Taking stock and looking ahead
Frank Elderson is a Member of the Executive Board and Vice-Chair of the Supervisory Board of the European Central Bank
Introduction
Ten years ago was the first time European supervisory teams got together and started work on an important task: making sure the banking system is safe and sound on behalf of European citizens. At the time, some argued that integrating a fragmented system of supervision was either impossible or would take forever. Well, those pioneer European supervisors who came together on 4 November 2014 have certainly proven the sceptics wrong.
We have come a long way since that day. The last ten years have been transformative both for the Single Supervisory Mechanism (SSM) and the banks we supervise. We have evolved from a start-up to a mature, risk-based and effective supervisor. Banks under our supervision have also evolved significantly, building up remarkable resilience.
Unlike in the crises that predated the banking union, banks have now become part of the solution to economic shocks rather than the source. That’s good news. There is, however, no room for complacency.
While past achievements provide a solid foundation, they are by no means a guarantee of future success. The macro-financial environment is changing profoundly. Unlike ten years ago, when the main risks emanated from banks themselves, today prudential risks are largely driven by an increasingly volatile and uncertain external environment.
In my remarks, I will therefore focus on how supervisors and banks must adapt to this challenging environment. I will also address suggestions being put forward by some to relax banking regulation and supervision – suggestions which in my view are misguided. Compromising the resilience that has been carefully built up over the past ten years would undermine the objective of having a financial system that can support a competitive and sustainable economy.
The first decade of European supervision: from start-up to maturity
But before focusing on current challenges, I hope you’ll allow me to take a brief walk down memory lane. Where did we start from? What were the expectations a decade ago? And how did we go about meeting them?
As Europe was looking into the abyss of the euro area sovereign debt crisis in 2012, legislators agreed on nothing less than a paradigm shift – the banking union, which represented the most significant leap forward in European integration since the introduction of the euro.
The banking union encompasses three pillars, each with a straightforward task: first, European banking supervision to ensure that banks across Europe are subject to the same rules and high-quality supervisory standards. Second, European resolution to make sure that if banks fail, they can get resolved in an orderly manner instead of relying on the public purse. And third, European deposit insurance, to make sure that when push comes to shove, all depositors enjoy the same protection, no matter where in the euro area they are based.
As far as the supervisory pillar is concerned, the ECB and the national competent authorities that make up the SSM were given a clear mission: ensuring the safety and soundness of banks. This is not just an end in itself – it is necessary so that banks remain at the service of people and businesses by funding innovation, productivity and sustainable growth.
The destination was clear. But we had no roadmap to show us how to get there. There was no blueprint on how to transform a fragmented system of supervision into an integrated one. So it was by no means a given that the SSM would be a success.
In the start-up phase of the SSM we were essentially crossing the bridge we were still building: we spent the mornings recruiting the best risk experts from across Europe, the afternoons supervising significant banks, and the evenings setting up our processes.
When we started, there were plenty of ways in which supervisors across Europe looked at risks and how best to mitigate them. They all focused on different things: while some put the emphasis on credit file reviews, others focused on scrutinising banks’ internal risk management through the lens of the internal capital adequacy assessment process. Some supervisors chose to shine the spotlight more closely on governance or on-site culture.
Thanks to the unwavering commitment and tireless energy of supervisors from the national competent authorities and the ECB, we consolidated the best practices from this wealth of supervisory experience into a common supervisory approach. What followed was a race to the top rather than to the bottom, resulting in high-quality supervision and a level playing field.
On our path to becoming a mature organisation, we have adapted our processes along the way. Our supervision has evolved from being predominantly rule-based and heavily codified, to having a more flexible, agile and risk-focused approach.
And banks under our supervision have also evolved significantly over the past ten years. Today, European banks are in much better shape than a decade ago. For instance, the financial resilience of SSM banks has notably improved. The aggregate Common Equity Tier 1 (CET1) ratio has increased from 12.7% in 2015 to 15.8% today, the liquidity coverage ratio has increased from 138% in 2016 to 159% today and the non-performing loan ratio of significant banks has declined from 7.5% in 2015 to 1.9% today1.
Moreover, risk management, the effectiveness of internal control functions and governance arrangements in SSM banks have all improved. Over the past ten years, banks under European supervision have shown remarkable resilience even under the most challenging circumstances. They have evolved from shock propagators to shock absorbers, stabilising rather than de-stabilising the economy as it experienced significant shocks such as the pandemic, Russia’s unjustified war against Ukraine and the rapid changes to the interest rate environment.
This resilience is also a testament to the crucial role played by European supervision, confirming that the SSM has lived up to the expectations that were placed on it a decade ago2.
