EU BANKING REGULATION

FOREWORD BY THE GOVERNOR OF THE BANK OF GREECE VII

FOREWORD BY THE AUTHORS XI

PART A

INTRODUCTORY CONCEPTS

CHAPTER 1

BASIC FEATURES OF BANKING FUNCTIONS 3

1.1. The special nature of banking functions 4

1.2. Banking risks and risk management 6

1.2.1. Credit risk 7

1.2.2. Market risk 8

1.2.3. Operational risk 8

1.2.4. Liquidity risk 9

1.2.5. Interest rate risk in the banking book 10

1.2.6. Risk management 10

1.3. Banking regulation: A theoretical framework 11

1.3.1. Asymmetric information 11

1.3.2. Externalities 12

1.3.3. Biases in individual decision making 13

1.3.4. Regulatory intervention 13

1.4. A brief history of the banking regulatory framework 15

1.5. Financial Safety Net 17

1.5.1. Prudential regulation and supervision of banks 18

1.5.2. Crisis regulation and management 18

1.5.3. Conduct regulation and supervision 19

1.5.4. Moral hazard 19

1.6. Banking regulation in extraordinary times 20

1.7. Additional literature 21

CHAPTER 2

THE EUROPEAN FINANCIAL SYSTEM ARCHITECTURE 23

2.1. Alternative forms of institutional organisation 23

2.2. European Union: From the Lamfalussy to the de Larosière 25

2.3. The European Banking Union 29

2.3.1. Theoretical approach 31

2.3.2. Empirical approach 32

2.3.3. Single Supervisory Mechanism (SSM) 33

2.3.4. Single Resolution Mechanism (SRM) 34

2.3.5. Harmonised Deposit Insurance System 36

2.4. The Capital Markets Union 38

2.4.1. The evolution of CMU 38

2.4.2. The Savings and Investment Union (SIU) 39

2.5. Additional literature 41

PART B

PRUDENTIAL REGULATION AND SUPERVISION OF BANKS

CHAPTER 3

CAPITAL ADEQUACY - THE BASEL APPROACH 45

3.1. Capital adequacy as a key policy of banking regulation and supervision 46

3.2. The Basel framework: From Basel I to Basel IV 47

3.3. The concept of bank capital 49

3.3.1. Accounting capital 49

3.3.2. Regulatory capital 49

3.3.3. Economic or Risk Capital 50

3.4. Pillar 1: Capital Adequacy Ratio 51

3.5. Regulatory capital 53

3.5.1. Tier 1 capital 53

3.5.2. Tier 2 capital 54

3.5.3. Deductions 54

3.5.4. Supervisory filters 54

3.5.5. Capital buffers 54

3.5.6. Capital adequacy ratios 56

3.6. Credit risk 57

3.6.1. Exposure at default 57

3.6.2. Risk weight 57

3.6.3. Standardised approach 58

3.6.4. Internal Ratings Based – IRB approach 61

3.6.5. Implementation of the IRB approach 63

3.6.6. Internal Ratings System 63

3.6.7. Quantification of parameters 64

3.6.8. Validation 65

3.6.9. Output floor 65

3.7. Market risk 66

3.7.1. Position risk 66

3.7.2. Foreign exchange risk 68

3.7.3. Counterparty credit risk 68

3.7.4. Settlement risk 69

3.7.5. Large exposures risks 69

3.8. Operational risk 69

3.9. Leverage ratio 70

3.10. Pillar 2: Supervisory review and capital assessment process 71

3.11. Pillar 3: Market Discipline 73

3.12. Additional literature 73

CHAPTER 4

BANK CORPORATE GOVERNANCE 75

4.1. Conceptual framework 75

4.2. International initiatives 78

4.3. Corporate governance in banks 80

4.4. The role of the Boards of Directors – tone at the top 84

4.4.1. Board structure 85

4.4.2. Board quality 87

4.5. Internal Control System 90

4.5.1. The three lines of defence model (3LD model) 91

4.5.2. Primary functions 91

4.5.3. Conflicts of interest 92

4.6. Remuneration policy 93

4.7. Additional literature 96

CHAPTER 5

LIQUIDITY AND LIQUIDITY RISK 97

5.1. The concept of liquidity 97

5.2. Liquidity provision from the European Central Bank 98

5.2.1. Monetary policy stance 98

5.2.2. Conventional policy tools 99

5.2.3. Non-conventional policy tools 101

5.3. Market liquidity 102

5.3.1. Traditional sources of liquidity 102

5.3.2. Innovative sources of liquidity 104

5.4. Lender of last resort - LOLR 106

5.5. Liquidity risk 108

5.6. Liquidity limits 110

5.6.1. Liquidity Coverage Ratio 111

5.6.2. Net Stable Funding Ratio 112

5.7. Liquidity risk management 113

5.8. Additional literature 115

CHAPTER 6

MACROPRUDENTIAL THEORY AND POLICY 117

6.1. Macroprudential regulation and oversight 117

6.1.1. Financial stability 119

6.1.2. Systemic risk 120

6.2. The organisation of macroprudential policy in the EU 121

6.3. The ESRB macroprudential strategy 123

6.3.1. The macroprudential policy cycle 124

6.3.2. Interaction with other policies 126

6.4. Macroprudential policy tools 127

6.4.1. Capital-based instruments 127

6.4.2. Liquidity-based instruments 128

6.4.3. Asset-based instruments 129

6.4.4. Specification of the instruments 129

6.5. Additional literature 130

CHAPTER 7

DIGITAL FINANCE 133

7.1. Digital finance and Fintech 134

7.1.1. The Fintech ecosystem 134

7.1.2. Digital transformation 138

7.1.3. Platform-based services 140

7.1.4. Enabling technologies 141

7.2. Financial technology in banks 143

7.2.1. New value creation chain 143

7.2.2. Platformisation of banking services 144

7.2.3. Fintech banks 145

7.3. Cryptoassets – a new asset class on the making 146

7.3.1. Distributed ledger technology — blockchain 146

7.3.2. Smart contracts 149

7.3.3. Cryptoassets 150

7.4. Digital money 153

7.4.1. Cryptocurrencies 153

7.4.2. Stablecoins 156

7.4.3. Central Bank Digital Currency (CBDC) 158

7.4.4. Digital euro 159

7.5. Enabling policies 160

7.5.1. The European Union strategy 161

7.5.2. Retail Payments Strategy 162

7.5.3. Transformative technologies and cryptoassets 164

7.5.4. Artificial Intelligence and ethics 166

7.5.5. Digital Operational Resilience 168

7.6. Additional literature 170

CHAPTER 8

SUSTAINABLE FINANCE AND ESG FRAMEWORK 173

8.1. Sustainable development – Sustainable finance 174

8.2. ESG framework 175

8.2.1. Environmental pillar risks – “E” 176

8.2.2. Social pillar risks – “S” 177

8.2.3. Governance pillar risks – “G” 178

8.3. Nature-related financial risks 179

8.4. Enabling initiatives 181

8.4.1. Responsible banking 183

8.4.2. Responsible investing 184

8.5. The European Union strategy 185

8.6. EU Taxonomy 186

8.7. Sustainability-linked financial instruments 188

8.7.1. Use of proceeds model 188

8.7.2. Counterparty profile model 189

8.7.3. Hybrid model 189

8.7.4. European Green Bond (EuGB) 190

8.8. Disclosures – Non-financial reporting 190

8.9. Integration of sustainability parameters into decision-making 192

8.9.1. Corporate governance 192

8.9.2. Risk management 193

8.9.3. Climate stress testing 194

8.9.4. Transition plans – a new risk management tool 195

