Banking BriefingQ1 2018

April 2018

kpmg.lu

SREP, a step forward towards the capital market union — status quo in Luxembourg

Mistakes in the workplace — when change management goes wrong

RaQuest — value for banking clients

KYC/AML alert

RegTech for AML — a carrot or stick?

IFRS — time to implement increasing accounting judgment

Table of contents

1

2

3

4

5

6

2

4

6

8

10

12

Banking Briefing 1

SREP, a step forward towards the capital market union — status quo in Luxembourg

Banking Briefing2

Framework SREP

The Supervisory Review and Evaluation Process (SREP) guidelines are addressed to competent authorities and intended to assess banks’ treatment of risks. The process is performed using the Single Supervisory Mechanism (SSM) comprising the ECB and the national supervisory authorities of the participating countries across Europe. In Luxembourg, this process is mainly performed by the CSSF. The SREP methodology gives supervisors a common set of tools to examine a bank’s health along four different dimensions: analysis of the business model, assessment of internal governance and controls, assessment of risks to capital, and the assessment of risks to liquidity. While it is an ongoing process, the findings from all supervisory activities performed on an institution are condensed annually into a formal SREP assessment. The objectives of SREP are the harmonisation of supervision standards among the EU for a resilient banking system and further integration of financial markets.

The status quo in Luxembourg and priorities for 2018

In line with the SREP driven by the ECB, the CSSF has reinforced its supervisory practices, in particular, the supervision of less-significant institutions in Luxembourg. In 2017, additional capital requirements were imposed by the CSSF on 50% of all less-significant institutions (LSI) in Luxembourg. The SREP assessment was conducted by the CSSF via offsite measures and onsite visits. They were based upon an idiosyncratic risk-by-risk assessment, which used the ICLAAP estimates as a starting point, complemented by supervisory benchmarks and peer reviews, long form reports, meetings held with internal control functions and senior management, as well as with external auditors.

The average 2017 total SREP capital requirement was about 9% (compared with 8.3% in 2016). The corresponding average overall capital requirement (including the buffer requirements as of Q2 2017) was approximately 11.6%.

For 2018, the CSSF will put greater emphasis on the supervision of less-significant institutions with specific supervisory priorities in several areas: business models and profitability drivers, intragroup credit risk, and misconduct risk with a focus on AML/CFT. Additionally, they will take into account the ECB’s priorities, adding topics such as NPLs and forborne exposures, improvement of the ICAAP and ILAAP, and Brexit preparations to the list.

Sonia Dribek-Pfleger

Associate Partner – Advisory

T: +352 22 51 51 7246 E: sonia.dribek@kpmg.lu

Impact of SREP on banks in Luxembourg and how these banks can prepare for it

1. In order to prepare for the SREP exercise, banks should establish a single point of contact within their institution for the SREP process to avoid frictions, inefficiencies and inconsistencies across the organisation.

2. They also need to ensure adequate presentation of their business models by providing the required documents with the requested quality and ensuring data drilling on the required level of granularity. A solid storyline around the business model and how it is linked to the risk appetite framework and ICLAAP will help in demonstrating its capability, viability and sustainability. It is key to analyse to what extent a business’s risk management and finance are aligned with the SREP methodology and then to take relevant actions to improve the overall alignment at the organisation level.

3. Furthermore, banks need to review their internal governance framework to ensure that it is in line with their risk appetite framework and business, assess and complete documentation of policies and procedures — defining roles and responsibilities, as well as the monitoring and decision-making process according to different risk categories — and ensure that the adequacy of internal controls reflects nature of business, risk and limit settings. It is imperative for the bank management and employees to have a common understanding of the risk culture and governance of the organisation.

4. Banks are recommended to start with an SREP impact assessment, as well as the review and implementation of the recommendations received in the SREP letters from the CSSF, to understand strengths and identify focus areas and gaps.

5. Ensuring continuous dialogue with the CSSF to understand the SREP scoring is key for the implementation of SREP requirements and anticipation of future impacts on the organisation.

