Tackling Key Issues in Banking and Capital Markets

INDUSTRY VIEWS
the journal
Tackling the key issues in banking and capital markets*
June 2006
1
Contents
Page
Editor’s comments 2
The Markets in Financial Instruments Directive: 4

European regulation with global impact
Russia’s banking sector: Huge growth potential 10

for aggressive players
The practical application of Pillar 2: Understanding what 16

supervisors are looking for in a bank’s capital assessment
24
Securitisation – an exotic option or a necessity?
Confident in compliance? 32
40
Does identity theft affect your organisation?
Editor’s comments
by Chris Lucas
the journal • Tackling the key issues in banking and capital markets
Chris Lucas
Chairman, Global Banking &
Capital Markets Executive Team
Tel: 44 20 7804 9652
Email: christopher.g.lucas@uk.pwc.com
Welcome to the June 2006 edition of the and over 1,200 commercial banks, months. In ‘Confident in compliance’,
journal. The past few months have seen it seems Russia’s banking sector has Martin Hislop, Jan Willem Kaptein and
some challenging new developments a huge potential for profitable growth. Alex Shapland explore the principal
within the global banking and capital Economic growth, higher real incomes objectives and management of
markets industry. and more purchasing power, as well compliance reporting within a financial
as increasing transparency and market services organisation, as well as
The potential impact of the Markets in openness are generating significant suggesting the key elements needed
Financial Instruments Directive (MiFID) interest in this country’s financial services in a well-structured and effective
on the financial services sector is of such sector. In our country profile ‘Russia’s compliance-reporting framework.
significance that all firms should already banking sector: Huge growth potential
be assessing the impact of the proposed for aggressive players’, Rick Munn, In 2003, the US Federal Trade
requirements on their business. Not Evgeniy Kriventsev and Oleg Mosyazh Commission found that 215,000 reports
only does it present wide-ranging provide an in-depth analysis of the of identity theft and fraud had cost
organisational challenges, affecting key sector and the potential opportunities, Americans at least US$437 million.
areas of the business, but it will also and risks, that exist there. As identity theft attacks become
impact the way markets operate. Firms increasingly more frequent and diverse
need to consider changes to their ‘Regulators across the world face a range across the globe, in ‘Does identity theft
internal procedures and systems, and of unenviable challenges in seeking affect your organisation?’, Mark Vos,
to the procedures by which, and the to interpret and supervise Pillar 2, Jan Schreuder and Philip Riley look
systems through which, they will interface write Richard Barfield, Chris Matten at how identity theft is threatening the
with the new market structure and other and Shyam Venkat in ‘The practical banking industry and explore practical
market participants. In our opening article application of Pillar 2: Understanding measures organisations can take now
entitled, ‘MiFID: European regulation with what supervisors are looking for in a to protect themselves against the risks.
global impact’, Graham O’Connell and bank’s capital assessment’. Regulators’
Matthew Oswald assess some of the expectations, the views and concerns I hope you find this edition of the journal
key requirements of the Directive and of industry participants, and the many of interest. Please do continue to provide
its impact on business strategy and practical considerations are some of us with feedback on the topics you would
operations within the banking industry. the areas tackled in this article. like to see addressed in future editions.
The Russian banking sector potentially Effective compliance reporting is

offers a vast and largely untapped receiving increasing focus within banking
opportunity. With a population of institutions, reflecting the profile of
144 million, increasingly wealthy citizens compliance risks and issues in recent
The Markets in Financial Instruments Directive:
European regulation with global impact
4
by Graham O’Connell and Matthew Oswald
Graham O’Connell Matthew Oswald
Director, Financial Services Senior Consultant,
Regulatory Practice, UK Financial Services, UK
Tel: 44 20 7212 3826 Tel: 44 20 7804 4230
Email: graham.r.oconnell@uk.pwc.com Email: matthew.c.oswald@uk.pwc.com
Why is MiFID important? (see Figure 1) and services (see Figure 2) investment markets. It is for this reason
and establishes rules around governance, that MiFID should not be considered as
The Markets in Financial Instruments trading, risk, compliance, operations, a ‘compliance’ issue, but as a far more
Directive (MiFID) is one of the most systems, customer documentation and fundamental driver for business change
significant pieces of Financial Services outsourcing (see Figure 3). The main in investment firms and markets.
legislation to be enacted by the European objectives are increasing price
Parliament to date. It will result in a transparency in the markets; increasing A new equity market structure
radical change to market dynamics in awareness of risk amongst customers;
all investment sectors and will require and promoting greater competition In equity markets, MiFID will sweep away
market participants to take fundamental amongst execution venues. The EU has the current concentration rules that
strategic decisions in order to establish deliberately set out to create a framework require trading to be carried out over
an effective operating model in the which will affect the way that business is national exchanges, and will further open
post-MiFID world. Wholesale and retail conducted and change the dynamic of up cross-border trading. In order to
markets will both be significantly affected
and for individual firms the impact will
Figure 1: Investment products covered
be felt in Trading, Research, Fund
Management, Operations, Settlements • Transferable securities
and Compliance. Above all, the • Money market instruments
effectiveness of a firm’s approach to • Units in collective investments
assessing the impact of MiFID and • Options, futures, swaps and any other derivative contracts related to
implementing the required changes will securities, interest rates or yields
have a direct effect on the firm’s future • Options, futures, swaps and any other derivative contracts related to
effectiveness and profitability. commodities that may be settled in cash
• Options, futures, swaps and any other derivative contracts related to
The objective behind commodities that may be settled physically and are traded on a regulated
the regulation market or MTF
• Options, futures, swaps and any other derivative contracts related to climatic
MiFID is a cornerstone of the European
variables, freight rates, emission allowances or inflation rates that may be
Union’s aim to develop a single European
settled in cash
securities market with common standards.
• Financial contracts for difference
MiFID itself is a harmonised set of
Conduct of Business requirements • Derivative instruments for the transfer of Credit risk
Source: PricewaterhouseCoopers
which covers all investment products
The Markets in Financial Instruments Directive: continued
maintain a transparent market for end

Figure 2: Core investment services covered users, MiFID will require those firms that
• Reception and transmission of orders currently match customer orders within
their own organisation, to publish pre-
• Execution of orders on behalf of clients
trade prices and then publish post-trade
• Dealing on own account
data. The firms that currently do this on
• Portfolio management
a systematic basis with staff and systems
• Investment advice that are dedicated to this activity will be
• Underwriting and/or placing of financial instruments known as Systematic Internalisers (SI)
• Operation of Multilateral Trading Facilities and will begin to be treated in a similar
Source: PricewaterhouseCoopers way to Recognised Investment
Exchanges and their on-line counterparts
Multilateral Trading Facilities (MTFs).
Figure 3: Some key requirements of MiFID

Multilateral Trading Facilities
• All customers must be reclassified (MTF) and Systematic
• New customer agreements required Internalisers (SI)
• Determine ‘Best Execution’ for all investment products
These changes mean that execution will
• Some firms required to provide public quotes for order-matching
no longer be centred around national
• Firms to establish a Compliance function and effective compliance exchanges but will gravitate to the most
procedures price efficient execution venues with the
• Firms to establish Risk and Internal Audit functions based on complexity greatest liquidity. As well as the inevitable
of business competition between exchanges and
• Document and assess the quality of ‘Execution Venues’ investment banks, the role of the order
• Obtain customer agreement to Execution policy matching systems (MTFs) will become
• Establish effective Conflicts of Interest procedures more prominent. It is already clear that
• Carry out revised transaction reporting to regulators a number of investment banks will
• Inclusion of derivatives within EU legislation for the first time establish their own MTFs to reduce
costs and increase efficiency for their
• Inclusion of investment advice within EU legislation for the first time
own clients. As a result of the increased
• More stringent outsourcing requirements inside and outside the EU
number of execution venues, price
• Rules established for ‘Multilateral Trading Facilities’
publication is likely to become far more
Source: PricewaterhouseCoopers fragmented. In order to address this,
MiFID itself anticipates that there
7
will be a market-led solution to the The effect of MiFID on Buy The introduction of MiFID will require
consolidation of price reporting. Side firms these firms to either change global
Consequently, there will be increased systems and controls to address
competition amongst data vendors, A key objective of MiFID is to increase European regulation, or else they will
MTFs, exchanges and investment banks awareness of risk and improve need to decouple their global processes
to establish themselves as the accepted transparency in the trading and advice and establish stand-alone systems and
source of centralised price publication process. Consequently, all investment procedures for their European operations.
and trade data. firms dealing with customers will need In addition, there are certain aspects of
to retain more customer documentation the new rules that may be seen as
How to demonstrate Best including revised customer agreements, ‘extraterritorial’, requiring the MiFID rules
Execution enhanced ‘Know Your Customer’ data, to be addressed outside the EU region.
more information on trading costs and In particular, the outsourcing rules will
Another significant issue in trading all post-transaction reporting. Customers mean that EU investment firms that
investment products under MiFID will will be asked to agree to the firm’s outsource any ‘critical or important
be the need to demonstrate ‘Best execution policy and must also be operational functions’ to a service
Execution’. Even in equity markets, advised where a firm is not ‘reasonably provider in a ‘third country’ may only do
the need to consider price, cost, speed, confident’ that its conflict management so if the service provider is regulated in
reliability and likelihood of execution in process will be effective in a specific that country and is subject to prudential
relation to the nature of the order and the instance. In addition, firms will be required regulation. Even then there will need to
nature of the client will prove challenging. to reclassify all their customers and must be a co-operation agreement between
To do so in illiquid or open outcry give those customers the option of the investment firm’s regulator and the
markets will be extremely difficult and changing their classification in specific service provider’s regulator.
this is an area that will require an circumstances. Whilst this is intended to
effective market solution which brings empower customers to a greater extent, Implementing a common
regulators along with it. There is also many firms feel that customers will take standard
a concern that there may not be a a negative view of the additional
consistent approach in the application paperwork and data requests. In order to create a level playing field,
of this requirement for all jurisdictions. much of this Directive will be
Whilst some regulators may take a broad The effect outside the implemented as ‘regulation’, meaning
approach to this issue based on a EU region that national regulators will have very
generic policy issued by the firm, others little opportunity to interpret the EU
may require firms to demonstrate Many of the firms that will be most requirements to fit their local market
adherence on a trade-by-trade basis, affected by these changes are global conditions. Therefore, even in territories
which will prove costly and unwieldy. businesses with 24 hour trading books where many of the MiFID concepts
and worldwide systems and processes. already exist, the local regulator will
The Markets in Financial Instruments Directive: continued
largely have to replace existing rules with

the MiFID rules. The result will be that Figure 4: Timetable for implementation
investment firms in all EU territories will
have to carry out a significant amount of
work across the business to demonstrate April 2004 Level 1
that they meet these new requirements.