8.9.5. Investment strategies 197

8.10. Additional literature 198

CHAPTER 9

SPECIFIC BANKING ISSUES 201

9.1. Stress testing 201

9.1.1. Bottom-up approach - micro stress testing 203

9.1.2. Top-down approach - macro stress testing 205

9.1.3. Supervisory exercises 206

9.2. Impairment 208

9.2.1. Provisioning policy 208

9.2.2. Impairment according to IFRS 9 209

9.3. Additional requirements for banks in corporate groups 211

9.3.1. Mixed or banking group 212

9.3.2. Cross-border groups 213

9.3.3. Financial conglomerates 214

9.4. Restrictions on risk appetite - Large Exposures 217

9.5. Additional literature 218

PART C

CRISIS REGULATION AND MANAGEMENT

CHAPTER 10

DEPOSITOR PROTECTION 223

10.1. Traditional bank runs 224

10.2. Digital bank runs 226

10.3. Deposit Insurance Systems 228

10.3.1. Forms of depositor protection 228

10.3.2. The design of a Deposit Guarantee System 230

10.4. The deposit guarantee framework in the European Union 231

10.4.1. Coverage limits 232

10.4.2. Funding 232

10.4.3. Eligible deposits and payout period 233

10.5. The European Deposit Insurance Scheme (EDIS) 234

10.6. Additional literature 236

CHAPTER 11

RESOLUTION OF NON-VIABLE BANKS 237

11.1. From bail-out to bail-in resolution 238

11.2. Preventive measures – Recovery and resolution planning 241

11.2.1. Recovery plans 242

11.2.2. Resolution plans 244

11.3. Resolution mechanisms based on transfer of assets 245

11.3.1. Purchase and assumption transaction 246

11.3.2. Bridge bank 246

11.3.3. Asset separation 247

11.4. Resolution mechanisms based on restructuring of liabilities (bail-in) 247

11.5. Minimum Requirement of Eligible Liabilities (MREL) 249

11.6. Additional literature 251

CHAPTER 12

MANAGEMENT OF NON-PERMORMING EXPOSURES 253

12.1. Conceptual approach 254

12.1.1. Non-performing loans (NPLs) and non-performing exposures (NPEs) 254

12.1.2. Forborne exposures (FBEs) 255

12.1.3. Exit criteria 256

12.2. The determinants of non-performing loans 257

12.2.1. Macroeconomic determinants 258

12.2.2. Institutional determinants 258

12.2.3. Bank-specific determinants 259

12.3. The impact of non-performing loans 260

12.3.1. Microprudential considerations 261

12.3.2. Macroprudential considerations 261

12.4. Alternative resolution policies 262

12.4.1. Internal Workout Units 264

12.4.2. Credit servicers 264

12.4.3. Asset Protection Schemes 265

12.4.4. Asset Management Company 266

12.4.5. Securitisation of impaired assets 268

12.4.6. Sale of impaired assets 269

12.5. Code of conduct 270

12.5.1. Cooperative borrower 270

12.5.2. Appropriate solution 271

12.6. Additional literature 272

PART D

REGULATORY INTERVENTION AND SUPERVISION OF THE BANK BEHAVIOUR

CHAPTER 13

PROTECTION OF RETAIL CLIENTS 277

13.1. The concept of “retail client” 278

13.2. Risk of unfair practices and unethical behaviour (conduct risk) 279

13.2.1. Improving consumer decision-making 281

13.2.2. Regulating bank conduct 282

13.3. Customer protection in the provision of investment services 284

13.3.1. Scope 285

13.3.2. “Know your customer” - (KYC) policy 287

13.3.3. Client classification 288

13.3.4. Suitability test 289

13.3.5. Appropriateness test 290

13.4. Customer protection regulations 291

13.4.1. Information provided to clients 291

13.4.2. Inducements 292

13.4.3. Best execution of orders 293

13.4.4. Conflicts of interest 294

13.5. Product governance 295

13.6. Insurance-linked investment products 297

13.7. Alternative trading venues 299

13.7.1. Regulated Markets – RMs 299

13.7.2. Multilateral Trading Facilities – MTFs 300

13.7.3. Organised Trading Mechanisms – OTFs 300

13.7.4. Systematic Internalisers – SIs 301

13.8. Additional literature 301

CHAPTER 14

MARKET INTEGRITY - INVESTOR PROTECTION 303

14.1. Transparency obligations in the primary market 304

14.2. Transparency obligations in the secondary market 305

14.2.1. Periodic information obligations 305

14.2.2. Ongoing information obligations 306

14.3. Market abuse 307

14.3.1. Insider trading (Use of inside information) 307

14.3.2. Persons in possession of inside information 309

14.3.3. Regulatory rules for persons in possession of inside information 310

14.3.4. Market manipulation 311

14.3.5. Illustrative examples of market manipulation 313

14.3.6. Manipulation of benchmarks 315

14.3.7. Trends and challenges in market abuse 317

14.4. Credit rating agencies 317

14.4.1. The regulatory framework 318

14.4.2. ESG-related ratings 320

14.5. Integrity of transactions 321

14.5.1. Algorithmic trading 321

14.5.2. Short selling 323

14.6. Additional literature 324

CHAPTER 15

CONSUMER PROTECTION 327

15.1. Consumer over-indebtedness 327

15.2. Financial literacy 330

15.3. Responsible lending 335

15.4. Responsible lending in case of mortgage credit 337

15.4.1. Borrower information obligations 338

15.4.2. Creditworthiness assessment obligations 339

15.4.3. Floating rate loans or foreign exchange index loans 339

15.4.4. The right to early repayment 340

15.5. Responsible lending in the case of consumer credit 340

15.5.1. Scope 341

15.5.2. Information obligations 342

15.5.3. Creditworthiness assessment 343

15.5.4. Consumer credit advertisements 343

15.6. Additional literature 344

CHAPTER 16

PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING 345

16.1. Criminal activities and money laundering 346

16.2. Money laundering phases 347

16.2.1. Placement phase 348

16.2.2. Layering phase 348

16.2.3. Integration phase 349

16.3. International cooperation and strategy 349

16.4. The scope of EU regulation 352

16.5. Risk-based approach to money laundering 354

16.6. Customer due diligence 356

16.6.1. Standard due diligence measures 356

16.6.2. Simplified due diligence measures 357

16.6.3. Enhanced due diligence measures 358

16.7. Cooperation with authorities 359

16.8. Typology of suspicious or unusual transactions 359

16.8.1. Cash-based typologies 359

16.8.2. Account and transaction-based typologies 360

16.8.3. Geographic and international typologies 360

16.8.4. Behavioural and documentary typologies 361

16.8.5. High-value assets and goods typologies 361

16.8.6. Financial instruments and services typologies 361

16.8.7. Businesses and institutions typologies 362

16.8.8. Digital assets typologies 362

16.9. Additional literature 362

PART A

INTRODUCTORY CONCEPTS

CHAPTER 1