With the first SREP exercise, various questions still need more exploration: first of all, the consideration of the proportionality principles on how the SREP standards can be applied to institutions not focusing on profitability, but on bringing value and high-quality service to the group.Secondly, the peer group benchmark: the business models are as diversified as the number of banks in the Luxembourg financial market. Overall, SREP is an opportunity to strengthen the holistic bank management and increase cross-functional alignment of different departments within an organisation.

Banking Briefing 3

The need for judgment and governance

Implementation of IFRS 9 has confirmed the fact that increasing judgment is being applied in the accounting for financial instruments. This necessitates the need for more robust and thorough governance at the banks, as well as stricter industry-level supervision. Whether it is the selection of the relevant macroeconomic factor(s) for the forward-looking measures or building the default curves to be assigned to banking products subject to impairment, there is a significant amount of judgment involved. The governance process should be designed to ensure that:

— Best practices developed in the banking industry are adopted.

— Personnel responsible for taking care of a task are equipped with technical tools to perform a robust governance function.

— Due diligence is applied regarding the concept of proportionality, if applied to a product or a set of products.

— There is an open and two-way communication with the regulator regarding various significant judgments and documentation developed by the banks.

The disclosures included in 2017 financial statements

Most financial institutions, including banks, tend to do the minimum possible quantitative disclosures for impact assessment of IFRS 9. However, impacts on capital ratios were disclosed by almost all global banks, and most institutions opted for the capital transitional arrangements as allowed by the European Union (EU).

The common theme with banks in Luxembourg is that all banks are opting for the transitional relief available in IFRS 9, so that they don’t have to restate the comparatives and account for the cumulative impact of adopting IFRS 9 in the opening retained earnings as at 1 January 2018.

The business model test for banks

Banks generally prepare robust documentation to support the business model requirements for financial instruments under IFRS 9. In some cases, we noted that peculiarities arise, i.e., a portfolio under ‘hold to collect’ business model is sold, and there are accounting difficulties related to financing arrangements with mandatory disposals, etc. Significant judgment is required to determine the level of ‘significance’ for a business model to change from ‘hold to collect’ to trading portfolio.

IFRS — time to implement increasing accounting judgment

By now, a large number of listed banks, insurers and other financial institutions have published their IFRS 9 pre-transition disclosures in their 2017 financial statements. As expected, we witnessed a variety of formats adopted by financial institutions to present the required disclosures. However, there were some common themes that we identified in our review of these pre-transition disclosures and implementation of IFRS 9 by various engagement teams.

Banking Briefing4

Impact of adopting expected credit loss (ECL) model

The impact of adopting ECL varies by entity, but IFRS 9 generally does not seem to have a significant impact on the majority of global and local banks.

Some banks still seem to be working out the impact of financial guarantees and loan commitments, and the relevant presentation for these items to be included in the first full set of IFRS 9 compliant financial statements.

A number of banks and non-banking financial institutions are still finalising the ECL methodologies, data sources to be used and assumptions for funded and non-funded exposures. A number of EU banks with sovereign debt exposures to EU countries are of the view that the default rate of sovereign exposures should be close to nil. The EU regulators have not yet released any guidelines on this area.

Key audit matter (KAM) in 2017 audit reports

Auditors of a number of large banks have included the pre-transition disclosure of IFRS 9 as a key audit matter in the audit reports, which enhances the visibility of work performed by auditors in relation to the transition to IFRS 9.

Puttable instruments

Accounting treatment for investments in puttable instruments, e.g., mutual funds, seems to be creating confusion among many finance teams. The guidance relating to puttable instruments issued by the International Accounting Standards Board (IASB) has not been considered in many situations. However, some investment funds have peculiarities, e.g., settlement in kind, which opens up the need for judgment.

Hedge accounting

The IFRS 9 hedge accounting model is liked by banks, though macro hedging requirements are yet to be announced by IASB. The new hedge accounting model seems to be considered flexible, as it addresses the risk management objectives of the banks. Banks that focus predominantly on interest rate hedging also like the idea of splitting the so-called ‘cost of hedge’ and recording that in the other comprehensive income (OCI) to manage unnecessary volatility being reflected in the statement of comprehensive income.

Not every bank is ready

Even though the main deadline for the first reporting under IFRS 9, i.e., FINREP, was at the end of March 2018, there are still many institutions that have not done any significant work in IFRS 9 implementation. We have observed situations where banks are still desperately seeking to find out simplified solutions that could act as a proxy until a final solution is implemented. The banks that have developed the ECL models are still looking to refine the data input and model assumptions while enhancing the documentation of the models.