February 2006 Draft Level 2
The key stakeholders in the

business
FSA Consultation Papers
3 months
July 2006 Final Level 2

The MiFID requirements are wide-ranging
and will require input from most areas of October 2006 FSA draft changes to COB rules
the organisation. Typically, effective
steering groups within investment firms January 2007 Implementation of CRD
include Heads of Compliance, IT, Trading
and Operations as a minimum, with November 2007 Implementation of MiFID
representation at Board level. As MiFID
projects develop, firms will need to
develop a broader awareness-raising Source: PricewaterhouseCoopers
process to ensure that all business

heads understand the effect that this on 6th February 2006 and are still being An effective approach
Directive may have on their day-to-day ratified by Parliament. Thereafter it is to MiFID
processes. The ultimate objective will be expected that national regulators in EU
to turn MiFID from a detached project Member States will translate the EU Given the resource intensive nature
into an embedded part of the ‘business requirements into national rulebooks of MiFID, there is clearly a ‘first mover’
as usual’ process. during 2006. The scale of the changes advantage, with those firms that identify
required, particularly in relation to key issues for their business at an early
The timetable for systems and in obtaining customer stage likely to emerge as the best placed
implementation documentation and legal agreements, to minimise disruptions and maximise
means that the final implementation date opportunities. Therefore firms should
The known dates at present are that the
does not give investment firms much now be assessing what impact the
original Directive was ratified in April
time to become fully compliant. MiFID requirements will have on their
2004 and the final implementation date
business and on the markets they trade
is still intended to be 31st October 2007.
in, and putting in place an effective
The EU implementation documents (the
implementation plan, prioritising those
‘Level 2’ documents) were published
areas of greatest strategic advantage.
9
Russia’s banking sector: Huge growth
potential for aggressive players
10
by Rick Munn, Evgeniy Kriventsev and Oleg Mosyazh
Rick Munn Evgeniy Kriventsev Oleg Mosyazh
Industry Leader, Financial Services, Senior Manager, Financial Services, Manager, Financial Services Marketing,
Russia Russia Russia
Tel: 7 495 967 6342 Tel: 7 495 967 6373 Tel: 7 495 967 6074
Email: rick.munn@ru.pwc.com Email: evgeniy.kriventsev@ru.pwc.com Email: oleg.mosyazh@ru.pwc.com
11
The Russian economy has been growing

over the last six years by more than 6% Figure 1: Top 10 Russian banks by assets
a year, faster than not only developed
countries, but also most other emerging
markets. Individuals’ income is also Sberbank (state) 78.1
growing, stimulating a boom in consumer Vneshtorgbank (state) 18.6

demand. Undoubtedly, this growth
Gazprombank (state) 13.9
requires a corresponding improvement
in the country’s financial sector. In this Alfa-Bank (private) 8.4
article we review the Russian banking Bank of Moscow (municipal) 7.5

sector, analyse current trends and focus
Uralsib (private) 7.1
on the key factors affecting its
Rosbank (private) 5.7
development.
International Moscow Bank (foreign investment) 5.2
The Russian banking sector MDM-Bank (private) 4.4
Russia has just over 1,200 commercial Promstroybank (private) 4.1
banks. At the end of 2005, total assets 0 10 20 30 40 50 60 70 80

of the banking system exceeded Assets, USD bn
$300 billion, and share capital

Source: Interfax, PricewaterhouseCoopers
approximated $40 billion. The Russian
banking sector is highly consolidated,
with the 100 largest banks accounting The dominant bank is state-owned 60% of all retail deposits and issuing
for over 80% of total assets and 70% Sberbank, founded in 1841 and previously over 40% of all retail loans. The
of capital (see Figure 1). the monopoly retail bank during the dominating presence of Sberbank is
Soviet era. Sberbank is the largest due to a long-standing association with
State banks traditionally hold a strong financial institution in central and eastern the state, historical general public loyalty,
position, owning over half of all assets. Europe, accounting for over 25% of all and over 20,000 branches located not
The largest (by asset volume) privately the assets and capital in Russia’s just in every city of the country, but also
owned Russian bank, Alfa-Bank, is only banking system. Sberbank dominates in many villages where there are simply
the fifth largest in the country. the retail banking market, holding around no other banks.
Russia’s banking sector continued
12
The Central Bank banks only began offering credit cards Russian banking system. While the share
to individual customers in 2005. Overall, of retail deposits as a percentage of total
The Central Bank of the Russian plastic in Russia has limited use: 94% liabilities of Russian banks has remained
Federation is the main regulator of of operations are used for cash relatively stable since the beginning
the banking sector. In addition to its withdrawals, while in European countries of 2003, the share of retail loans as
supervisory and licensing role, the 50% of plastic card operations are to compared to total assets grew almost
Central Bank also sets out the rules and pay for goods and services. three times over the same period from
procedures for making bank transactions, 6.6% to 17.5%. In monetary terms,
the reporting requirements for banks Retail banking boom the growth of retail lending is even more
and rules for making settlements in impressive: from $3.6 billion outstanding
Russia. It is also responsible for many Economic growth, higher real incomes in early 2003 to $40 billion outstanding in
aspects of monetary policy of the and, consequently, more purchasing early 2006. In the third quarter of 2005,
Russian Federation. power are having a positive effect on growth of retail loans outgrew growth of
retail banking in Russia. Close to retail deposits for the first time and this
Growth potential $100 billion worth of retail deposits was trend will most likely continue over the
recorded by the end of 2005 – equal to next couple of years.
Even though the Russian banking sector around one third of total liabilities in the
has seen rapid growth in retail lending,
the retail lending share in GDP in Russia
Figure 2: Retail loans to GDP ratio (%): Russia vs. selected economies
at the beginning of 2006 was only 5% –
far behind that in developed countries
%
(around 50% in Eurozone countries,
80
over 65% in the USA and over 70% in
70.5%
the UK). To further illustrate, the share 70 65.6%
of mortgage lending in GDP in Russia is 60.7%
60 56.9%
53.8%
as low as 1% (55% in the USA and over
50
30% in Eurozone countries). Given the 45.0%
current boom in retail banking, this gap 40

between Russia and developed countries
30
will clearly shorten (see Figure 2).
20 19.5%
12.1%
Another growth area for the banking 10
5.4%
sector is the introduction of new banking
0
products and services. For example, Russia Hungary Poland South Japan Germany Switzerland UK US
Korea
despite the relative popularity of plastic
debit cards, of which there were Source: EIU, ECB, CEIC, CBR
47.2 million by the third quarter of 2005,
13
PricewaterhouseCoopers estimates that Thin capitalisation Eurobond issues were for between
over 1.7 million cars were sold in Russia $150 and $500 million, but several large
in 2005, totalling $22 billion in value. Thin capitalisation of Russian banks is banks, such as Sberbank, Gazprombank
Although in unit terms this was only a key problem, which could slow down and Vneshtorgbank, had a range of bond
a 7% rise on the figures for 2004, the the further development of the banking issues worth over $1 billion.
cost of the cars bought grew by 21%. sector and its growth rate. The Central
One factor for this growth was better Bank requires strong compliance with its Asset securitisation is still relatively
car loans. According to different regulatory requirements, including capital new for Russian banks, and due to
estimates for 2004, 15–20% of car sales adequacy ratios. From time to time this undeveloped related legislation in Russia,
with, total value of $2.7–3.7 billion were imposes certain limitations on the market players have to issue asset-backed
made on credit, while in 2005 the share business of even large Russian financial securities on foreign exchanges. For
of cars sold on credit grew to 25–28% institutions. At the same time, large local example, Bank Soyuz, which in 2005
and reached $5-6 billion. Motor industry investors are often relatively relaxed made the first Russian securitisation
figures and analysts forecast that up about making significant investments in of its car loans for $50 million and Home
to 60% of cars will be sold on credit the banking business since investments Credit & Finance Bank (HCFB), which
in 2008–2009. in natural resources extraction, retail and made the first Russian securitisation of
consumer sector, currently provides them rouble-denominated consumer loans.
Experts estimate that Russian mortgage with higher returns. Foreign investments Both these transactions were placed
lending is more than doubling each year. into the Russian banking are still quite abroad, on the Irish Stock Exchange.
If, at the beginning of 2005, mortgage limited. Therefore, Russian banks are
loans totalled $2 billion, experts believe actively looking for alternative solutions Even though a lot of activity was seen from
that the $20 billion threshold will be to capitalisation problems, including Russian companies in 2005, attracting
broken by 2008. The main factors international placements of subordinated more than $10 billion through public
preventing faster development of this loan participation notes. floatations, so far no Russian bank has
type of lending are relatively high interest made an initial public offering (IPO). Yet
rates at between 9% and 14%, and a International financing many banks have already announced their
high initial own investment requirement plans to float shares in 2006, including the
of at least 20% of the property value. Increased transparency and stability of large Vneshtorgbank and Rosbank.
the Russian banking system has allowed
An explosive growth of retail lending may Russian banks some access to longer and Foreign capital
affect the quality of credit portfolios of less expensive international financing.
the banks. Currently, relatively high-loan With 89 federal regions, 144 million
losses on retail loans are compensated Eurobonds are still the most popular citizens with growing incomes, 13 cities
by high interest rates. Banks generally mechanism among Russian banks for with a population of over 1 million and
obtain above the market margin on attracting funds, bringing tens of billions 168 cities of over 100,000 people,
lending to individuals. of dollars at 7–8% into the Russian Russia is an attractive market for
banking system, in 2005. Generally, foreign players.
Russia’s banking sector continued
14
There are 133 credit organisations of Impexbank for $550 million, announced Consolidation and
with foreign participation in Russia. in February 2006. We are sure to see regional expansion
International credit organisations are several more such deals in the near future.
increasingly interested in the Russian More regulation, tougher competition
banking sector. In 2005, the number One of the most active investors in the and increased capital requirements in
of banks with 100% foreign capital rose Russian banking sector is the European the financial services market have
from 33 to 42. Simultaneously, the share Bank for Reconstruction and steadily cut down the number of banks
of foreign capital in the Russian banking Development (EBRD). It currently has in Russia over several years. In 1996,
sector also grew. If in early 2005 foreign holdings in 23 Russian banks, mainly Russia had 2,538 banks; 1,253 banks
banks’ share was less than 8%, in investing in the share capital of regional held licences for banking operations
January 2006 it was over 11%, banks. Its investment level in 2004–2005 in 2006 (see Figure 3).
according to the Central Bank statistics. was around $500 million per year and
However, banks with foreign participation according to statements by the bank’s Along with foreign banks purchasing
are not among the leaders in Russia at representatives, it will stay around that stakes in Russian banks, Russian banks
the moment. Only three banks with level in 2006. are also active in the mergers and
foreign capital featured in the top 20
Russian banks, by assets, as at
1 November 2005: International Moscow Figure 3: Number of banks in Russia: 1996–2006
Bank, Raiffeisenbank Austria and
Number
Citibank, occupying eighth, eleventh
3000
and fifteenth places, respectively.
2530
2500
Recently, foreign banks have stepped up
acquisitions of stakes in Russian banks. 2029
2000
The most visible recent deals were; 1697
GE Consumer Finance’s acquisition 1500 1476
1349 1311 1319 1329 1329 1299
of Deltabank for $100 million in 2004; 1253
Banca Intesa’s (Italy’s No. 1 bank by 1000