BASIC FEATURES OF BANKING FUNCTIONS

The regulatory framework of the financial system constitutes an essential component for the proper functioning of modern economies. Financial institutions are subject to a set of rules and obligations, designed to ensure their financial soundness and their conduct towards customers. The design of such a framework is a complex endeavour that needs to take into account many factors, namely, economic, political and social ones. In the case of banks in particular, the framework should take into account their specific functions, such as pooling resources and their reallocating them to the real economy, facilitating payment systems, managing of information, handling uncertainty and risk and responding to crises, among others. Understanding the above functions is a prerequisite for understanding the regulatory framework for banks, as the latter is directly linked to the diverse roles banks play in the modern financial system. In this context:

• Section 1.1. addresses the special nature of banking functions,

• Section 1.2. covers the main banking risks and their management,

• Section 1.3. outlines the theoretical framework for imposing regulatory rules,

• Section 1.4. provides a brief historical overview to the banking regulatory framework,

• Section 1.5. discusses the financial safety net, which is set up by regulatory authorities to protect the critical functions of financial intermediation, and

• Section 1.6. addresses the issue of banking regulation in extraordinary times, inspired by the regulatory response to the pandemic crisis.

The main components of the safety net, prudential regulation and supervision, crisis management and regulation, as well as regulatory intervention and oversight of banks’ conduct, form the structure of this book.

Note that this chapter serves as an introductory chapter, briefing on all those concepts that are used in the banking regulatory framework. Readers familiar with these concepts may skip it without loss of continuity.

Keywords: Financial intermediation, mismatch of assets and liabilities, bank risks, risk management, information asymmetry, moral hazard, adverse selection, externalities, consumer biases, financial safety net, prudential regulation and supervision, crisis management and regulation, conduct regulation and supervision.

1.1. The special nature of banking functions

Academic literature and empirical studies have fully documented the importance of the banking sector and the way banks operate in modern economies. The effective channelling of capital flows from savings to investment activities forms an important factor for economic growth and prosperity, while banks facilitate the implementation of the most efficient investments and exploit economies of scale. A stylised model of the financial system is illustrated in Diagrams 1 and 2. There are economic entities with surplus funds (households, businesses and the public sector) but with no profitable investment opportunities, and other entities with deficient funds but with profitable investment proposals. The latter face two alternatives, the direct financing through capital markets or the indirect financing through banks. In the first case (Diagram 1) capital is raised through market mechanisms, such as stock exchanges, bond markets and money markets. In the second case (Diagram 2) “financial intermediaries” are introduced between economic entities, which aim to facilitate the flow of capital. These are banks, insurance companies, investment services etc., and their function is called “financial intermediation”. In the case of banks, excess funds of economic entities are entrusted to banks, in the form of deposits, which, in turn, allocate them to entities with deficient funds, in the form of loans.

Despite globalization, the importance of the banking sector varies from country to country. In general, it is possible to distinguish between economies which are dominated by banks (bank-based economies) and economies in which markets play a more important role (market-based economies). While this distinction is not absolute, Anglo-Saxon countries typically rely more on markets, with many companies raising capital directly from the market through the issuance of shares and/or bonds. On the contrary, in continental Europe, banks dominate company funding, and as analysed below, a political decision has been taken in the European Union, for the Capital Markets Union (see Chapter 2, Section 2.4), to strengthen the capacity of the companies, in particular small and medium-sized enterprises, to make direct recourse to the market for financing.

DIAGRAM 1 | DIRECT FINANCING MODEL

DIAGRAM 2 | INDIRECT FINANCING MODEL

The fundamental argument in favour of financial intermediation lies on the ability of banks to more effectively address various information-related problems. In a hypothetical economy where all participants possess perfect information and certainty, such as in Arrow-Debreu economies, banks and financial intermediaries would have no role to play. However, financial intermediation becomes essential when market participants possess partial or incomplete information.

Consider, for example, the financing of an investment project. The firm seeking funding typically has superior access to information about the investment and a clearer understanding of its quality compared to the potential entity that is willing to finance the investment. This disparity in information is known as asymmetric information (see Chapter 1, Section 1.3.1). According to the economics of information, the firm may utilize this advantage, which creates a need for the funds provider (the market or the bank), to implement costly monitoring mechanisms to protect its interests against inappropriate use of the advantage. Banking intermediation minimizes these costs as banks, due to their specialization, enjoy economies of scale in the production of information, thus lowering the cost of information acquisition. If information production were left entirely to the market, it would lead either to a duplication of efforts and a waste of resources or, more likely, to a complete lack of monitoring due to free-rider problems. In such cases,

individual investors are incentivized to rely on others to bear the cost of information gathering, resulting on insufficient overall monitoring.