2018 is expected to be an intensive period of stabilisation of related bank processes and solutions, as well as in-depth analysis of IFRS 9 outcomes. Larger financial groups are expected to assess in more detail component impairment levels and challenge local impairment figures. Financial institutions will be occupied not only with IFRS 9, but also with AnaCredit, which seems to put a significant strain on the banks’ finance and risk staff. Hopefully, the systemic benefits of more cautious impairment provisions and more risk strategy-oriented hedge accounting will be visible soon, giving assurance to everyone that the significant IFRS 9 implementation support is worth the effort.

Florence Rouault

Partner – Audit

T: +352 22 51 51 6692 E: florence.rouault@kpmg.lu

Miroslaw Piskorz

Manager – Risk Advisory

T: +352 22 51 51 6158 E: miroslaw.piskorz@kpmg.lu

Bilal Qamar

Senior Manager – Audit

T: +352 22 51 51 6294 E: bilal.qamar@kpmg.lu

Banking Briefing 5

RegTech for AML — a carrot or stick?

Allow us to assist youKPMG has been successfully assisting financial institutions navigate the RegTech space through its in-house or cooperation partners’ RegTech solutions or by performing dedicated market watch and selection processes.

KPMG has also been successfully assisting financial institutions in conducting third-party assessments, and implementing proper safeguards and monitoring plans.

If you require any further information or have queries, please do not hesitate to reach out to us.

Banking Briefing6

Financial institutions must engage with RegTech either to support their regulatory compliance or to reduce costs and produce efficiencies.

KPMG’s Regulatory Advisory service line is at the forefront when it comes to helping our clients navigate through the RegTech AML space and find bespoke solutions, such as Digital Ledger Technology-based tools or Robotic Process Automation and Machine Learning.

For example, our Adverse Media Screening dedicated robot can carry out searches, highlight negative findings and archive the documents in the bank system while sending a notification to the analyst who will have to only review and analyse the highlighted negative findings.

Our RegTech solutions are highly beneficial, helping financial institutions respond to increased regulatory expectations while reducing compliance cost, improving customer onboarding experience, increasing enterprise-wide coordination and making firms’ business strategies more agile.

However, in the context of anti-money laundering requirements, and more precisely current customer due diligence (CDD) requirements, the primary concern of financial institutions might not be only to save cost, but also to ensure they comply with their obligations while using innovative solutions.

What does this mean?

Financial institutions using such innovative solutions for CDD processes, for instance in their customer identification or verification processes or in the monitoring of business relationships and transactions, should have adequate controls in place to address risks of money laundering and terrorist financing, and to measure the impact that such solutions may have on their AML/CTF risk exposure.

Recent publications such as the joint opinion from the European Supervisory Authorities (ESA) in January 2018 or the Sound Practices on the implications of Fintech developments for banks and bank supervisors issued by the Basel Committee last February is a step in this direction.

The ESA recommends that financial institutions should enquire, in particular, about the sustainability of the innovative CDD solution and its operative effectiveness by having “sufficient in-house expertise, in addition to any external expert advice, to guarantee the implementation and use of the innovative solution as well as to ensure the continuation of services should the innovative solution suffer irreparable system failure or the termination of a business relationship between the firm and an external provider of the solution (where it is not developed in-house)”.

This implies that each financial institution’s Senior Management and Compliance function should make a proper assessment and have a clear understanding of the innovative solution to ensure that the CDD measures performed are in line with its own AML/CTF policies, and comply with the Luxembourg regulations. This also requires putting proper safeguards in place such as a contingency plan, as well as written agreements with the external provider of CDD solutions. Such agreement should clearly define the roles and responsibilities of each party and include specific notification obligations from the service provider to the financial institution about any change that will be made to the solution or the processes, as well as ensure that some decision-making power could be exercised by the financial institution over these changes.

The 4th AML Directive does not prevent the use of innovative CDD solutions as long as adequate oversight and sound risk management processes, and control environments have been put in place by the financial institution to demonstrate that the innovative solutions are operating effectively and efficiently, and are based on the same level of standards as those applied to operations the financial institution would itself conduct.

