures for calculating adjustments to the current valuation of less liquid positions, concentrated positions and/or positions for which the originally intended holding period has been exceeded;
• have adequate well-documented, regularly validated and back-tested internal models to calculate own funds requirements for market risk (for those institutions authorised to use internal models);
• have management information systems that allow the accurate and timely identification, aggregation, monitoring and reporting of market risk exposures;
• have adequate and regularly performed stress testing frameworks to complement the market risk measurement;
• have an adequate monitoring and reporting framework for market risk in place, which includes the effect of climate-related and environmental factors on their current market risk positions and future investments^[8], ensuring prompt action at the appropriate level of the institution’s senior management or management body where necessary.

Internal controls: the JSTs’ assessments include, but are not limited to, the extent to which the institutions:

• have a clearly defined and adequate framework for limiting and controlling market risk, which is aligned with their strategy and risk appetite;
• have an internal validation function which adequately and effectively covers market risk in all relevant dimensions, which is adequately staffed, in terms of both numbers and skills, and acts in a timely manner;
• have an internal audit function which adequately and effectively covers market risk, which is adequately staffed, in terms of both numbers and skills, and acts in a timely manner.