The comparative advantage that banks possess in this area can be leveraged by depositors and investors through a process of delegation. In essence, banks act on behalf of depositors as risk assessors and monitors of borrower behaviour, compensating for the depositors’ limited capacity and incentive to gather information themselves. Depositors entrust their funds to banks, which in turn assume the responsibility of monitoring and assessing the financial health of the investment projects they finance. This concept of delegated monitoring is a cornerstone of modern banking theory.

Since banks can generate information more cost-effectively, they are able to offer a wide range of services. Broadly, banking activities can be categorized into brokerage activities and asset transformation activities. Brokerage activities involve facilitating transactions between parties with complementary needs. In this role, the bank acts as a neutral intermediary, earning a commission without taking on any financial position itself. As such, it is not exposed to financial risks but may incur non-financial risks, such as operational risk.

Asset transformation activities, on the other hand, involve altering the economic characteristics of assets and liabilities. This can include maturity transformation (e.g., converting short-term deposits into long-term loans), liquidity transformation (e.g., converting fixed-rate deposits into variable-rate loans), or currency transformation (e.g., converting euro-denominated deposits into dollar-denominated loans). Each of these transformations creates a mismatch between a bank’s assets and liabilities, leading to the formation of a financial position and exposure to associated risks. This inherent mismatch is the source of financial risk for banks. As a result, risk-taking is an intrinsic aspect of banking, and banking itself can be defined as the art of managing risks.

1.2. Banking risks and risk management

Banking risks can be classified in various ways. Different classifications have been proposed in the literature, depending on the cases and the objectives studied. The importance of each risk depends on the business model of each bank and the external environment in which it operates. For example, the market risk is more important for investment banks and it has gained prominence since the banks started to create significant positions in their trading book. The credit risk was always significant, as it is inherent to the core function of each bank, the lending portfolio, and becomes of particular importance during periods of financial distress. Operational risk was largely overlooked some years ago, until it was considered

as responsible for high-profile failures of historic banks (e.g. Barings), while some of its components (e.g. Information and Communication Technology risk — ICT risk) have gained prominence due to technological innovations in the provision of financial products and services.

1.2.1. Credit risk

Credit risk is defined as the risk of loss resulting from a borrower’s failure to meet contractual obligations. While all assets are exposed to credit risk, the primary focus is on the loan portfolio. The bank also faces variants of the credit risk, such as country risk, which is defined as the potential losses arising from exposure to a particular country, either directly (e.g. direct investment) or indirectly (e.g. cross-border exposure). The sovereign risk illustrates the potential loss if the host country’s central government defaults on its obligations or breaches the terms of its obligations.

Credit risk comprises three key components, namely, default risk, exposure risk and recovery risk. The default risk refers to the likelihood that borrowers fail in their contractual obligations, which normally triggers a renegotiation of the terms of the contract. The exposure risk refers to the total amount which is subject to credit risk. For the loan portfolio the total amount is the same as the nominal value of the facilities but its measurement is complicated in the case of off-balance sheet items, where the credit equivalent has to be calculated. The recovery risk refers to the bank loss rate in relation to the amount due in case of default, taking into account the liquidation of the collateral and guarantees.

Therefore, based on these components, the credit risk can be described by assessing three parameters:

• The probability of default (PD) that relates to the likelihood of a borrower or a group of borrowers to default on their liabilities to the bank. It is expressed as a percentage.

• The loss given default (LGD), which relates to the loss, which the bank may incur in the event of default. It is expressed as a percentage of the total exposure at default.

• The exposure at default (EAD), which relates to the exposure that is subject to credit risk at the time of default. It is expressed as a monetary amount in the currency of the portfolio.

Having assessed the three above parameters, the bank can calculate the expected loss (EL) due to the default of n borrowers’ portfolio p as:

The expected loss reflects the average anticipated loss which may occur under normal conditions. The expected loss, precisely because it is “expected”, is not part

of the bank risk, but of its cost structure, because, since it is being “expected”, the bank

may take measures to cover it. These measures refer to pricing and provisioning. In the former case, the interest margins are increased to cover the expected loss, while in the latter the profitability of the bank is affected from the provisions (see Chapter 9, Section 9.2).

1.2.2. Market risk

The market risk is defined as the risk of a change in the value of the bank trading book assets due to fluctuations in market prices. Price fluctuations refer to upward or downward shifts in interest rates, exchange rates, share prices (or indices) and commodity prices. A trading book is a portfolio comprising positions with trading intend and positions with hedging intend associated with other trading book elements. The financial instruments which make up a trading book are typically bonds and other securities, foreign exchange positions, shares, positions in commodities, mutual funds, and derivatives with underlying asset any of the above.

The market risk has five components:

(i) position risk (general risk and specific risk),

(ii) exchange rate risk,

(iii) counterparty risk,

(iv) settlement risk, and

(v) large exposures risk from the trading book.

The general position risk refers to the change in the value of a financial instrument due to a change in its market price, while the specific position risk refers to the change in the value of a financial instrument due to changes in the creditworthiness of its issuer. The foreign exchange risk relates to the losses due to unexpected currency fluctuations, affecting both trading and banking books, which are denominated in a foreign currency. Counterparty risk refers to the likelihood of a loss if the counterparty to a transaction breaches its obligations before the final settlement of the transaction. Settlement risk refers to the likelihood of a loss caused by an adverse change in the price of a financial instrument in case it has not been settled after conventional settlement dates. Large exposures risk from trading positions relates to the exceeding of large exposure limits for specific counterparties when the excess comes from the trading book.

For the market risk assessment, the established methodology is the “Value at Risk” (VaR) models. These reflect the maximum potential loss that the bank can sustain in a given time period, with a given probability. The time period and probability depend on the investment period and the degree of risk tolerance.

1.2.3. Operational risk

The operational risk is inherent to any activity of the bank and the traditional approach considered it as “the cost of doing business”, which means that it is

sufficient to be monitored ex-ante instead of managing it ex-post. The Basel framework changed this traditional approach and recognised the operational risk a distinctive risk category, while its management created a new area of knowledge, with its own structure, tools and processes.