Financial institutions will continue to face challenges in monitoring the operations and risk management activities that will take place outside their organisations. While operations can be outsourced, financial institutions would remain accountable and ultimately responsible in any case vis-à-vis their obligations and customers.

Sandrine Periot

Executive Director – Advisory

T: +352 22 51 51 7220 E: sandrine.periot@kpmg.lu

Sébastien Leleu

Associate Partner – Advisory

T: +352 22 51 51 6252 E: sebastien.leleu@kpmg.lu

Banking Briefing 7

KYC/AML

alert

Banking Briefing8

The law came into effect on 13 February 2018, partially transposing the 4th AML directive and modifying as such the law that came into force in November 2004 related to the fight against money laundering and terrorist financing.

Some of the key changes introduced under this law are as follows:

— Introduction of new definitions such as credit institution, financial institution, competent authorities and self-regulatory bodies, as well as amendments made to the existing definitions such as beneficial owner and politically exposed persons (PEP)

— Scope extension to cover all « providers of gambling services» and not only casinos, estate agents, persons exercising family office activity, and to reduce the threshold for traders in high value goods dealing with cash transactions from €15,000 to €10,000

— Introduction of tax crimes as predicate offences

— Risk-based approach remains a key concept and its effectiveness is formally recognised: professionals need to identify and evaluate its risks by carrying out internal risk assessment (to be formalised) and by taking appropriate measures to mitigate identified risks

— Extended customer due diligence measures for transfer of funds exceeding €1,000

— Each professional is now responsible to determine under which circumstances presenting a higher degree of risk an enhanced due diligence (EDD) could be applied, or under which circumstances presenting a lower degree of risk a simplified due diligence (SDD) could be applied

– Situations where EDD was mandatory, such as non-face-to-face entering into a business relationship, have been removed

– Previously defined categories of professionals considered de facto as presenting lower risk (credit institutions located in EU/EAA member states, listed companies, etc.) and enabling the application of SDD are no longer applicable

– SDD measures no longer permit situations where exemptions apply and do not define threshold anymore

– Introduction of a non-exhaustive list of factors and types of evidence of lower risk and higher risk to assist professionals in their assessment

— Definition of PEP has been extended to include domestic PEP, as well as PEP working in international organisations

— Beneficial ownership:

– For legal entities, the definition remains unchanged regarding the threshold, but it specifies that if no such person can be identified, the individuals belonging to senior management positions are designated as UBO

– Regarding legal arrangements, the law specifies that the settlor, the trustee(s) or fiduciaries, the protector (where applicable), the beneficiaries (or class of beneficiaries when these persons have not been already defined) and any other individual exercising effective control over the trust are to be considered as BO

– For insurance policies, customer due diligence measures are to be extended to the beneficiaries of such policies

— Introduction of the personal data protection obligation. The initial period of CDD document retention of 5 years can be extended for 5 additional years, if justified. Professionals have the obligation to delete the data upon expiry of the defined retention periods

— Significant increase in administrative sanctions for credit and financial institutions

– For breaches involving a legal person, an administrative fine of at least €5 million or 10% of the total annual turnover can be levied

– For breaches involving a natural person, an administrative fine of €5 million can be levied

Sandrine Periot

Executive Director – Advisory

T: +352 22 51 51 7220 E: sandrine.periot@kpmg.lu

Banking Briefing 9

In times of low or negative returns and interest rates, private and professional investors insist on getting the maximum out of their investments. In this difficult economic landscape, clients expect their private bankers, custodians and asset managers to mitigate withholding taxes by applying the lowest rate possible (relief at source) or helping them easily reclaim the unduly due taxes.

If you do not want to suffer a competitive disadvantage on withholding taxes, you need to have a robust, quick and cost- and risk-minimising solution. KPMG Luxembourg brings you, together with its partners, a fully automated and unique IT software covering the complete withholding tax process from the cost-benefit analysis to the steps relating to the filing or relief and finally to billing and reimbursement reconciliation tools.

RaQuest — value for banking clientsOur fully integrated software solution for the processing of foreign withholding tax reclaims or withholding tax relief

Maximise the return on investment of your client by proposing an integrated service!