A widening geopolitical divide and a global economy that is fragmenting into competing, increasingly protectionist blocs, give rise to new geopolitical risks
Highly complex, volatile and challenging risk landscape
But there is no room for complacency. We can’t assume that the achievements of the past ten years will automatically pave the way for another successful decade of resilient banks under European supervision.
We can’t ignore the fact that the world around us is changing. The macro-financial environment is characterised by unprecedented shocks, giving rise to new risk drivers. In the words of President Lagarde, in the last three years alone we have “faced the worst pandemic since the 1920s, the worst conflict in Europe since the 1940s and the worst energy shock since the 1970s.”3
And as former US Treasury secretary Larry Summers put it, “this is the most complex, disparate and cross-cutting set of challenges that I can remember in the 40 years that I have been paying attention to such things.”4 In fact, the current combination of risks, challenges and uncertainties is staggering.
A widening geopolitical divide and a global economy that is fragmenting into competing, increasingly protectionist blocs, give rise to new geopolitical risks. Heightened operational headwinds such as ever-more sophisticated cyberattacks and technology disruptions are challenging banks’ operational resilience.
And last, but, alas, not least, we see the climate and nature crises unfolding, as evidenced by the horrific events last week in Paiporta and other villages and towns in the Spanish region of Valencia. On top of the human tragedy and physical destruction, the climate and nature crises are increasingly leading to material risks for banks.
What makes this period so unprecedented is that these challenges are not happening one after the other – they are all happening at the same time. And there is no clear sign of them going away any time soon, rather the contrary. So how can supervisors and banks adjust to this era of polycrises?
Ensuring bank resilience in the era of polycrises
First and foremost, banks’ management bodies are the ones holding the steering wheel and must ensure that banks remain resilient and prepared for this new risk landscape. This involves making sure that banks have sound risk management that is commensurate to new risk drivers, that they maintain sufficient capital headroom to cushion against credible adverse scenarios, and that banks’ management bodies are effective in their steering and oversight function.
While acknowledging that banks’ management bodies are in the driving seat, as supervisors we keep a close eye to ensure that no material risks are left unaddressed5. This means that we must be able to identify the risks and then ensure that banks are resilient to these risks.
To ensure that our risk identification can keep up with the changing risk landscape, we have made our supervisory processes more agile. We simply cannot look at every risk with the same intensity, every year, in every bank we supervise. We have therefore started to implement a supervisory risk tolerance framework aiming at freeing up the desks and minds of supervisors.
This allows our supervisors to focus on those risks that are most pertinent and the supervisory actions that are most impactful. In the same vein, we have also reformed our Supervisory Review and Evaluation Process (SREP) to make it more targeted and risk-based. Moreover, we are increasingly using supervisory technology tools – also known as suptech – to detect risks early on and move closer to real-time supervision6.
These improvements to our processes give our supervisory teams more time to focus on the most relevant risks. By detecting vulnerabilities that would otherwise only surface later, we help banks to be better prepared and build up resilience proactively.
Let me illustrate this with an example. Threats from cyberattacks are on the increase and are challenging banks’ operational resilience. In 2022, 50% of our supervised entities were subject to at least one successful attack – that number rose to 68% in just one year7.
In order to help banks better identify their vulnerabilities to cyber risks and bolster their operational resilience, earlier this year we conducted a cyber resilience stress test8 to gauge how well banks would be able to respond to and recover from a successful cyberattack while maintaining their critical functions and services.
The cyber resilience stress test was an important learning exercise for banks; it helped them pinpoint areas where they need to build greater operational resilience to cyberattacks, which are unlikely to fade away in the current geopolitical risk environment.
Let’s shift our focus from risk identification to remediation. As supervisors we must ensure that the risks we identify in our risk assessments are adequately managed. This also means that if we find deficiencies in the way banks are managing their risks, they must be remediated fully and in a timely manner, not at some unspecified point in the distant future. This is why we are putting more emphasis on impact and effectiveness9.
To ensure full and timely remediation of our supervisory findings, we set out a time-bound remediation path. If a bank is not remedying the deficiency at a speed that will ensure full and timely remediation by the pre-established timeline, we will step up our supervisory action by deploying more intrusive measures from our ample supervisory toolkit. This is what we call the ‘escalation ladder’.
The use of supervisory powers to compel banks to make concrete improvements is not just something we do within the SSM; it is international best practice10. The disorderly events of the March 2023 banking turmoil were a clear reminder of what can happen when banks leave material shortcomings unaddressed for too long.
Banks and supervisors need to have the capacity to focus on emerging challenges. That’s why it is important to declutter our desks by tackling supervisory findings that have been with us for too long. While this is always an imperative, it is especially pertinent in the current challenging risk landscape.
