Recovery and resolution planning
The role of internal audit
Over the past several years, banks have faced heightened regulatory scrutiny around capital planning programs and internal audit’s role in assessing these programs. Expectations of internal audit are raised as stakeholders look to the third line of defense to ensure that effective controls and processes are in place and operational with respect to their 2017 recovery and resolution plan submissions.
US regulators continue to flex their muscles and push resolution planning as a key regulatory driver to reduce systemic risk and the likelihood of an institution being “too big to fail.” On April 13, 2016, the Federal Reserve Board (FRB) and the Federal Deposit Insurance Corporation (FDIC)—collectively, the “Agencies”—jointly determined that certain resolution plans submitted by domestic systemically important banks (D-SIBs) were “not credible or would not facilitate an orderly resolution” under the US Bankruptcy Code. The Agencies also issued prescriptive guidance increasing expectations for the eight US D-SIBs’ resolution plan submissions due July 1, 2017 (2017 Guidance).
On June 8, 2016, the Agencies issued a joint press release extending the deadline for certain foreign banking organizations’ (FBOs) resolution plan submissions from July 1,
In addition to the resolution planning regulatory developments above, the FRB issued recovery planning guidance on September 25,
Internal audit’s impact
In response to these developments, institutions have allocated more resources and implemented strategic initiatives to address requirements outlined in the recovery and resolution planning guidance.
Regulators expect that institutions will embed resolvability concerns into business-as-usual (BAU) processes, potentially modifying risk management practices, contingency planning, operational policies and procedures, and governance practices. The risks arising from the complex and dynamic regulatory landscape create several opportunities for internal audit as the third line of defense. Internal audit departments that are able to effectively assess the associated risks can make an impact on business performance and extend their influence among stakeholders.
Ultimately, internal audit should evaluate whether the planning process had adequate governance and controls and produced a plan or related recovery and resolution capability that is complete, accurate, and consistent with internal and regulatory expectations. Taking it further, leading internal audit departments should find opportunities to turn the complex business issues associated with recovery and resolution planning into an opportunity for growth and resilience.