RaQuest is the only multilingual, fully integrated tool on the market today covering tax reclaim and relief!

Banking Briefing10

Why is this service important for banks and their clients?

Private banking clients, as well as institutional investors, are often more or less heavily invested in equities or bonds, paying a dividend or an interest coupon. In most of the countries, both these income flows are subject to a domestic withholding tax that can be reduced under an existing double taxation treaty (DTT).

The residence countries of these clients often only accept a withholding tax credit up to the DTT withholding tax rate (often 15%). The exceeding domestic source tax cannot be credited and is a final cost for the client, if not reclaimed in the source country of the income payment. Our fully integrated solution tackles exactly these cases and helps you to get these reimbursements in a reasonable time frame, and assists you in the tax relief process at source.

What can RaQuest do for you?

Currently, RaQuest covers 13 investment markets and 14 residence countries. Our software speaks French, English and German, and covers both tax reclaim and relief. RaQuest has a multi-client option and fully supports global custodian procedures.

The tool is being followed in several Luxembourg and German banks for the past 8 years, and produces approximately 40,000 reclaims a year. Neither rejections based on form or figures nor audit failures have been encountered in these years.

What do we offer?

KPMG Luxembourg offers two business models for RaQuest:

1. Licence model: Installation of RaQuest in your regular banking IT environment and operation by your employees (insourcing)

2. BPO model: Installation of RaQuest within our separate legal entity ‘KPMG Services’ and operation by KPMG employees for your benefit (outsourcing)

KPMG Services Sarl is a Luxembourg-certified Professional of the Financial Sector (PSF), which is duly authorised by the Luxembourg regulator (CSSF) to process confidential information.

Frank Stoltz

Partner – Tax, Financial Services

T: +352 22 51 51 5520 E: frank.stoltz@kpmg.lu

Daniel Rech

Senior Manager – Tax, Financial Services

T: +352 22 51 51 5395 E: daniel.rech@kpmg.lu

Why KPMG?Due to its international network, KPMG is able to respond to the complex business challenges facing our firms’ clients. We adopt a global approach spanning professional disciplines, industry sectors and countries. KPMG Luxembourg is a European leader and competence centre for withholding tax questions. We have assisted numerous banks, asset managers and insurance companies in their withholding tax processes and successfully claimed millions of euros from foreign tax authorities. In addition, KPMG Luxembourg is a constant driver for court cases and unique jurisprudence for the benefit of our clients. Our team can help you develop the right strategy for the implementation of RaQuest within your organisation.

Banking Briefing 11

Change management, as a strategic company asset, only began to be openly valued in the 1990s. Since then the field, which includes employees in company changes, has evolved and its importance has been formalised: bachelor‘s and master’s degrees in change management emerged not too long ago, and HR departments now employ specialists in this area. It seems unlikely that this field’s rise has nothing to do with a general trend in employee psyche: a poll carried out in the US supports what’s now accepted as a general truth, that younger workers value happiness and inclusion at work, contrasting to older workers who value income and skill acquisition.

The value of change management is twofold. First, when done well, companies can pivot quickly to seize opportunities (a new technology, for example) or to minimise unforeseen threats like a CEO’s departure, plummeting share price, or a tough new regulation. For example, Shell, amidst a crisis in 2004, hastily but effectively updated its processes and structure worldwide in order to preserve its market share. And second, keeping employees—especially the millennial generation, some of whom are into their thirties already—abreast of the when, why, and how of change keeps them committed, included and energised.

As an HR professional, I have seen many mistakes when it comes to change management. My team and I, comparing notes on our various experiences, have put together the following list of three common pitfalls to be wary of.

1. Change for change’s sake—or the perception thereof

Business gurus and conference hounds are constantly shouting about change, change, change—transform your technological capacity, slim down for increased competitive edge, plan better for regulatory changes! For the most part, they’re right: you need agility to stay on top. However, such talk is mostly aimed at the C-suite. From an HR perspective, I would like to point out how easily talk of change can come across negatively to employees, who have plenty of daily concerns other than the company’s exact position in the field. A CEO might be excited over a new robotic process automation solution, but employees will instantly assess its relevance to their own skills and livelihood.