The definition of operational risk refers to the loss which may occur to a bank as a result of a failure in internal processes, intentional or non- intentional human errors, ineffective systems or external events. This definition includes the legal risks, but excludes strategic, reputational and systemic risks. To further facilitate the implementation of this definition, the framework distinguished seven regulatory risk categories, which tend to become benchmarks on the market, namely, external fraud, internal fraud, employment practices and workplace safety, clients, products and business practices, damage in physical assets, business disruption and system failures, and execution, delivery and process management.

From time to time, some components of the operational risk are gaining in importance while others are receding. Recently, two components are considered to be of increasing significance, and in many cases are dealt with separately, the conduct risk and the ICT risk. The conduct risk refers to the possibility that bank services do not correspond to the risk profile of its customers (see Chapter 13, Section 13.2). The information, communication and technology risk (referred as ICT risk) refers to the likelihood of a loss caused by the increasing use of technological tools for the provision of banking products and services.

1.2.4. Liquidity risk

The liquidity risk refers to the inability to raise sufficient funds at a reasonable cost in order for the bank to implement its business plan, to cover its obligations and to continue its operations. Obligations may come from the liability side, as failure to renew liabilities that are maturing and/or as unanticipated deposit withdrawals, or from the assets side as an expected use of authorised limits and/or as a failure to liquidate assets without any significant loss in value. It is evident that the elements of liquidity risk are a combination of endogenous factors (e.g. investment policy) and behavioural factors of customers (e.g. behaviour of the depositors in market pressures). Four risk factors can be identified:

(i) the degree of concentration of the sources of funding,

(ii) the level of stable (core) deposits, that is the level of deposits that are not sensitive to changes to the external economic environment,

(iii) the amount of the undrawn credit commitments, and

(iv) the degree of marketability of the assets.

This analysis refers to a “traditional” approach to liquidity risk. However, the reality and the innovations in the financial markets have raised additional risk factors, which in some cases are blurred. For example, the wide application of the originate and distribute model (securitization) or the step-in risk, which is related to bank

practices of intervening and providing financial support to subsidiaries beyond their contractual obligations, create new dimensions in bank liquidity risk.

The assessment of the liquidity risk is based on the “liquidity gap”, which is the result of the maturity mismatch between assets and liabilities. The corresponding inflows and outflows are estimated at different times and the “liquidity gap” is estimated, positive or negative, as the difference between inputs and outputs. Positive “liquidity gap” results in loss if interest rates fall, whereas for negative “liquidity gap” the loss is the outcome of interest rate increase. The “liquidity gap” is usually compared with the available liquidity, i.e. cash and other near-cash elements, which can be directly liquidated in the financial markets and capital markets, without loss in price.

1.2.5. Interest rate risk in the banking book

The interest rate risk refers to a change in the net position of a bank due to fluctuations in market interest rates. This is due to the maturity of claims and obligations for fixed interest rate cases or to the repricing time period for floating rate cases. If the redenomination of the interest rates in assets is shorter than the redenomination of the interest rates in liabilities, then an unexpected decrease in interest rates leads to a loss. If the redenomination of the interest rates in assets is longer than the redenomination of the interest rates in liabilities, an unexpected increase in interest rates leads to a loss. The loss may relate to the profitability of a bank (earnings perspective), where changes in interest rates affect the bank net interest income and profits. Two cases can be distinguished, the reinvestment risk where returns on capital reinvested are less than the cost of raising capital, and the risk of refinancing, where the cost of investing capital exceeds the return on investments.

Alternatively, the loss may be related to the economic value of a bank (economic value perspective), where changes in interest rates affect the current value of all assets and liabilities, their value being defined as the present value of future flows, discounted at the relevant market rate. Therefore, changes in interest rates generate changes in the value of these assets and liabilities, which are not necessarily completely hedged. The net effect of these changes is reflected to the value of the bank net position.

1.2.6. Risk management

The management of the banking risks constitutes one of the most important functions of the bank while its overall strategy is reflected in the risk appetite framework, which is drawn up by the bank’s top management structure. The risk appetite reflects the level of risk that the bank is prepared to assume in order to carry out its business objectives. This depends on the risk preference and the risk absorption capacity and is reflected by the policy limits, the policy of caps as well as the policy for triggers that enact corrective measures.

Four risk management approaches can be distinguished, risk avoidance, risk acceptance, control and management of expected loss, and risk transfer.

Risk avoidance refers to the bank’s deliberate decision not to be exposed to a specific risk. If the risk profile does not match the risk preferences, then risk avoidance is the best practice. It is confronted though with the opportunity cost of loss of revenue due to non-risk-taking.

Alternatively, the bank can accept the risk and potential negative consequences, whenever they are realised. If the risk profile and the scale of the impact are within the bank’s potential, then risk acceptance can be an alternative policy. Any effects are not expected to impact the financial soundness of the bank.

Alternatively, the bank can take measures to mitigate the effects of a loss event. This can be achieved by implementing a risk measurement system and risk limits and a stop-loss policy.

The bank’s last option is to transfer the risk to whoever is prepared to undertake it. If the characteristics of the bank are no longer aligned with the risk already taken, the risk can be “transferred” or hedged to a more qualified entity, which has the possibility of better management. This can be done by using financial derivatives. The bank can be covered from the effects of customer insolvency (credit event) through credit derivatives or credit guarantees, while from the changes in market prices (market event), through financial derivatives.

Hedging is considered as a positive action, limiting the effects of a negative event and stabilising revenue and expenses. However, it can be also considered as a negative action, since the creation of value by the bank depends on the degree of risk-taking rather than on the degree of risk hedging. Therefore, the choice of hedging must be assessed in the light of the value creation for the bank.

1.3. Banking regulation: A theoretical framework

In the classical economic doctrine, regulatory intervention is justified in cases of market failure. The same principle applies to the case of the banking sector where multiple causes of market failure can be identified.

1.3.1. Asymmetric information

Asymmetric information refers to situations where the two parties entering into a contract have unequal access to information. In such cases, information economics highlights two key effects: moral hazard and adverse selection. Moral hazard refers to possible behavioural problems after a contract is concluded, when the agent may not fulfil its contractual obligations. The agent is likely to act for its own interest, diverging from the tasks assigned by the principal. The regulatory framework governing the contract can either mitigate or exacerbate this discrepancy in behaviours. One solution for the principal is to clearly define appropriate actions by the agent within the contract and establish a verification mechanism to monitor compliance.