assets) purchase of a controlling stake
(75% minus one share stake) in 500
KMB-Bank for $90 million in 2005;

0
Société Générale’s purchase of 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006
DeltaCredit for $100 million in 2005; Year
Dresdner Bank’s purchase of 33% of
Gazprombank for $800 million in early Source: CBR
2006; and Raiffeisenbank’s acquisition
15
acquisitions (M&A) market. Mainly, these negotiations with the US is foreign

are national banks, which buy regional commercial banks opening branches in
banks to enter local markets. However, Russia. Russia does not want to lift its
there is an opposite trend: several ban on foreign bank branches and is
regional banks that have outgrown ‘sticking to its guns’, arguing that the risk
their initial markets, strive to reach of losing control of monetary flows in the
a nationwide status via organic growth country is too high. At the same time,
and through M&A. there are currently no formal obstacles
for foreign banks to operate in Russia
Transparency through resident subsidiaries.
In late 2005, the international rating Conclusion

agency, Standard & Poors, made a
survey of transparency in 30 of the In the current conditions of an emerging
largest Russian banks, mainly on the economy and growing wealth of citizens,
basis of publicly available information. Russia’s banking sector has a great
The study showed a low level of publicly potential for profitable growth. Retail and
available information, when compared regional expansion, higher capitalisation,
with similar foreign credit institutions. new banking products and services,
The average level of disclosure by more transparency and implementation
Russian banks in the study was only of new technologies are the key success
36% (85% for the largest foreign banks). factors for the financial institutions
To raise the confidence of depositors, looking for dynamic profitable growth in
investors and the public, in general, Russia. Who will win? What are the
Russian banks need to make significant risks? What are the returns? Only the
progress on information disclosure in the future will show. However, as with
next few years. virtually everything in Russia – the
growth potential is huge, but one has to
Russia’s entry to the WTO be aggressive to make a decent return.
By 2006, Russia had reached agreement

with almost all WTO member countries
on its entry to the WTO. As it stands, in
early 2006, Russia is still negotiating with
three countries: the US, Australia and
Columbia. The main point of debate in
The practical application of Pillar 2:
Understanding what supervisors are looking for in
a bank’s capital assessment
16
by Richard Barfield, Chris Matten and Shyam Venkat
Richard Barfield Chris Matten Shyam Venkat
Director, Valuation & Strategy, Partner, Banking and Capital Partner, Advisory, Financial Risk
UK Markets Industry Group, Singapore Management, US
Tel: 44 20 7804 6658 Tel: 65 6236 3878 Tel: 1 646 471 8296
Email: richard.barfield@uk.pwc.com Email: chris.matten@sg.pwc.com Email: shyam.venkat@us.pwc.com
17
The fog enveloping the practical The regulators’ approach matters for What the FSA expects
application of Pillar 2 of the Basel II banks because the supervisor’s role
framework is beginning to clear. Over the is to form a view on an appropriate The key principles underpinning the
last few months, regulators including the Pillar 2 buffer above the Pillar 1 capital FSA’s approach are that supervisory
UK Financial Services Authority (FSA) minimum. For some institutions this is guidance will be kept to a minimum
have been developing their approach likely to be a significant amount of and that the ICAAP should reflect what
to assessing a bank’s process for linking additional capital. The key input to this the firm does for its own purposes (see
its capital to its risk profile. The FSA is assessment will be the bank’s Internal Figure 1 overleaf). These same principles
arguably one of the most advanced in its Capital Adequacy Assessment Process – apply in the CEBS guidance to
thinking on this issue and the FSA’s lead the ICAAP1. In developing its approach supervisors in the European Union (EU).
provides banks with useful insights into to Pillar 2, the UK FSA has expressed As such, the FSA does not make
what other supervisors may expect under certain expectations regarding a economic capital a specific requirement.
Pillar 2. firm’s ICAAP. However, it does insist that the ICAAP
should be a core management tool and
Spare a thought for the regulators. For many institutions, economic capital therefore a firm is likely to come unstuck
Regulators across the world face a range will have a role to play. A survey of more if it treats its ICAAP as purely a
of unenviable challenges in seeking to than 200 banks and other financial regulatory exercise.
interpret and supervise Pillar 2. These services firms from around the world,
include the translation of qualitative risk which was carried out for the recent The onus will be on the institution to
assessments into quantitative capital PricewaterhouseCoopers/Economist convince regulators that it holds
requirements. More broadly, they must Intelligence Unit (EIU) briefing on sufficient capital for the risks that it runs
decide how to strike the right balance economic capital, found that 44% of within the context of its strategy and the
between providing appropriate guidance the participants already use it and a external environment. To decide whether
and being suitably non-prescriptive in further 13% plan to implement it in the they are convinced, regulators will
keeping with what is a principles- rather next year2. The same report noted that undertake desk reviews and site visits
than a rules-based framework. Such 50% of the world’s top 50 banks already and engage in dialogue with
hurdles need to be overcome in order include economic capital disclosures in management. While the numbers will of
to oversee an industry that ranges from their annual reports (this is up from just course be important, the demonstrable
large, international banks to small mutual over 20%, four years ago). rigour of the ICAAP process in its own
societies, stockbrokers and asset right and its integration into the
managers, and whose firms have diverse management of the institution are likely
approaches to managing risk and capital. to be equally of interest to the regulators.
1 This is the acronym adopted by the Committee of European Banking Supervisors (CEBS) to describe this part of Basel II
2 ‘Effective capital management: Economic capital as an industry standard?’ (www.pwc.com/financialservices)
The practical application of Pillar 2: continued
18
Lingering challenges
Figure 1: FSA expectations of a firm’s ICAAP
One challenge for regulators will be
• Clearly described and evidenced ICAAP process to decide how to make valid peer
• Comprehensive coverage of material risks comparisons when risk capital
• Quality of management and track record of delivery frameworks vary so much between
• Business as usual capital particular institutions. The difficulty
– Conservatism in Pillar 1 and Pillar 2 in establishing comparable figures
– Perspective of how it will behave through a cycle means that judgement will inevitably
• ‘Simple and intuitive presentation’ play a major role in benchmarking
capital levels. An analysis of the public
– Clear top-down view
disclosures of economic capital by the
– Clear statement of assumptions
world’s largest 50 banks brings home
– Differences between Basel II and risk capital for Pillar 1 risks
this point as well.
Source: FSA presentations November 2005
Under current conditions capital
adequacy does not appear to be an
issue. PricewaterhouseCoopers analysis
Figure 2: Relative capital levels
of the disclosures from the nine users
Index of economic capital in the top 20 global
250 banks show that at the end of 2004
they held significantly more Tier 1 book
200 capital than economic (risk) capital –
see Figure 2. Three of the nine carried
150 practically double their economic
capital in terms of Tier 1 (a proxy for
100 shareholders’ funds). Their economic
capital was also significantly less than
50 minimum regulatory capital under the
cruder measure of 8% of Basel I risk
0 weighted assets. (For smaller institutions
CSG JPM Chase HVB Citigroup Deutsche Barclays ABN Fortis BoA
the gap may be narrower because they
Minimum regulatory capital (8% of RWA) Tier 1 capital
tend to be less diversified and therefore
Economic capital (indexed to 100)
more risky).
Source: 2004 company accounts, analyst presentations and PwC analysis
Note: The Bank of America comparator figures appear low due to high economic capital at year-end 2004 as a result of
the merger with Fleet First Boston.
19
However, there is no standardised