Let me illustrate this with the example of risk data aggregation and reporting. It is very hard to imagine any bank being able to appropriately manage its risks without strong risk data reporting. A bank’s ability to manage and aggregate risk-related data effectively is a pre-requisite for sound decision-making and robust risk governance.
In fact, the Capital Requirements Directive, as transposed into national law, requires banks to put processes in place to identify all material risks. Worryingly, risk data aggregation and reporting was the lowest-scoring sub-category of internal governance in the 2023 SREP. In other words, despite the work done by supervisors over the years, too many banks still don’t have adequate risk data aggregation and reporting capabilities.
It should not be a surprise that ECB Banking Supervision is stepping up the escalation ladder, using more intrusive supervisory tools to ensure that banks have adequate risk data aggregation capabilities. It’s not about forcing banks to do something that is merely an added perk; it’s about making sure they are able to manage material risks adequately and in good time.
In a rapidly changing risk environment where prompt availability of reliable data has become essential, timely remediation of our supervisory findings on risk data aggregation is more important than ever.
Deregulation and lenient supervision would compromise resilience
After a decade of European supervision, it is not only the external risk environment that has changed. The current debate suggests that the perception by some of the role of financial regulation and supervision is also changing.
Ten years ago, with the gloomy memories of the global financial crisis lingering in people’s minds, there was a strong consensus across society on the need for strong financial regulation and supervision in order to safeguard the public good of financial stability.
Today, it appears that the pendulum is slowly swinging in the opposite direction. Some have raised the question as to whether regulation and supervision have become too conservative, to the point that they may constrain growth.
Let me be clear: the argument being put forward in favour of relaxing banking regulation and supervision in order to promote growth is misguided11. We can’t allow the memory of the global financial crisis to fade. Its lessons are as relevant today as they were back in 2012, when the banking union was created.
As deputy governor of the Bank of England, Sam Woods, correctly said, the great financial crisis was “the biggest growth-destroying event in recent economic history.”12 The crisis was a stark reminder of the economic, social and fiscal hardship that weakly regulated and supervised banks can cause for people. The last thing we should do is ignore the lessons of the financial crisis and allow a regulatory race to the bottom, which would compromise the resilience that has been carefully built up over the last decade.
It is a fundamental misconception to frame safety and competitiveness as opposing forces. It is essential to remember that resilient and well-capitalised banks are a pre-condition for competitiveness and sustainable growth.
Strong and resilient banks are best equipped to lend to the real economy, funding innovation, investment and growth, even during economic downturns13. Banking deregulation or more lenient supervision would weaken the foundations of growth.
It is true that European growth has been sluggish when compared with other regions, and addressing it is rightly a top priority. That is why we need policies to tackle the root causes of low productivity, promote innovation and bolster the single European market.
For instance, the EU will need an additional €5.4 trillion between 2025 and 2031 to advance our green transformation, accelerate the digitalisation of our economy and bolster our defence capabilities14. Faced with this mammoth task, deepening the capital markets union to help guide the required financing flows should be our highest priority. This will help channel private investments towards supporting innovation and the twin green and digital transition – ultimately fostering EU competitiveness.
To speed up the integration of a single banking market in Europe, we should now move forward and complete the banking union. As a first step, we must enhance the crisis management and deposit insurance framework so that the failures of small and medium-sized banks can be dealt with more effectively.
Second, we would welcome if member states were to resume discussions on setting-up a European-level public backstop to provide temporary liquidity funding to banks following resolution. The credibility of the resolution framework in Europe would be significantly enhanced by setting up a framework for liquidity in resolution.
Moreover, building on the strong foundations of the SSM and the Single Resolution Mechanism, we must pave the way for a common European deposit insurance scheme (EDIS). In the first decade of the SSM, risks have been significantly reduced and common supervisory standards have been established.
These preconditions for EDIS have now been met, and moving it forward will be important for severing any remaining feedback loops between banks and sovereigns, given that these proved so harmful during the sovereign debt crisis.
Conclusion
Ten years ago, when European supervisory teams started to come together for the first time, it was not at all certain that the SSM would be a success.
We have since built a strong and effective supervisory framework in Europe, perceptive to evolving risks and – whenever necessary and appropriate – insistent in making sure that material risks are addressed.
European banks have notably improved, proving resilient to shocks that we couldn’t have imagined a decade ago. This resilience is also a result of the strengthened supervisory and regulatory framework put in place after the global financial crisis, including the creation of the banking union.
Ten years ago, the first Vice-Chair of the SSM, Sabine Lautenschläger, invoked the parallel of an athlete at the beginning of a career, who trained extremely hard and achieved an excellent result in a first major tournament15.