Adverse selection occurs before the contract is concluded. In any transaction, the seller typically has better knowledge about the quality of the product than the buyer. If the buyer cannot distinguish between high- and low-quality products, they may only be willing to pay a price that reflects average quality. However, pricing at average quality drives high-quality products out of the market, leaving only inferior ones, an effect known as the “lemon market”. This negative outcome can be reversed if sellers of high-quality products are able to credibly differentiate themselves, for instance through quality certifications or reliable signalling.

Asymmetric information is widespread in banking activities and is often particularly severe. Many banking products are complex and difficult to compare, while customers generally possess less information and fewer resources to interpret it. Consumer protection regulations aim to reduce this information gap.

Adverse selection also affects depositors and other creditors. A deposit contract is essentially a promise of future payment, and the depositor’s confidence depends on the bank’s solvency. However, most depositors lack the means, knowledge, or expertise to assess a bank’s solvency. In the face of uncertainty, depositors demand higher interest rates, which tend to be offered by weaker banks, ultimately pushing more robust institutions out of the market. To address this, governments have introduced deposit guarantee schemes, which remove depositors’ uncertainty. However, this also removes their incentive to monitor and discipline banks, increasing the risk of moral hazard. Banks may take on riskier investments, knowing that depositors are protected. Thus, effective intervention requires a supervisory mechanism to replace the lost incentives for market discipline.

1.3.2. Externalities

In a perfectly competitive market, resource allocation is Pareto optimal. Each participant acts in their own interest and considers only their private marginal costs. Externalities occur when a decision-maker does not bear the full social cost or benefit of their actions, thereby shifting part of the cost or benefit to others. For instance, a power plant that pollutes the air without bearing the cost of environmental damage imposes a negative externality on society. In such cases, private costs differ from social costs, leading to a suboptimal allocation of resources. Conversely, a factory that adheres to environmental standards, generates positive externalities by contributing to social welfare. To address negative externalities, regulatory intervention is needed, through either direct regulation of market behaviour or moral suasion and penalties, to force private actors to internalize the social costs of their actions.

In the banking sector, negative externalities are evident because the social cost of a bank’s failure exceeds the private cost to its shareholders. The collapse of a single bank can have far-reaching consequences due to the interconnectedness of banks through the interbank market, payment systems, and derivatives. For example, the failure of Bank A may lead to a crisis of confidence, affecting unrelated

Bank B. Customers are losing access to credit if their bank fails while fire sales of assets to meet liquidity needs may trigger a liquidity spiral and broader solvency problems. Widespread deleveraging can result in a credit crunch, weakening the economy and raising default probabilities. These externalities can be reduced if banks operate within a safety net that creates the right incentives.

Positive externalities also exist. For example, banking services, such as payment systems, act as public goods, allowing individuals to transact using deposits without directly contributing to the systems cost. This leads to free-riding of the public good, where users benefit without paying, resulting to under-provision of the service when supplied by private actors. Regulatory intervention is therefore necessary to ensure an optimal level of provision.

1.3.3. Biases in individual decision making

Economic theory assumes that rational consumers are making choices that promote their best interests, which are revealed by their preferences. Empirical studies from the field of behavioural finance concluded that selection criteria as well as the preferences are not always rational. It has been widely accepted that people face cognitive limitations and cannot process all available information, leading to irrational behaviour due to biases and heuristics. Consumers often simplify complex choices, opt for satisfactory rather than optimal solutions and choose immediate gratification based on reference points. Such decisions may not align with their best interests.

Empirical research has shown that the consumer in many cases takes decisions dominated by biases, such as “inertia”, i.e. sticking with an existing product even if there are superior options with better combination of risk and return, or “anchoring”, i.e. overlying in a specific piece of information, thus making mistakes in the simplification process or “overconfidence”, i.e. the tendency to overestimate one’s knowledge or abilities.

A further complication is that it is often impossible to identify which bias is affecting a particular decision, rendering targeted corrective measures difficult. Moreover, decision-making is influenced by the framing effect, that is individuals respond differently to identical problems depending on how they are presented. Therefore, regulation should aim to enhance consumer decision-making while preventing banks from exploiting irrational behaviours through misleading or unfair practices.

1.3.4. Regulatory intervention

Banks therefore, operate with a number of regulations which aim to:

• ensure that they are financially sound (prudential regulation), and

• protect consumers and investors from unfair practices (conduct regulation).

However, these are not the sole goals. Additional objectives include financial stability, market efficiency, orderly resolution of failing banks, and promotion of competition. These objectives often conflict and cannot be met simultaneously. For example, consumer protection may be in conflict with financial stability when the latter has to resort to restrictions of consumer choices. Regulatory authorities must prioritize these goals, which requires an authority with a comprehensive overview and the ability to decide when to emphasize certain objectives over others.

In addition, the imposition of regulations implies costs. Two types of cost can be distinguished, the direct cost of compliance with regulatory standards (compliance cost) and the indirect cost of loss of welfare (welfare cost). The cost of compliance relates to the cost of producing and maintaining the information and the systems required to meet regulatory standards. The cost of welfare loss arises as the regulatory requirements, in many cases, lead to a reduction of due diligence in the provision of banking activities. It is generally accepted that regulations lead to a reduction in profits, so banks, partially or totally, offset lost profits by investing in riskier investments with a view to higher returns. Compliance with the regulatory standards can also provide an illusion of safety. The granting of a loan within the permitted limits may prevent further analysis of the borrower’s creditworthiness.

Therefore, the imposition of regulations is a cost-benefit decision. The benefit is to avoid negative externalities, asymmetric information, as well as the misuse of consumer biases, while the costs incurred are compliance costs and welfare costs. Even if the balance is positive, in order for the implementation of the regulatory framework to be effective, control mechanisms should be put in place to monitor and enforce the application of the rules.

All modern economies have established competent authorities tasked with market oversight and systemic stability. This reflects the public interest theory, which holds that supervision aims to maximize social welfare. Bank failures tend to hurt small depositors the most, who may panic and trigger broader economic effects. From this perspective, regulatory authorities should align their interests with those of small depositors, this is known as the representation theory. However, critics argue that regulatory authorities may not be able to ignore the interests of other stakeholders, such as shareholders and bondholders. There are also practical limitations since regulatory authorities operate within socio-political constraints that may limit their authority and available tools.