approach to economic capital Figure 3: Linking the qualitative assessment to capital estimation
calculations. So even though around half
of the world’s largest banks now disclose Adjustment can be less than 100% but cannot fall below Pillar 1
economic capital figures in their annual
reports, the numbers are more useful in
assessing the trends in individual
institutions than in making benchmark
Final ICG =
comparisons. The problem is illustrated Base Capital x X%
by the difficulties in making comparisons
using the longer established Value-at-Risk Base Capital
disclosures. Differing holding periods, Pillar 1 minimum

capital
confidence levels, modelling approaches
and correlation effects all conspire to
mislead the unwary. Depending on the
model and assumptions used, the same Low ML Median Arrow Score MH High
portfolio can give quite different but

equally valid results. This is compounded Source: FSA presentations November 2005
in the case of economic capital as it is

not always clear what this should be Pillar 1. As mathematicians will remember, Industry perspectives
compared with – should required if you examine a curve in magnified
economic capital be compared with detail, it actually appears as a series The FSA and the UK banking industry
available Tier 1 capital? Or shareholders’ of very small steps. It will be interesting have been engaged in dialogue for a while
funds? Or tangible common equity, to see how marked the steps turn out over the right approach to Pillar 2. This
or any other definition of capital? to be in practice. At another extreme, means that both the FSA and the industry
one other non–EU national regulator is should have a good understanding of each
A second major challenge for regulators rumoured to be considering a simple others’ perspectives – even if they do not
will be linking the qualitative measurement flat percentage add-on to Pillar 1 as always agree.
of risks, controls, governance and the way to estimate the capital buffer –
mitigants (which the UK FSA assesses independent of risk assessment. Although Banks hold capital for many reasons
through its Arrow process) to capital simplicity is appealing, how would such and risk capital is just one component.
adequacy assessments. Figure 3 shows an approach allow the regulator to (Figure 4 overleaf shows the key
schematically how the FSA expects this reward firms with superior risk components). The capital management
to operate. If the score is high (that is, management? And how does it provide process in an institution will address all
bad from a firm’s perspective), this will an incentive for firms to make a rigorous of these elements. A bank also needs
be reflected in the size of the buffer over assessment of their own capital needs? to consider, for example, rating agency
20
• a ‘business-as-usual’ view of capital

Figure 4: The business perspective on capital management is much wider calculations and management
than regulation processes (that is, not forced
unnecessarily to fit doomsday
Netcash
£bn regulatory scenarios);
flow
• a sensible allowance for diversification

benefits (these can be between
20-40% of capital for a diversified
institution); and
• consideration of total capital and not

just core equity (there is often a
tendency to focus on Tier 1 capital
whereas other forms of capital are
Risk FSA Rating Reputation Acquisition Contingent Physical Physical
important ingredients in the capital
capital premium agency buffer war chest capital capital capital
premium this year next year structure of sophisticated institutions).
Concerns will also vary from institution
to institution. At a high level, the main
requirements; how much safety buffer it the new Basel accord, Pillar 1 is a industry misgivings over the FSA’s
wishes to hold to protect its reputation; minimum capital requirement. An approach include a reluctance to see:
capital for acquisitions, and so on. important counter-argument from
• a requirement for one-off ad hoc
regulators will be that the models are
The expectations and concerns of exercises prepared largely for the
relatively new – many have not be tested
industry participants regarding Pillar 2 regulator;
through sharp economic changes – and
will of course vary depending on where that a degree of conservatism is needed,
• conservatism for its own sake in
they stand. One could reasonably expect particularly when the comparative
capital estimation (many believe that
banks whose economic capital is lower economic capital results are predicated
the Basel II formulae already include
than Pillar 1 capital to argue strongly that upon correlation assumptions that are
adequate conservatism in the
their regulatory capital under Basel II not easily observable.
calculation of Pillar 1 capital); and
should be less than Pillar 1. This is
because most economic capital models At a high level, common industry
• stress tests used to determine
cover many additional risks other than expectations are that the FSA’s
additive capital estimates (the view
the three covered by Pillar 1: market, assessment of an ICAAP should
being that stress tests test the
credit and operational. However, under incorporate:
resilience of capital).
21
The main underlying concern, however,

is that the banks are unsure how they Figure 5: Risk and capital approaches
will meet the FSA’s requirements when
these have not been fully spelt out. Risk type Capital model Controls/mitigants Stress tests
management action
Unfortunately, they are unlikely to be
spelt out – as Pillar 2 is principles-based,
Market ✔✔✔ ✔ ✔
detailed guidance cannot be expected.
Desire on management’s part for detailed
Credit ✔✔✔ ✔✔ ✔
rules is unlikely to be satisfied.
Operational ✔✔ ✔✔ ✔
One non–EU supervisor used a ‘Dear
CEO’ letter last year to suggest to its
Business ✔✔ ✔ ✔✔
major banks that they should adopt
economic capital and described in some
Reputation – ✔✔✔ ✔
detail how it should be applied.
Understandably there was strong Liquidity ✔ ✔✔ ✔✔
industry push-back. In their view, the
regulator had strayed too far into internal Interest rate risk ✔✔✔ ✔ ✔
management matters. Within the United
States, regulatory agencies such as the
Federal Reserve have led the way in Source: PricewaterhouseCoopers
suggesting the adoption of economic

capital programmes to constituent banks. appropriate and adequate? Figure 5 particular area that will be of increasing
However, such encouragement has illustrates how a range of approaches is importance is stress testing, given the
stopped short of prescriptive guidance. essential. Are risk and capital sufficiently judgements that are necessary to
inter-linked? One of the bigger challenges estimate risk capital figures. The design
Our advice to clients is to adopt a facing firms that have traditionally used and application of effective stress tests
principles-based approach themselves a regulatory capital model to underpin to demonstrate the resilience of capital in
and focus on addressing the following internal capital management is the switch adverse circumstances will be essential
practical issues. Are all material risks to determining their own internally derived to inform the intuitive top-down
covered? Is there clear ownership of risks? risk capital levels, rather than reading off assessment that most regulators will
Is it clear which risks are best addressed Basel I formulae. be seeking to apply.
through capital (e.g. interest rate risk in
the banking book) or through controls and Once the risk capital framework has
mitigation (for most banks this would been validated there is plenty of detail
include reputational risk)? Are controls with lots of devils lurking therein. One
22
Onus on firms
Figure 6: Risk-based capital management – key stages through the process
The move from a formulaic capital
calculation to risk- and principles-based
prudential regulation marks a sea change Design Build Integrate Validate
for banks. Pillar 2 of Basel II puts the
burden of proof firmly on firms themselves • Business case • Risk appetite • Embed in • Business case
to convince the regulator that they hold • Selection of • Technical guidance management • Selection of
approach, processes approach,
sufficient capital. A key part of the methodologies
• Model selection
– Strategic planning methodologies
‘evidence’ will come from demonstrating and models • Process design and budgeting and models
• Policy and – Strategy – Performance • Policy and
the thoroughness of the process and budgeting
framework measurement framework
ensuring that capital calculations are development performance development
reporting – Data quality
seen through the eyes of management, • Management – Pricing • Management
awareness – Risk adjusted awareness
and reflect its thinking. • High level
performance – Portfolio
• High level
measures management
programme programme
plan/roadmap – Compensation – Compensation plan/roadmap
Clearly this is a challenge, even in some
– External – External
larger institutions that have been slow to communication communications
plan • Internal
embark on economic capital initiatives.
• Prototype economic communication
However, it also provides an opportunity capital model and change
management
to integrate regulatory compliance into a • IT and data
architecture • Benefits realisation
broader and more sophisticated risk-based
• Capital planning
capital framework, capable of supporting • Integration plan
enhanced decision-making and assuring
stakeholders that the institution is robust
Source: PricewaterhouseCoopers RBCM service offer
and properly managed.
In response to the challenge, a global implementation and validation. Figure 6 Our focus, as we are sure yours is, is
team at PricewaterhouseCoopers has describes the principal components of about creating business benefits for our
developed a comprehensive new service our service offering which is supported clients. There is much more to risk-
offering called ‘Risk-based Capital by detailed, practical methodologies. It based capital management than models.
Management’3 to assist clients to link also provides a useful checklist of key
risk and capital. Our approach supports stages to consider in complementing
clients from design through to detailed risk-based capital management.
3 ‘Risk-based capital management’, an overview guide published by PricewaterhouseCoopers. To download a copy please visit www.pwc.com/banking
23
Securitisation – an exotic option
or a necessity?
24
by Peter Jeffrey, Frank Serravalli, David Lukach and Michael Codling
Peter Jeffrey Frank Serravalli & David Lukach Michael Codling
Head of PricewaterhouseCoopers Co-Heads of PricewaterhouseCoopers US Banking Leader, Australia & Head of
European Securitisation Group Securitisation Group PricewaterhouseCoopers Australian
Securitisation Group
Tel: 44 20 7212 5214 1 646 471 2669 – frank.serravalli@us.pwc.com Tel: 61 8266 3034
Email: peter.c.jeffrey@uk.pwc.com 1 646 471 3150 – david.m.lukach@us.pwc.com Email: michael.codling@au.pwc.com
25
An expanding market there are also good reasons as to why In other parts of the world, Australia has
this trend is set to continue, and they a mature mortgage securitisation market
Mention ‘securitisation’ and one will be addressed later in this article. and is just beginning to develop other
often thinks of on-off balance sheet, asset classes. Japan has a domestic
manipulation, Enron and Parmalat; others Securitisation techniques were developed market, and some other Asian countries
think of smart investment bankers, in the US in the 1980s, and has become a have experimented with securitisation.
obscure language and high fees. mature and significant sector of the capital We have recently seen the first deals in
markets. In Europe, a few securitisation Russia and the Middle East.
It is undoubtedly true that securitisation transactions were undertaken in the
is complex, but equally true that it is 1980s, but it was not until the late 1990s Many types of receivables and assets,
an increasingly important tool for many that the market exploded. As can be that will generate future receivables,
companies, both within and outside the seen from Figure 1 below, it has been have been securitised. Some of these
financial services sector. We believe growing ever since at an increasing rate. are listed in Figure 2.
Figure 1: European securitisation insurance
€ Billions
150
120
90
60
30
0
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2001 2002 2003 2004 2005
Source: Dealogic, Thornson Financial, J.P. Morgan Securities Inc., Structured Finance International-Compiled by European securitisation Forum
Securitisation – an exotic option or a necessity? continued
26
So how does securitisation

