Within ECIIA, the Banking Committee represents the voice of internal auditors from the Banking Sector in Europe and is made of representatives from big European Banks.
The Banking Forum is an event organised for Chief Audit Executives of SSM banks and European Banks, with high-level speakers. It is a unique opportunity to share experiences and common challenges of the internal audit profession in the new banking landscape and to network with European peers and the European regulators and supervisors.
The event took place on 4 November and included plenary sessions, panel discussions, and breakout sessions.
1. Banks/ their business model is subject to substantial change
- Developments in the macroeconomic scene (e.g. Brexit, geopolitical tensions, effects of Covid)
- Technical developments (e.g. digitalisation, availability, and evaluation of data)
- Change in society needs and expectations (e.g. changing needs of customers, demand for ESG compliant products and services, multi-channel banking, new work/ new working models)
- Evolving requirements from supervisory authorities (e.g. extended AML rules and regulations, operational resilience)
Banks need to stay fit for purpose
2. Expectations towards IA – view of Audit Committee
- (Outcome) focused, risk-oriented
- Critical, appropriately challenging
- Both short as well as long term view; dynamic agenda
- Respected and heard
3. Expectations towards IA – view of standards setters, supervisors
Relation IA and Board / Audit Committee
- The quality and frequency of communication between IA and Board/AC are important, the access to the Board/AC must be ensured at all times and reports have to be clear (no reading between the lines)
- IA to support the Board to set up an effective internal control framework and help challenge the Management proposals, particularly to assist the Board for the emerging new risks: digital transformation (IT and impact on business model) and climate change -sustainability; prioritisation of risks
- The independence of IA is a MUST; resources have to be adequate in terms of size and qualification; the EBA guideline on internal governance has the character of a “bible”
- IA to preserve the risk culture (IA as the ‘real line of defense’)
- IA to be agile in the changing environment: change multiyear audit plan to risk-based plan; adapt the staff qualifications, use new methodology, new practices
Collaboration between supervisory and IA
- Regular and open discussions with JST
- IA is a point of contact during the inspection work. IA must prepare banks for the supervision work and identify risks before the inspection visits
- IA is also subject to reviews by the supervisors, every time there is a review, the IA function is also assessed; one key result of the latest OSIs: staff matters – qualitatively as well as quantitatively – the machine cannot replace the work of IA
- Threats: the need to attract and retain the right staff profiles. In-house outsourcing could be a solution but it is important to assess the “internal” candidates.
- Opportunities: the increase of the quality of the audit results with digital technics (AI, data mining.): more efficiency and greater scope.
4. Emerging Risk: Climate risk
- Transversal risk needs to be specific and included in the organisations’ risk appetite framework (either as a standalone risk or integrated with all processes) – if this is not the case, the risk is not reported and cannot be appropriately managed
- The first and second lines need to manage the risk and implement appropriate (new) controls; IA to support the board and include new processes into their audit programs
- ECB will start to review the risk at the end of 2022 with a focus on the awareness of the organisations, their risk framework, potential issues, and implementation plans with regard to climate risk-related topics; IA to review the results and to the challenge data
- Challenges and issues: collection of data (and their quality), assessment of climate risks, greenwashing
- EBA will issue a guideline on this topic in 2022