For that reason, it’s important to ensure that employees understand that change isn’t happening for change’s sake—that it isn’t pointless—and to keep in mind that they will have a much lower threshold for perceiving it that way. (As they should, not being in the C-suite themselves. And many of them don’t ever want to be. Remember that!) So don’t overstress the efficiency that will be gained or the money saved at the company level. Frankly, they won’t

Mistakes in the workplace — when change management goes wrong

Banking Briefing12

care that much, because these are C-suite concerns. Instead, through project sponsors who are motivated, visible and effective, communicate honestly: show that this change is vital for the company’s success and that you, as the employee, are best-placed to carry it out. Make sure employees know what’s in it for them and that their effort is highly prized by the company. Indeed, it is.

2. Whitewashing your workforce

The faulty medium of language makes simplification easy: the people whose varied skills and experience collectively affect a company’s success are easily referred to as “the workforce,” “employees,” “staff,” “personnel”—but none of these terms does them justice. An IT specialist won’t see themselves as having much in common with an HR recruiter, so approaching them in the same way is a mistake. Not only will the messaging perhaps be less relevant to one than the other, but both will sense that they are being spoken to as part of a generalisation, and this is unpleasant.

Thus, when assessing the impact of your change programme, don’t neglect the micro level. Will this team of four people become a team of three? Will this employee have to embrace a new role, that one not, and this other one a new method using new tools? Be clear about such changes: don’t invite someone to a meeting where learning new processes is even mentioned if they won’t need to learn them. It will make a difference that each communication is personally tailored, that it’s evident that each person’s future was specifically brought up in the boardroom.

3. Thinking that the book of change has been closed

When you ask employees to change their ways, they’ll never forget it. Especially if it’s wholescale, intense, hard—people will still remember it five, ten, thirty years later. And why shouldn’t they? Change is an interesting feature of life. This doesn’t (necessarily) mean that they will resent the company forever or privately fight the change—but the best-case scenario isn’t that the employee does what is asked, but that she owns her new role or methods. And embracing change doesn’t happen when the change happens—the go-live is only the starting point.

For that reason, stay in touch with every team. Use pulse surveys, and capitalise on the work you did analysing each team before you communicated the change in the first place. Have people adjusted, or are they overworked? Has each team member embraced their new responsibilities? Reiterate messages, take corrective actions, or in the case of positive feedback share that good news as a company win.

Our methodologyFor several years now, my team and I have been helping clients on different transformation projects, from implementing new IT tools to reorganising their activities globally. Our approach has been to customise our 4-step change management methodology, considering the specificities of each change programme and organisation. Turning an ambition into a successful and sustainable reality is our goal every time.

For more details, feel free to reach out to me.

Roxane Filippa

Associate Partner – Advisory

T: +352 22 51 51 7365 E: roxane.filippa@kpmg.lu

Banking Briefing 13

Sonia Dribek-Pfleger

Associate Partner – Advisory

T: +352 22 51 51 7246 E: sonia.dribek@kpmg.lu

Florence Rouault

Partner – Audit

T: +352 22 51 51 6692 E: florence.rouault@kpmg.lu

Sandrine Periot

Executive Director – Advisory

T: +352 22 51 51 7220 E: sandrine.periot@kpmg.lu

Sébastien Leleu

Associate Partner – Advisory

T: +352 22 51 51 6252 E: sebastien.leleu@kpmg.lu

Frank Stoltz

Partner – Tax, Financial ServicesT: +352 22 51 51 5520 E: frank.stoltz@kpmg.lu

Anne-Sophie Minaldo

Partner – Head of RegulatoryT: +352 22 51 51 7909 E: anne-sophie.minaldo@kpmg.lu

Roxane Filippa

Associate Partner – Advisory

T: +352 22 51 51 7365 E: roxane.filippa@kpmg.lu

Stanislas Chambourdon

Partner – Head of Banking

T: +352 22 51 51 6206 E: stanislas.chambourdon@kpmg.lu

Contact us

kpmg.lu

© 2018 KPMG Luxembourg, Société coopérative, a Luxembourg entity and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

KPMG Luxembourg, Société coopérative39, Avenue John F. KennedyL-1855 LuxembourgT : +352 22 51 51 1