Figure 2: Securitisation issuance by asset type
work?
Retail mortgages Champagne and whiskey stocks
A company (the originator) wanting
Credit cards Pop artists back catalogue to securitise will transfer current or
future receivables to a Special-Purpose
Auto loans Ferry and road tolls Entity (SPE). This transfer needs to be
what is known as a ‘sale/true sale,’
Commercial mortgages Account receivable meaning that in the event of the
originators’ bankruptcy, the assets
Insurance premiums Tax receipts will remain the property of the SPE
and will not be available to the
Non-performing loans Corporate loans
originators’ creditors.
The SPE pays for the assets by raising
funds through the issuance of securities
in the marketplace, either public or
Figure 3: How can you use securitisation to access the capital markets?
private. Conduits are a popular vehicle
utilised to fund short-term assets.
Credit enhancement The sponsoring bank may consolidate
• Subordinated loan
• Insurance a conduit. It is a particularly useful
• Guarantee structure for smaller transactions and
Sell
receivables shorter-term assets.
Originator SPV
Before arranging this funding, the SPE
Cash plus should consider currency and interest-
deferred
consideration rate hedges, as well as credit
Interest enhancement for the assets.
rate swap
Funders
• Public or private bond issue
Credit enhancement means that in the
• Bank conduit event of losses, often three or four times
• Bilateral bank loan
expected losses, the originator or a third
party (e.g. an insurance company) will
absorb the losses.
27
Credit enhancement can take many

forms, including a subordinated loan Case study:
from the originator, credit insurance and
cash reserve funds (being cash built A Scandinavian privately owned company manages a number of retail outlets
up of cash in the SPE). This credit and has its own in-house store card. It is unrated, because its owners do not
enhancement allows the SPE to be want to submit to the intrusive rating process. Traditionally, it has funded itself
highly rated, thus enabling it to raise through bank loans. The rate on these were good, because of the company’s
funds at highly competitive rates. track record and reputation. The company was told that in anticipation of
Basel II its funding cost would rise up to 100bp. The company developed
Any excess income in the SPE, after a securitisation programme for its store card receivables and obtained funding
paying the funding costs, hedging costs around 30bp above its historic level, thus saving 70bp.
and other expenses, is usually passed
back to the originator as deferred
consideration. Usually, the originator will The net result of the structuring is that In addition to being an effective funding
continue to service and administer the the originator has raised funding whilst technique, securitisation may provide
receivables on behalf of the SPE. It is maintaining the right to the profit on other benefits. It may be used as a risk
thus more attractive than an outright sale the receivables. mitigation tool, for catastrophic risk.
of the receivables, because it provides The originator bears the cost or pays
funding, and a limited amount of So why is securitisation for protection in respect of three or four
downside protection (in respect of losses attractive to companies? times expected losses. If losses are
incurred above the credit enhancement), greater than this, the note holders bear
while maintaining all the upside potential It enables a company to raise funding these losses. Thus, for regulated entities,
of the assets. It also maintains the not linked to its credit rating. This it will usually reduce the regulatory
ongoing relationships with customers, enables companies to raise funds from capital requirement they have on the
and usually, they may never know that sources that would not normally consider securitised assets.
their receivables have been securitised. funding such a company. It also does not
utilise existing funding lines or limits. Depending on your accounting
A key to making a securitisation effective programme, which will be discussed
is to ensure that it is ‘tax neutral’ as far as Because of the high credit rating of the later, securitisation may result in earnings
possible both from a direct and indirect SPE, overall funding may be reduced. when assets are securitised.
tax perspective. In some jurisdictions, this This will become particularly important
is relatively easy whilst in others ‘offshore’ as banks adopt Basel II and will have
SPEs are required. Tax opinions will be higher capital changes for lending to
produced to show there is no significant unrated and lower rated companies.
tax cost as a result of the securitisation.
28
Those who combine this with good and

Case study: Case study: clear financial and disclosure risks on
the securitisations have nothing to fear.
A US mortgage company generates A Caribbean company with a major
value from originating mortgages export business wants to raise In any event, in practice ‘off-balance’
through its ‘state-of-the-art’ IT funding for expansion. This funding sheet accounting is getting more difficult.
systems and extensive broker cannot be sourced from the limited US GAAP is relatively friendly to
network. The company has little domestic markets, and international securitisations with its qualifying special
interest in holding or servicing funders are reluctant to lend in the purpose entity (QSPE) regime, but in
mortgages long-term. By securitising region. The company sets up the recent years the FASB has tightened
its mortgages and passing the SPE in Delaware and sells its export the rules for qualifying as a QSPE and
servicing to a specialist mortgage receivables to the SPE. The SPE new rules likely will be stricter.
servicing company, the mortgage then arranges funding from a US
company can realise funds to finance and EURO Medium-Term Note Under IFRS, most traditional
new loans and at the same time, (MTN) programme. This is possible securitisations fail to achieve off-balance
under US GAAP, generate a gain because the funds from the sheet treatment (although there is some
on sale, thus realising the inherent receivables are kept offshore, while possibility of partial derecognition)
value of the origination process. the MTNs are outstanding. consequently, the securitised assets
remain on the balance sheet with the
A frequent comment from first-time Many people associate securitisations originator bringing on to its balance
issuers is that the process enables them with off-balance sheet accounting and sheet the funding obtained. Since no
to understand their receivables better some of the recent scandals mentioned sale has taken place, no upfront income
and enhance their origination and earlier. Undertaking a securitisation recognition is allowed.
processing systems giving them a further purely to ‘massage’ the balance sheet
competitive advantage. is never a good reason for undertaking Currently, there is an intention to
such a transaction. Equity and credit converge US GAAP and IFRS, which in
For companies in developing countries, analysts are increasingly penalising the case of securitisations will not be
where traditionally international lenders companies where it is not clear why easy. The securitisation industry world-
have been unwilling to lend due to the securitisations have been executed. wide is currently working to develop
political and country risk, securitisation can an accounting approach that will best
be particularly beneficial. By having the On the other hand, the same analysts give account for the complex economics
SPE outside the originators country and in significant credit to companies which use of a securitisation. This is an initiative
an established financial centre, much of the securitisations in a strategic manner and of the European, Australian and US
political and country risks can be removed. can articulate the reasons for doing so. securitisation forums, which have to
29
date, undertaken a worldwide survey • Is there anything that will make

of the accounting needs of securitisation Case study a securitisation impossible?
and how current accounting regimes
meet these needs. The results of this An Australian bank needs to reduce Only after these key questions have been
survey have been discussed with IASB, its regulatory capital requirement as answered should you proceed to commit
FASB and other regulators. We would a result of an acquisition. It has a to investment bankers and lawyers to
encourage all securitisers to get involved big credit card portfolio and wants develop a detailed plan and structure.
with this initiative and to provide their to explore if securitisation of its
ideas for the future. The authors would credit cards will solve the problem. Conclusion
be pleased to receive your comments. PricewaterhouseCoopers has been
appointed to undertake a feasibility Undertaking a securitisation is a complex
Accounting has, however, become less study. This study takes four weeks business decision requiring many
important in many parts of the world and concludes that a credit card functional areas of a company and
(outside the US) as regulators have securitisation is feasible, but that a number of external professionals.
developed their own rules for determining certain systems enhancements It can be achieved with good project
regulatory capital requirements, and this are required. These system management. While securitisation
is also the approach Basel II takes. enhancements have been started. professionals have a unique language,
together with detailed planning. the fundamentals can be made simplified.
So what do you need to do to PricewaterhouseCoopers has been
appointed Project Manager. Securitisation is a technique that will
undertake a securitisation?
To speed up the process, an initial become relevant and helpful to more and
The first step is to undertake a feasibility securitisation is undertaken, using more companies. It can be complex to
study, which would include asking the a US bank conduit with plans for undertake, but with careful planning and
following questions: a public bond land issuance as a project management, is achievable for
second step. most companies. In the future, we
• What strategic imperative does foresee it being a necessary funding
it solve? technique for many companies rather
• Do we have systems that can than an exotic option.
• Do the likely economics make sense? segregate and manage the receivables?
It is for this reason that at
• Do we have suitable receivables; • Are there any other issues or PricewaterhouseCoopers we have
– that can be legally transferred? advantages to be gained? developed a global securitisation
– that have a verifiable track record? practice, which helps clients make
• Will there be investor demand? complex business decisions in
30
undertaking a securitisation as easy as

possible. Our practice with major centres
in the US, Europe and Australia, and we
work with both the largest securitisors in
the world, as well as those undertaking
their first securitisations. Our global
practice takes the best experience
and knowledge from around the world
and helps clients develop a securitisation
process to enhance their businesses.
The authors of this article are significant
members of the various securitisation
trade bodies, that continue to influence
major market developments.
The global practice has written ‘A Guide