According to private interest theory, supervisors may act in favour of the banking industry, influenced by the broader political system. A common criticism is that regulation creates barriers to entry, giving established banks a competitive advantage or “rent”. The Chicago School offers a more radical view, suggesting that supervisors are driven solely by self-interest and may be captured by the banks they oversee, rendering regulation ineffective or even redundant.

1.4. A brief history of the banking regulatory framework

Banking regulation has historically followed a cyclical path, continuously balancing three fundamental, and often conflicting, objectives: the creation of a robust and efficient banking system, the safeguarding of financial stability, and the enforcement of a resolution framework that addresses moral hazard.

In the 1930s, banking regulation was relatively lax, prioritizing efficiency at the expense of financial stability. This regulatory leniency contributed to widespread bank failures and bank runs, culminating in the 1933 Great Depression. During that crisis, the U.S. banking system was shut down for six days through a government-mandated bank holiday. It only reopened following substantial government intervention, including the establishment of a deposit guarantee scheme. The lessons of the Great Depression led to a sharp regulatory shift in the opposite direction, emphasizing financial stability over efficiency. Strict operational conditions were introduced, limiting competition, restricting entry into the sector, capping interest rates, controlling bank size, and narrowing the scope of permitted activities.

While these measures were partly successful, as they reduced the risk of insolvency, deposit runs, and the need for public recapitalization, they also harmed banking efficiency. Banks, unable to compete on price, turned to quality competition, leading to an excessive expansion of the banking network. Meanwhile, from the 1970s onward, a parallel non-bank financial sector (e.g., money market mutual funds) emerged, competing with core banking functions. This development put pressure on banks’ financial health and triggered a wave of deregulation, most notably the liberalization of interest rate controls. In the U.S., deregulation included the lifting of geographic restrictions on bank expansion and the repeal of the mandatory separation between commercial and investment banking. Proponents argued that deregulation would allow for greater diversification and reduce overall risk. The deposit insurance system was seen as a backstop for financial stability, while risk-based supervision was considered a check on moral hazard.

However, this deregulation period, spanning roughly three decades, ultimately failed to preserve financial stability. From the 1970s onward, numerous bank crises erupted due to macroeconomic imbalances and imprudent bank behaviour. Deregulation distorted incentives and revived moral hazard: undercapitalized banks took on excessive risks, anticipating that any failure would be covered by government bailouts (“gamble for resurrection”). Large banks exploited their “too big to fail” status or their interconnection with sovereign states (the bank-sovereign nexus), engaging in practices that worsened their financial positions. Public bailouts were seen as inevitable to avoid disruptions in sovereign bond markets and the real economy. This created a dangerous “doom loop”, banks and governments became so intertwined that the failure of one could severely damage the other, increasing systemic uncertainty.

Simultaneously, the repeal of restrictions between commercial and investment banking led to the rise of universal banks offering innovative financial products. While these innovations diversified investment options, they also increased bank size and complexity, undermined transparency, and often sought to circumvent regulations through regulatory arbitrage. In the lead-up to the 2007-08 global financial crisis, the dominant paradigm was the market efficiency school of thought. The era was marked by relative financial calm, deeper financial intermediation that benefited consumers, and a reduction in visible financial instability. Deposit insurance fostered public confidence, as it was widely assumed that governments would cover any losses, a belief reinforced by consistent bailout precedents that shielded depositors from losses. This perception shattered on 15 September 2008, with the high-profile bankruptcy of Lehman Brothers, a major investment bank. For the first time, it became evident that depositors (especially in wholesale banking), not just shareholders, could suffer losses. This led to widespread panic, a freeze in the interbank market, and forced governments to initiate massive bailout programs using public funds. Lehman’s collapse marked the end of the deregulation era and triggered a regulatory paradigm shift. The banking system entered a phase of re-regulation. The efficient market hypothesis lost favour, while the unstable markets school of thought gained ground, advocating stronger regulatory intervention.

The first step in this new direction was the commitment by policymakers to prevent a repeat of the 2008 crisis. Numerous committees were established to investigate the root causes and propose reforms. In the European Union, the De Larosière Group report was influential and served as a guidance to changes in the architecture of the financial system (see Chapter 2, Section 2.2).

At the same time, the philosophy of supervision evolved. The earlier belief, that the soundness of individual financial institutions ensured the soundness of the system as a whole, proved flawed. It became clear that a macroprudential approach was needed to complement microprudential regulation. New structures (European Systemic Risk Board — ESRB in the euro area and the Stability Oversight Board in the US). These bodies were tasked with overseeing system-wide risks, including financial infrastructure and the build-up of systemic vulnerabilities.

Governments also introduced bank resolution frameworks. However, these efforts often came at a high fiscal cost, leading to increased public debt. It became evident that the bank-sovereign nexus needed to be severed. This led to the establishment of crisis management frameworks, designed to provide predefined rules and expedited procedures for resolving failing banks, essential for reducing uncertainty and ensuring financial stability. Given the unique characteristics of banking, ordinary insolvency procedures under general corporate law were deemed

inadequate. Thus, special resolution regimes tailored to banks were created to address these challenges effectively.

The regulatory architecture in both Europe and the U.S. has since undergone significant transformation. A wide array of new regulations has been implemented. While these have improved systemic resilience, they have also led to regulatory fatigue as banks constantly adapt to shifting requirements.

Going forward, there is broad consensus that the focus should now be on the implementation and enforcement of the new rules. Only through careful monitoring can regulators assess their effectiveness and make targeted adjustments where necessary..

1.5. Financial Safety Net

If bank risk management is effective, risks remain within acceptable limits and any negative impact can be absorbed through profits, provisions, or capital buffers. Otherwise, a bank may face distress due to capital depletion, necessitating appropriate resolution, closure, or liquidation. The failure of a single bank can harm depositors and creditors but may not threaten the financial system as a whole. However, banking systems are inherently vulnerable to systemic crises, often triggered by a chain reaction of liquidity or solvency issues spreading from one bank to others. To mitigate these risks and safeguard financial stability, two complementary approaches are employed:

(i) the implementation of market discipline, and

(ii) the creation of a financial safety net.

It should be noted that the two approaches are not mutually exclusive. On the contrary, the regulatory authorities typically pursue both simultaneously.