To turn this promising start into a track record of sustained high performance, the athlete clearly cannot afford to rest on her laurels. Instead, she needs to go right back to the routine of constant training, to keep developing her skills and thus continue to build the foundation for future success on a day-to-day basis.
This conclusion is as relevant today as it was ten years ago, especially considering the challenges along the path ahead. Considering the macro-financial environment and volatile risk landscape, it is safe to say that there is a high likelihood of unprecedented shocks continuing to emerge over the next decade.
To make sure banks continue to serve European households and businesses under these challenging circumstances, we must ensure they remain resilient. Because a stable banking system forms the bedrock of long-term competitiveness and sustainable growth.
European supervisors will continue to work tirelessly to make sure banks are well capitalised and adequately manage their risks. In this way, in ten years’ time we can celebrate another successful decade of resilient banks under European supervision.
Endnotes
1. This includes cash balances and other demand deposits.
2. This tangible impact has also been widely recognised in several external reviews by, among others, an external expert group, the European Court of Auditors and the European Commission. The reports unanimously confirm that ECB Banking Supervision has successfully established itself as an effective supervisor.
3. Lagarde, C (2024), “Setbacks and strides forward: structural shifts and monetary policy in the twenties”, speech at the 2024 Michel Camdessus Central Banking Lecture organised by the IMF, Washington, 20 September.
4. Financial Times (2022), “Welcome to the world of the polycrisis”, 28 October.
5. This is enshrined in the BCBS core principles and has been a legal requirement for decades. According to this principle, banks must identify and adequately manage the risks they are exposed to.
6. 14 supervisory technology tools have already gone live and are making the daily work of 3,500 supervisors across the SSM easier, improving risk analysis, collaboration and the consistency of decision-making.
7. McCaul, E (2024), “Fading crises, shifting priorities: a supervisory perspective on the regulatory cycle”, speech at the conference on “EU banking regulation at a turning point”, Rome, 25 October.
8. See also Tuominen, A (2024), “Enhancing banks’ resilience against cyber threats – a key priority for the ECB”, The Supervision Blog, ECB, 26 July.
9. Elderson, F (2023), “Powers, ability and willingness to act – the mainstay of effective banking supervision”, speech at the House of the Euro, 7 December, and Elderson, F (2024), “Preparing for the next decade of European banking supervision: risk-focused, impactful and legally sound”, speech at the ‘10 years SSM and beyond’ event organised by Allen & Overy, 27 June.
10. Board of Governors of the Federal Reserve System (2023), Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank, April, p. 8; Basel Committee on Banking Supervision (2023), Report on the 2023 banking turmoil, October, p. 26; International Monetary Fund (2023), Good Supervision: Lessons from the Field, September, pp. 4 et seq.
11. See also Buch, C (2024), “Building a resilient future: how Europe’s financial stability fosters growth and competitiveness”, speech at the Financial Forum 2024, Budapest, 12 September.
12. Woods, S (2024), “Competing for growth”, speech at the Annual City Banquet, Mansion House, 17 October.
13. Budnik, K, Dimitrov, I, Gross, J, Lampe, M and Volk, M (2021), “Macroeconomic impact of Basel III finalisation on the euro area”, Macroprudential Bulletin, No 14, European Central Bank. See also Siciliani, P, Eccles, P, Netto, F, Vitello, E, Sivanathan, V and van Hasselt, I (2023), Paper 2: The links between prudential regulation, competitiveness and growth. Background working paper published by PRA staff in support of the conference on the role of financial regulation in international competitiveness and economic growth conference 2023, Bank of England Prudential Regulation Authority, 11 September. On the usability of buffers for bank lending, see Couaillier, C et al (2021), “Bank capital buffers and lending in the euro area during the pandemic”, published as part of the Financial Stability Review, November 2021, and Couaillier, C et al (2022), “Caution: do not cross! Capital buffers and lending in Covid-19 times”, ECB Working Paper, No 2644.
14. Bouabdallah, O, Dorrucci, E, Hoendervangers, L and Nerlich, C (2024), “Mind the gap: Europe’s strategic investment needs and how to support them”, The ECB Blog, 27 June.
15. Lautenschläger, S (2014), “Start of the Single Supervisory Mechanism: from the comprehensive assessment to day-to-day supervision”, speech at the Euro Finance Week, Frankfurt am Main, 18 November.
This article is based on a keynote speech given at the ‘10 Years of SSM – Looking back and looking forward’ conference organised by the European Banking Institute and the Hessisches Ministerium für Wissenschaft und Kunst, Frankfurt am Main, 4 November 2024.