to Global Securitisation Transactions’ and
‘The Practioners Guide to Securitisation’
(on behalf of City and Financial), which
while written from a UK perspective, will
be of value to all first-time securitisors.
31
Confident in compliance?
32
by Martin Hislop, Jan Willem Kaptein and Alex Shapland
Martin Hislop Jan Willem Kaptein Alex Shapland
Senior Manager, Risk Assurance Manager, FS Regulatory Director, Financial Services
Services, UK Compliance, The Netherlands Regulatory Practice, UK
Tel: 44 20 7804 1126 Tel: 31 10 407 6392 Tel: 44 20 7213 8618
Email: martin.hislop@uk.pwc.com Email: jan.willem.kaptein@nl.pwc.com Email: alex.shapland@uk.pwc.com
33
Recent changes in laws and regulations, Many organisations that have identified Benefits of an enhanced
together with scrutiny of key supervisors limitations in their current compliance reporting framework
in the US and EU are driving an increased monitoring and reporting capabilities are
focus on the compliance function. now seeking to improve their compliance Effective management information
Boards and CEOs seeking to discharge intelligence through new or enhanced enhances the governance structure
their accountabilities1 increasingly place reporting processes. This article explores by increasing the ability of key recipients
compliance on their agendas. But what what it takes to establish a leading edge to execute their duties by informing,
does it take for the organisation to compliance reporting framework that facilitating discussion across layers of
respond to such scrutiny with confidence? better informs the Board, challenges the management and supporting decision
compliance network and more effectively making. In addition, accountabilities can
This responsibility falls primarily on the engages the business on matters be more effectively allocated and issues
Head of Compliance, for whom a key of compliance. can be more formally addressed.
obligation is to provide information
regarding compliance of the business A good compliance management
with relevant laws and regulations – How confident is management in
information (MI) framework benefits
a complex, and often arduous, task understanding the:
preparers (e.g. opportunity to highlight
when the business spans several obstacles and seek support in resolving
• Impact of compliance on the
territories and regulatory jurisdictions. these, report achievements) and
organisations reputation;
In turn, Heads of Compliance are recipients (e.g. better informed decision
seeking more assurance and a higher making, confidence in understanding
• Relationships held with
level of confidence about: the business).
key regulators;
• How effective business processes If risk based, rather than being driven
• Effectiveness of compliance
are at managing compliance risks; wholly off of detailed regulatory
systems and controls; and
requirements, the compliance framework
• The performance of the can be applied effectively across many
• Direct costs arising from
compliance function; regulatory jurisdictions, while the focus of
compliance-related incidents?
information generated is better aligned
• The escalation and communication
with risk-based ambitions of the business.
of compliance matters.
1 Compliance and the compliance function in banks (p. 9), Basel Committee on Banking Supervision, April 2005. (http://www.bis.org/publ/bcbs113.pdf)
Confident in compliance? continued
34
Defining the objectives of • Current profile of compliance risk Content of management

compliance reporting across the organisation; information
The principal purpose of compliance • Organisation’s reputation; In order to provide recipients with
reporting is to allow senior management information and increased confidence
• Quality of relationships held with
to exercise their duties in overseeing that compliance risks are being identified
key regulators;
and challenging the management of and properly managed, reports should
compliance risks. Ideally, the same present a picture that encapsulates
• Effectiveness of compliance systems
reporting structure will also support what has occurred to date, but in the
and controls; and
discussion and informed decision context of what might follow in the
making needs at other levels of the • Costs incurred as a result of future. There are three key elements to
organisation (see Figure 1). compliance related incidents. consider (see Figure 2):
Ultimately, compliance reporting should The ability to effectively assess these Historical incidents – taking ownership
provide senior management with a regular matters relies on the way in which an of and responding to incidents that
and reliable view on responses to issues organisation identifies, validates and crystallise is an aspect reasonably well
and incidents arising, and how these reports on compliance matters that are addressed in most organisations. A view
impact the: ultimately regarded as significant at of past track record is essential to
group (or regional) level. maintain support for remediation efforts
and to respond to lessons learned.
Figure 1: Objectives of compliance reporting Emerging issues – it is essential to

know when new matters arise that
impact the compliance environment,
Maintain oversight and how these are being responded to.
Profile of and challenge Performance of
compliance risks compliance This principally relies on the business
Compliance of Demonstrate
advisory/support role of compliance,
the business 1. 2. achievements to understand what is happening within
Support discharging To enable objective
of oversight discussion between the business, and the outside world.
Management responsibility layers of management Clarity of
regulator accountability
Emerging issues may include changes
relationships in the business (e.g. new products,
M&A, new territories / markets) and
Impact on Level of Decision Learning and Transparency
reputation compliance- support development
developments in the market (e.g.
related losses supervisory hot topics, peer organisation
investigations; announcement of new
Source: PricewaterhouseCoopers regulations/directives).
35
• Operational level agreements / internal

Figure 2: Components of compliance information
contracts: identifying how compliance
has worked with or delivered to the
business against operational targets.
ts Wh Em Data sources
en diate at
e w
tr d
er are e
i
m
What we m inc
gin xpos
e
e
The key data sources that support

g is
al
us
Historic
the enhanced compliance reporting

sues
envisioned in this article are explored

MI
e d to
below. Some are not traditionally owned

or maintained by compliance, which
Sy presents challenges such as negotiating
ste ols
Ho ms and co ed
ntr access and ensuring quality and
ww c
ell we are pla suitability of data.
However sourced, owned or maintained,

information gathered should be
auditable, and therefore is dependent on
adequate records being kept (whether
Systems and controls – to complete internal and external audit issues related
manual, or supported by an IT solution).
the picture, and understand how well to compliance matters, status of training
the business is placed to respond provided to the business and the nature
Compliance managed
to the emerging issues, a view of the and status of requests from regulators.
data sources
compliance control environment is
necessary. A profile of residual The other important aspect of effective
On the basis that compliance typically
compliance risk (from the risk compliance reporting is measuring the
carries out three broad roles, it would be
assessment conducted by compliance performance of the compliance function.
expected that there is relevant data that
or risk management) is invaluable, The management style of the compliance
can be accessed from the records kept
especially if reinforced with results of function will determine what is relevant
within compliance, providing the core
compliance monitoring (including to report in the way of performance. The
for reporting:
monitoring conducted by the business, principal angles to address here include:
compliance, internal audit and the • Compliance risk assessment: May be
regulator as appropriate). Other matters • Annual plan and objectives: assessing
conducted by the risk function but will
that should be incorporated into the the degree to which financials,
be key in providing the overall profile
ongoing assessment of the control compliance training plans, compliance
of compliance risk, e.g. by business
environment include: the high risk projects are performing against target;
36
segment and by category of risk. Identifying and targeting compliance risk: However, an element of value added
This orientates users of the MI report • In-house legal: summary of litigation editing and formatting will be required to
with the overall context against which cases underway/resolved (responding translate the core data into information
specifics are reported; to compliance incidents); tailored and fit for purpose. This is
particularly relevant when devising the
• Compliance monitoring: May be • Operational risk: summary of direct form and content suitable for high profile
conducted in part by Internal Audit, losses incurred (as a result of reports, such as to regional committees or
or the business, but the coverage compliance incidents); the group board of global organisations.
and results will highlight exceptions.
Some exceptions may be of sufficient • Business: Overview of customer Developing the compliance
impact, or drive themes of weakness, complaints in the context of business reporting framework
to report; and volumes; results of peer-to-peer
control reviews (of a compliance A number of key factors will determine
• Business advice and support: The nature); and the overarching design of the reporting
day-to-day value added role of framework (see Figure 3):
compliance gives exposure to the • External data sources such as
changing business environment. As regulators, new/data search Recipients of information: The various
such, an overview of areas such as organisations and legal and advisory stakeholders in the compliance
significant business changes, results firms: provide useful summaries of information chain who are to receive
of regulator visits and outcomes of changing regulatory environment, information (Board, Sub-Committee,
business monitoring, can be obtained. such as emerging regulation and Head of Group Compliance, Regional
directives, current regulatory hot Heads of Compliance) will drive the
Data sources typically topics and press announcement number of reports to be prepared.
maintained outside of affecting peer organisations. The purpose of these reports will drive
compliance the information that should be included,
Corroboration: in terms of content, or level of
Accessing data from sources external • Internal audit: summary of high-risk consolidation.
to compliance will improve the overall audit issues (of compliance nature);
context of the messages that can be Aggregation levels: Fitting the reporting
reported. This can be achieved in two • Operational risk: results of risk/self framework to the organisational structure
ways: targeting specific compliance risk assessments (where compliance will drive out the number of aggregation
areas (e.g. in terms of Key Risk Indicators) aspects can be segregated). levels required (country level to regional;
or to provide a completeness check, or regional to group).
corroboration, from a source Creating information from data – Once
‘independent’ of compliance. Examples new reporting processes are established, Touch points with the business: Ideally,
of available data are likely to include: accessing data becomes routine. the aggregation levels will align to the
key touch points that compliance has
37
Practical Challenges
Figure 3: Overview, management information framework
Information flows and Aggregation process In our experience, the key practical
key recipients
Executive challenges to be addressed include:
Board
Compliance Information
Stakeholder management:
Committee
Stakeholders reside at several levels of
the organisation, in different business
Head of Group units and various geographies driving
Touch points with the business
Compliance
different interests.
Obtaining an organisational view:

Control and validation points
MI
Coordinator/
resource Group > Aggregation is aimed at providing Agreeing a standard for reporting
information required to exercise compliance in a global organisation
oversight of compliance risks,
BU/Regional
or relevant to support strategic is problematic as there are varying
decision-making
Compliance regulatory regimes (e.g. principle vs
Head Regional > Aggregation focuses on
information of high-level impact rules based).
on a country basis, which is
thus relevant at a regional level
Country Country Constraints in data collection: Several
Data difficulties will be faced initially, such as
sensitivity of data obtained from other
parts of the organisation, limitations
with the business (local management, this matter, however, it is crucial that in the format or structure of existing
business unit/divisional committees), whatever approach is taken enables data, frequency of data updates and
allowing information to be consolidated those who work with it to pull meaningful confidence in the quality and integrity
to support these key business data in an efficient manner, while of data.
communications. maintaining a suitable audit trail.
Determining what matters to report:
Manual or automated: The degree of Supporting resources: Determining how Recipients of MI will generally be senior
automation sought in collating of data and many resources are required to support management, while providers of
formatting aggregated information will the reporting process (e.g. preparation information will be at the operational
drive the speed of reporting and amount of meaningful summaries from raw data, level. The resulting conflicts in what
of effort required to maintain the reporting editing of reports to top level is considered ‘important’ must be
process. The degree of automation and management) and where they should overcome to ensure information reported
available data warehousing depends on reside (centrally vs distributed) will is relevant and informative, as well
the way the reporting process is run. shape where ownership sits and how retaining efficiency.
There is no ‘one size fits all’ solution to the information flows reside.
38
Validation and clarification: An amount • What level of confidence over

of effort is required to ensure that data business compliance is gained?
collected is robust. Here, keeping the
process efficient and finding sources • Are business management adequately
to validate are the challenge. challenging the awareness of and
support on they get from the
Presentation of information: Key compliance network?
reports may be visible not only to senior
management, including independent • How well do business management
directors, but they may also be made understand evolving compliance
available to supervisors. Consequently, priorities?
presentation should be reconsidered
carefully. Encouragingly, addressing the • How satisfied are they that they
practical challenges outlined above has understand and are thus able to
usually presented an opportunity to respond to such priorities, over time,
develop or improve the relationship as they evolve?
between compliance and the business.
So what next?
Your organisation may be one of those
already engaged in creating an enhanced
risk-based compliance reporting
framework. If it is not, senior
management would do well to consider
the following questions:
• What compliance information is

currently generated for the Head
of Compliance?
• Is that information adequately

addressing historical and emerging
issues, in a high-risk based manner?
• How much of this is actually digested

and used?
39
40
by Mark Vos, Jan Schreuder and Philip Riley
Mark Vos Jan Schreuder Philip Riley
Director, Business Assurance, Partner, Business Assurance, Executive, Investigations and
Australia Australia Forensic Services, Australia
Tel: 61 8266 7739 Tel: 61 8266 1059 Tel: 61 8266 3158
Email: mark.vos@pwc.au.com Email: jan.schreuder@pwc.au.com Email: philip.riley@pwc.au.com
41
Evolving threat information technology, particularly the identity information used to identify
Internet, has simply widened the range an individual includes driver’s licence
Reputation damage can be fatal to an of opportunities for the identity thief. details, mother’s maiden name, date of
organisation. Last year, a company in birth and home address. Also frequently
the United States had to close its doors, The number of reported identity theft used as identifiers are telephone bills
due to the reputation fallout from a single incidents has been increasing rapidly and utility bills.
identity theft incident. Once it was over the past few years (see Figure 1).
reported that a number of identities were Banks are no longer the prime target – This information is widely collected and
stolen from the organisation, few were cyber criminals are attacking an ever- stored by organisations, and in turn often
prepared to do business with it as it could broader range of institutions. targeted in identity theft crimes.
not be trusted to secure customer data.
If your organisation processes and/or Nola Watson, head of Corporate Risk
The manipulation, misuse or outright stores customer or personnel data, Services at Insurance Australia Group,
theft of identity has long been part of the the chances are that you too are already says: ‘There is intrinsic value associated
repertoire of criminals. The advent of a target for identity theft. Common with identity information, whether it
relates to customers or personnel.
Each organisation should be aware of
Figure 1: Number of reported identity theft incidents in the USA the identity information they store and
the value associated with it, and ensure
Number of incidents that there are adequate controls
260,000 protecting it.’
250,000
Cyber criminals use a combination
240,000
of orthodox methods (such as bribing
230,000
a call centre staff member to physically
220,000
obtain information) and electronic tools
210,000
(such as keystroke loggers) to access,
200,000 manipulate and exploit identity
190,000 information. These range from planting
2003 2004 2005
individuals as staff in organisations,
Year
to launching attacks from the other
Source: USA Federal Trade Commission – 2006 side of the world via the Internet.
Does identity theft affect your organisation? continued
42
A compounding factor in the risk customer data using orthodox criminal

equation is that the range of data In the PricewaterhouseCoopers techniques. However, these groups
stolen and the risk of exposing customer (PwC) Global Economic Crime are becoming more sophisticated by
information increases as functionality Survey 2005, 54% of companies attacking electronic information without
and product ranges are added to surveyed revealed that they had having to be in the physical presence
systems to take an organisation closer suffered from economic crimes of the information.
to its customer base. Examples of this involving false pretences and
are banks providing Internet banking money laundering, both crimes in As organisations strive to aggregate
services or airlines allowing customers which the manipulation of identity customer data to provide onselling
to see their booked flights or their plays a key part. opportunities, this makes it easier for
frequent flyer points online. cyber criminals to steal it electronically.
It is interesting to note that only Once stolen, the data is then being
Against this background, organisations 22% of companies reported that sold in underground networks so others
are asking: how much of an issue is they perceived false pretences and can assume the identity of the victim.
identity theft? What is the best response? money laundering were prevalent The data may also be employed in a
And how will it impact their business? in their business. This highlights a new range of crimes across the globe,
significant gap between the actual often without the immediate knowledge
How much of an issue is incidence and damage of identity of the victim as the information is stolen
identity theft? theft and the actions that many electronically without detection. The
companies are taking. impact of these new crimes will be
Estimates of cost attributable to identity Findings from: compounded by their novelty and the
theft vary around the world, but there Global Economic Crime Survey 2005, increasing difficulty in mitigating them.
is no doubt that it is a serious and PricewaterhouseCoopers and Martin
Luther University, Halle, Germany, 2005.
growing concern.
Many experts are concerned about
In 2003, the United States (US) Federal the ‘deferred loss of identity theft’,
Trade Commission found that 215,000 customer files. At the other end of the wherein thieves sit on stolen
reports of identity theft and fraud had spectrum, it may involve cyber criminals identities for months or years until
cost Americans at least US$437 million. using the Internet to gather or misuse victims believe the danger has
By 2005 the number of reports had risen identity information. This is a source passed. It’s hard to put figures
to 255,000, representing approximately of greater risk due to the capacity on potential outcomes like that.
40% of all complaints filed with that of criminals to steal vast quantities of Findings from:
agency in 2005. data without geographical boundaries. The State of Information Security 2005,
A worldwide study by CIO magazine and
PricewaterhouseCoopers.
Identity theft occurs by a range of In its current state, identity theft via
means. It might be an employee walking cyber crime is in its early stages, with
out of the office with photocopies of networks of criminals typically exploiting
43
We often read about successful What is the best response? The lack of cooperation among
identity theft attacks on organisations. organisations on identity theft could also
The perception is that such attacks Consistent and cooperative approaches increase the risk of regulators imposing
are focused on banks, but the following to this intricate and escalating problem additional conditions. It is therefore
headlines show that the problem extends will assist in preparing both the appropriate for organisations, industry
far beyond the finance sector. community and organisations for the bodies, governments, law-enforcement
potential dangers. agencies and the community to work
‘Virus-infected computer compromises together in dealing with identity theft.
personal information for about 2,500’ Identity theft threatens all parties This might include:
The Gazette, Feb 2006 involved in Internet or electronic
transactions and carries the potential • Sharing threat research about
‘12,000 notified about names and to cause significant damage to groups identity theft;
Social Security numbers on recovered that hold personal information online.
stolen computer’ In turn, organisations that provide trusted • Industry forums on recommended
Duluth News Tribune, Jan 2006 services on the Internet are dependent standards for dealing with identity theft;
on each other for maintaining customer
‘226,000 notified about personal confidence in this new channel. For • Community working groups that
data on stolen laptop’ example, if a major bank was to fall provide recommended standards
Wired News, Jan 2006 victim to a successful identity theft crime for users;
via Internet banking, this could affect the
‘Personal and financial information of • Development of industry education
entire trust model of Internet banking in
some university donors may be at risk’ and awareness programs; and
the industry, not just for the bank that
The Observer Online, Jan 2006 was victim to the crime, but for any bank
• International cooperation across
providing Internet banking services.
‘Estimated 40 million credit card governments and law-enforcement
numbers possibly compromised’ agencies.
The problem of identity theft is beyond
Security Focus, Oct 2005 the capacity of any one organisation
Internally, there are a number of things
to manage. Moreover, cyber crime tends
organisations can do. As identity theft
‘Personal information for 700 patients to flourish when threats are treated
attacks increase and become more
possibly compromised’ discretely, rather than addressed through
diverse, it is important to directly align
post-gazette.com, Jan 2006 uniform, cross-industry solutions.
the mitigation approaches to their
By working together in the cause of
associated risks.
national and international ‘target-
hardening’, organisations can play Many organisations are developing
an effective role in making the Internet risk-based decision analysis processes
a relatively unprofitable place for to enable them to allocate security
cyber criminals to do business.
Does identity theft affect your organisation? continued
44
resources and prioritise security projects. This process is cyclical, and never stops. To be effective, the security risk analysis
A crucial component of the risk-based From development awareness in an processes have to be integrated with the
decision analysis is an organisation’s organisation in relation to identity theft organisation’s overall risk framework.
risk and value map, which compares crimes, to responding to an incident, This is vital to ensure buy-in from the
the expected annualised costs of it is important to address the risks in business, including senior management.
security events before and after the each phase of the life cycle, and ensure
security investment. that they are understood and either As organisations open up their
accepted or addressed. technology systems to customers
The risk-based decision analysis to improve services, their traditional
must link into an organisation’s risk Some organisations are extending this defences are broken down. The challenge
management life cycle. An example concept further by establishing security is to maintain security while moving away
of the identity theft risk management as a separate profit centre and calculating from traditional perimeter security models
life cycle is shown in Figure 2: a return on security, i.e. the return on the where only employees can access
capital invested in security activities. company data. The key to success
is to establish robust data classification
models, as well as strong identity
Figure 2: Identity theft risk management life cycle
management processes and systems,
as this will allow an organisation to take
different mitigation strategies depending
Awareness
on the value, criticality and sensitivity of
Lessons the information within an organisation,
Learned commensurate with the risks.
Remediate Assess
The one type of technology