The first approach emphasizes market discipline as a safeguard against excessive risk-taking. While rooted in the classical “invisible hand” concept attributed to Adam Smith, modern financial theory refines market discipline into concrete mechanisms by which market participants “send signals” to banks engaging in high-risk behaviour. These signals may take the form of:

(i) price effect, where investors demand a higher return on bonds issued by the bank, or

(ii) quantity effect, where depositors withdraw their funds from the bank, or

(iii) valuation effect, where market participants put pressure on the bank stock price.

For market discipline to be effective, participants must have proper incentives, most notably, the risk of incurring losses. Additionally, they must have access to relevant information, the capacity to interpret it correctly (monitoring discipline), and the ability to influence bank behaviour (influencing discipline).

Market discipline gained significant traction among policymakers (see Chapter 3, Section 3.11). However, the 2007–08 global financial crisis revealed the volatility

and limitations of market forces, leading to a renewed emphasis on the need for a well-designed financial safety net to complement market mechanisms. The safety net comprises the regulatory framework, the regulatory authorities responsible for regulatory intervention and the supervisory authorities responsible for supervising compliance with the regulatory framework. In this context the financial safety net comprises three main components, which relate to the three main parts of this book:

(a) Prudential regulation and supervision of banks (Part B).

(b) Crisis regulation and management framework (Part C).

(c) Conduct regulation and supervision (Part D).

1.5.1. Prudential regulation and supervision of banks

This framework operates on two levels:

• microprudential regulation, which focuses on the financial soundness of individual banks, and

• macroprudential regulation, which assesses the impact of individual bank behaviour on the broader financial system and the real economy.

Both forms aim to minimize the likelihood of bank failures and contagion effects. The most basic regulation is related to bank regulatory capital, corporate governance, liquidity and liquidity risk, digital transformation and the contribution to sustainable development. Regulations are also designed to address systemic risk and risk of contagion. The above topics correspond to the chapters of Part B of this book.

1.5.2. Crisis regulation and management

Crisis regulation seeks to limit the adverse effects of domestic or international financial crises on the real economy. This involves a complex, three-stage framework:

(i) The preventative phase, with a key focus on enhancing bank readiness to deal with adverse situations through the drawing up and maintaining of, (a) recovery plans (by banks themselves) with measures to be taken following the significant deterioration of the financial situation of a bank and, (b) resolution plans (by national resolution authorities) with measures to be taken in the event of a bank resolution.

(ii) The early intervention phase, with the main objective of preventing an expansion of a crisis, by granting the competent authority the power to intervene in the event of a difficult situation for a bank, e.g. through the appointment of a temporary administrator to the bank, and by enacting essential tools such as deposit guarantee and the lender of last resort.

(iii) The resolution phase, giving competent authorities a number of powers, e.g. through the use of the bail-in tool, the sale of the institution undergoing restructuring or its merger with another institution, in order to ensure orderly resolution of banks, which failed or are likely to fail, or the resolution of portfolios with non-performing exposures.

The above topics correspond to the chapters of Part C of this book.

1.5.3. Conduct regulation and supervision

Conduct regulation governs bank behaviour toward clients, aiming to prevent unfair or unethical practices, referred to as conduct risk, that violate codes of conduct or professional standards. While consumer protection has many dimensions, the analysis focuses exclusively on the provision of banking services and products, namely, the provision of investment services to clients, the mortgage credit loans, the protection against market abuse and transparency. The core objective is to ensure banks offer products that are suitable and appropriate to each client’s risk profile. Another critical issue is money laundering, whether intentional or unintentional, where regulation aims to prevent the misuse of banks for criminal purposes. The above topics correspond to the chapters of Part D of this book.

1.5.4. Moral hazard

Despite the clear necessity of a financial safety net, its effectiveness depends heavily on managing moral hazard, a fundamental issue in banking. Moral hazard arises when institutions alter their behaviour because they expect to be protected from the consequences of their actions. For example, if banks anticipate unlimited central bank liquidity through the lender of last resort, they may become less cautious in managing liquidity risk. A second example of moral hazard concerns the deposit guarantee scheme, where depositors, who enjoy the guarantee, have less incentives to monitor a bank, and eventually they may deposit their funds with riskier banks, which may offer higher interest rates. Banks themselves are likely to show less diligence in their risk management, knowing that losses will be absorbed by the guarantee fund rather than their own capital.

While the existence of a public safety net may distort the risk-taking behaviour of banks, a particular category of banks, the systemically important financial institutions (SIFIs), are considered particularly prone to excessive risk taking. These banks are considered too-big- to-fail because their possible collapse is a rather prominent event, which can undermine trust in the entire banking system, prompting runs on otherwise healthy institutions. Further, large banks usually have large bilateral exposures with other banks, and this interconnectedness is likely to create a “domino effect”. Both elements enhance the risk of moral hazard, when banks take government support for granted to overcome difficulties. Following the

international crisis of 2007-08 a large part of the efforts to reform the regulatory framework focused on addressing the issue of the too-big-to-fail banks.

To address moral hazard effectively, the safety net must operate under a “veil of ignorance”, that is, banks and market participants should not be able to predict with certainty the extent to which support mechanisms will be available. At the same time, the safety net must be well-designed to offer the right incentives, credible, and supported by a fiscal backstop, the ultimate safeguard in times of extreme systemic stress.

1.6. Banking regulation in extraordinary times

Extraordinary times require extraordinary measures. Such periods amplify uncertainty and highlight the reality that our understanding of the financial environment is inherently limited. Banking regulation, when appropriately designed, can help mitigate uncertainty and its impact on both the financial sector and society as a whole. If the banking sector is the source of uncertainty (as in the 2007–08 global financial crisis), root cause analysis can help identify vulnerabilities and inform corrective action. If the banking sector is not the source of uncertainty (as in the 2020 pandemic), regulation can act as a powerful enabler of recovery, positioning banks and the broader financial system as part of the solution. In either case, the objective of banking regulation remains the preservation of public confidence in the sector. Therefore, any regulatory adjustments must be flexible, transparent and accountable. The adjustments should also be necessary, in the sense that there is no feasible alternative, accurate, so as to maintain clarity of purpose, and temporary, so as to ensure removal once no longer needed.

The measures can be categorized in three groups:

• alignment with the measures taken from official sectors,

• supervisory forbearance, and

• temporary loss concealment.