Tactical Design Strategic
Investigate
Information Counter- organisations do seem to be
Reactive Assets Proactive
measures investing in is identity management
– not surprising as a reaction to the
Response Implement ID theft epidemic.
Monitor
Findings from:
The State of Information Security 2005,
A worldwide study by CIO magazine and
PricewaterhouseCoopers.
Incident
45
Other practical measures organisations employees, suppliers and other business initial assessment as to whether the risks
can adopt are to: partners, security is as much about should be accepted or mitigated, as they
appropriate inclusion – allowing are the ones who own the information.
• Develop, publish, and implement access to the right people – as it is
a privacy policy; about prevention. When the organisation makes a decision
on how the risks are to be treated,
• Only store essential data; Identity theft requires a whole-of- it should be both the business units
business solution, tailored to the (for business processes-related issues)
• Do not store customer data that particular risks an organisation faces. and the information technology team
is only required temporarily; There is little point having the most (for technology related issues)
sophisticated firewall available if the responsibility to mitigate these risks.
• Ensure call centre customer logs
business faces a greater risk from
do not hold personal data;
someone removing a box of files from
the premises.
• Limit employee access to data;
• Monitor employees who have access What can you do next?

to personal data (within the parameters
If you have not already done so, the first
of privacy and workplace laws);
step is to conduct a risk assessment to
• Immediately report security determine what identity theft risks you
breaches; and face. This will allow you to take a
risk-based approach, ensuring a
• Request only customer information cost-effective, business-focused action
that is required for the transaction. plan that balances the cost of mitigating
the risks against acceptance of risk.
How will it impact It is recommended that you use your
the business? organisation’s existing risk management
framework to perform this assessment,
It is critical to strike the right balance as that will provide the results in the same
between keeping the bad guys out and way as other risks to your organisation.
not impacting the business so much that
your competitive edge suffers. Once risks are determined, it is important
that the business units take ownership of
In an increasingly virtual business these, rather than assigning them to the
environment where Internet-based information technology team. It should
applications are deployed by customers, be up to the business units to make the
Contact details
Editor-in-chief Editor
Chris Lucas Darren Meek

Chairman, Global Banking Partner, Banking & Capital Markets, UK
& Capital Markets Executive Team
Tel: 44 20 7804 9652 Tel: 44 20 7212 3739

Email: christopher.g.lucas@uk.pwc.com Email: darren.l.meek@uk.pwc.com
The Markets in Financial Instruments Directive: European regulation with global impact
Graham O’Connell Matthew Oswald

Director, Financial Services Senior Consultant, Financial Services, UK
Regulatory Practice
Tel: 44 20 7212 3826 Tel: 44 20 7804 4230

Email: graham.r.oconnell@uk.pwc.com Email: matthew.c.oswald@uk.pwc.com
Russia’s banking sector: Huge growth potential for aggressive players
Rick Munn Evgeniy Kriventsev

Industry Leader, Financial Services, Russia Senior Manager, Financial Services, Russia
Tel: 7 495 967 6342 Tel: 7 495 967 6373

Email: rick.munn@ru.pwc.com Email: evgeniy.kriventsev@ru.pwc.com
Oleg Mosyazh
Manager, Financial Services Marketing, Russia
Tel: 7 495 967 6074

Email: oleg.mosyazh@ru.pwc.com
The practical application of Pillar 2
Richard Barfield Chris Matten

Director, Valuation & Strategy, UK Partner, Banking and Capital Markets
Industry Group, Singapore
Tel: 44 20 7804 6658 Tel: 65 6236 3878

Email: richard.barfield@uk.pwc.com Email: chris.matten@sg.pwc.com
Shyam Venkat
Partner, Advisory, Financial Risk
Management, US
Tel: 1 646 471 8296

Email: shyam.venkat@us.pwc.com
Securitisation – an exotic option or a necessity?
Peter Jeffrey Frank Serravalli

Head of PricewaterhouseCoopers Co-Head of PricewaterhouseCoopers
European Securitisation Group US Securitisation Group
Tel: 44 20 7212 5214 Tel: 1 646 471 2669

Email: peter.c.jeffrey@uk.pwc.com Email: frank.serravalli@us.pwc.com
Michael Codling David Lukach
Banking Leader, Australia & Head of Co-Head of PricewaterhouseCoopers
PricewaterhouseCoopers Australian US Securitisation Group
Securitisation Group
Tel: 1 646 471 3150
Tel: 61 8266 3034 Email: david.m.lukach@us.pwc.com
Email: michael.codling@au.pwc.com
Confident in compliance?
Martin Hislop Jan Willem Kaptein

Senior Manager, Risk Assurance Manager, FS Regulatory Compliance,
Services, UK The Netherlands
Tel: 44 20 7804 1126 Tel: 31 10 407 6392

Email: martin.hislop@uk.pwc.com Email: jan.willem.kaptein@nl.pwc.com
Alex Shapland
Director, Financial Services Regulatory
Practice, UK
Tel: 44 207 213 8618

Email: alex.shapland@uk.pwc.com
Contact details continued
Mark Vos Jan Schreuder

Director, Business Assurance, Partner, Business Assurance, Australia
Australia
Tel: 61 8266 7739 Tel: 61 8266 1059

Email: mark.vos@au.pwc.com Email: jan.schreuder@pwc.au.com
Philip Riley
Executive, Investigations and Forensic
Services, Australia
Tel: 61 8266 3158

Email: philip.riley@pwc.au.com
The journal is supported by the Global Banking and Capital Markets Executive Team
Chris Lucas Nigel Vooght

Chairman, Global Banking and
Capital Markets Executive Team, UK
Tel: 44 20 7804 9652 Tel: 44 20 7213 3960

Email: christopher.g.lucas@uk.pwc.com Email: nigel.j.vooght@uk.pwc.com
Richard Collier Rahoul Chowdry
Tel: 44 20 7212 3395 Tel: 61 8266 2741

Email: richard.collier@uk.pwc.com Email: rahoul.chowdry@au.pwc.com
PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services for public and private clients. More than 130,000 people
in 148 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders.
‘PricewaterhouseCoopers’ refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
The banking and capital markets journal is produced to address key issues affecting the banking and capital markets industry. If you would like any of your colleagues
added to the mailing list, or if you do not wish to receive further editions, please write, fax or e-mail: Carly Taylor, PricewaterhouseCoopers, Southwark Towers,
32 London Bridge Street, London SE1 9SY. Fax number: (44) 20 7212 4152 E-mail: carly.taylor@uk.pwc.com
© 2006 PricewaterhouseCoopers LLP. All rights reserved. ‘PricewaterhouseCoopers’ refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United
Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
Designed by studioec4 18018 (06/06)
www.pwc.com

Tackling Key Issues in Banking and Capital Markets

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Tackling Key Issues in Banking and Capital Markets

Enviado por

Direitos autorais:

Formatos disponíveis

INDUSTRY VIEWS

The Markets in Financial Instruments Directive: 4

Russia’s banking sector: Huge growth potential 10

The practical application of Pillar 2: Understanding what 16

The Russian banking sector potentially Effective compliance reporting is

by Graham O’Connell and Matthew Oswald

maintain a transparent market for end

Figure 3: Some key requirements of MiFID

largely have to replace existing rules with

that they meet these new requirements.

The key stakeholders in the

July 2006 Final Level 2

process to ensure that all business

by Rick Munn, Evgeniy Kriventsev and Oleg Mosyazh

The Russian economy has been growing

growing, stimulating a boom in consumer Vneshtorgbank (state) 18.6

article we review the Russian banking Bank of Moscow (municipal) 7.5

Russia has just over 1,200 commercial Promstroybank (private) 4.1

banks. At the end of 2005, total assets 0 10 20 30 40 50 60 70 80

$300 billion, and share capital

current boom in retail banking, this gap 40

Banca Intesa’s (Italy’s No. 1 bank by 1000

KMB-Bank for $90 million in 2005;

acquisitions (M&A) market. Mainly, these negotiations with the US is foreign

In late 2005, the international rating Conclusion

By 2006, Russia had reached agreement

by Richard Barfield, Chris Matten and Shyam Venkat

However, there is no standardised

disclosures. Differing holding periods, Pillar 1 minimum

portfolio can give quite different but

in the case of economic capital as it is

• a ‘business-as-usual’ view of capital

• a sensible allowance for diversification

• consideration of total capital and not

The main underlying concern, however,

suggesting the adoption of economic

by Peter Jeffrey, Frank Serravalli, David Lukach and Michael Codling

Figure 1: European securitisation insurance

So how does securitisation

Credit enhancement can take many

Those who combine this with good and

date, undertaken a worldwide survey • Is there anything that will make

undertaking a securitisation as easy as

The global practice has written ‘A Guide

by Martin Hislop, Jan Willem Kaptein and Alex Shapland

Defining the objectives of • Current profile of compliance risk Content of management

Figure 1: Objectives of compliance reporting Emerging issues – it is essential to

• Operational level agreements / internal

The key data sources that support

the enhanced compliance reporting

envisioned in this article are explored

below. Some are not traditionally owned

However sourced, owned or maintained,

Obtaining an organisational view:

Validation and clarification: An amount • What level of confidence over

• What compliance information is

• Is that information adequately

• How much of this is actually digested

by Mark Vos, Jan Schreuder and Philip Riley

A compounding factor in the risk customer data using orthodox criminal

The one type of technology

• Monitor employees who have access What can you do next?

Chris Lucas Darren Meek

Tel: 44 20 7804 9652 Tel: 44 20 7212 3739