Risk Management – Deposits via Deposit Aggregators
Overview
On 15 November 2023, the Prudential Regulation Authority (PRA) issued a Dear Chief Financial Officer (CFO) letter titled ‘Working with Deposit Aggregators’, outlining as to how the firms can mitigate risks relating to Deposit Aggregators (DAs). The PRA and the Financial Conduct Authority (FCA) first brought attention to the potential risks linked with deposits sourced through DAs in April 2021, through their joint Dear CEO letter titled ‘Obtaining Deposits via Deposit Aggregators.’
This document outlines the key risks and recommended steps to mitigate these risks, as specified in the aforementioned two letters.
Scope and Applicability
This letter is relevant to firms that either currently source deposits through DAs or are considering establishing such relationships in the future.
Deposit Aggregators
DAs are providers of intermediary services who sit between the bank and retail customers.
The primary objective of DAs is to simultaneously optimise returns and Financial Services Compensation Scheme (FSCS) protection for its customers. By maintaining relationships with multiple banks or other deposit takers, DAs offer a platform for their customers to maximise returns on their deposit accounts through available offerings and distribute their savings among multiple banks to optimise FSCS protection.
Below diagram shows the potential complexity of DA(s) interactions:
As is apparent, the structure can become highly intricate. For instance customer C3 utilises services from two DAs, and customer C4 have deposits through a DA and as well as directly with Bank D. Similarly, on the deposit takers’ side, Bank B and Bank C utilise the services of two DAs. In such complex scenarios, accurately calculating the FSCS protected amounts and evaluating the liquidity outflows for Liquidity Coverage Ratio (LCR) calculations becomes challenging.
DA models
DAs offer their services via two operational models. In the “Direct” model, the customer becomes the direct customer of the bank, whereas, in the “Trust” model, the DA holds the deposit accounts in a trust for the DA’s customers.
The Trust model considered riskier for the bank, given that there is a single commercial relationship between the bank and the DA.
Key risks and recommended mitigating actions
The following are the key risks identified by the PRA:
Liquidity risk
For smaller banks, deposits acquired from DAs can emerge as a substantial source of funding, potentially introducing a liquidity concentration risk. While these deposits may originate from a diverse client base, their collective behaviour often aligns, leading to correlation risk. In essence, these deposits pose an elevated risk of withdrawal during periods of liquidity stress.
The PRA has identified the following key liquidity risks in relation to the use of DAs:
Correlation and concentration
Higher outflow due to digitalisation
Complexity in the calculation of the absolute entitlement and FSCS-covered portion of deposits
Potential liquidity and funding impact due to termination of relationship with DAs
Mitigating actions:
Establish a risk appetite/ limit framework to monitor and control the correlation and concentration risks associated with DA use.
LCR calculations and Liquidity reporting: appropriate treatment to be given to deposits obtained through DAs. [as per Article 24[1], 25[2] and 28[3] of the Liquidity Coverage Ratio (CRR) Part of the PRA Rulebook]
Obtain appropriate information from DAs to accurately compute the FSCS covered amount.
Aggregate the individual’s total deposits held both directly and via a DA.
Liquidity stress testing:
make appropriate assumptions around correlation and concentration of funding
assess risks associated with DAs
DA’s ability to influence the decision of depositors
possibility for a DA to terminate the relationship with the bank and its potential impact on funding and liquidity
Assess the potential quantum and timing of the outflow of these deposits.
Ensure adherence to the PRA’s Fundamental Rules:
(i) 3: act in a prudent manner;
(ii) 4: at all times maintain adequate financial resources; and
(iii) 5: have effective risk strategies and risk management systems.
[1] Outflows from Stable Retail Deposits
[2] Outflows from Other Retail Deposits
[3] Outflows from Other Liabilities (especially in terms of the treatment of deposit brokers)
Ensuring depositor protection
The use of DAs may pose specific challenges to the prompt and successful payouts by the FSCS in the event of a DA's or bank’s failure.
The PRA has identified the following key risks in relation to use of DAs:
Delays in the pay-out of FSCS covered amount in the event of a DA's or bank’s collapse
Know Your Customer (KYC) and Anti-Money Laundering (AML) checks failure
Risk of consumer harm
Depositors may not fully understand how the relationship between the DA and the bank works
Depositors might not be aware that the FSCS payout may get delayed if the DAs use the trust model.
Financial promotion: As the activities of DAs are not regulated, there is a possibility that they may not adhere to the guidelines governing financial promotion, potentially resulting in the mis-selling of products.
Mitigating actions:
The bank should make necessary preparations[4] to ensure a smooth resolution with minimal disruption to essential services if required.
Appropriate due diligence on DAs – at the time of onboarding and regular reviews on an ongoing basis.
Review DAs' financial promotions: it is the responsibility of the bank to ensure the DA with whom they are associated are following relevant rules
Ensure customer awareness
Information should be fair, clear and not misleading,
The timelines of the FSCS payout, in the event of a failure, should be clearly communicated to all customers,
For the FSCS protection-related information, a direct link to the FSCS website is to be provided.
Depositors must have 'absolute entitlement' to funds held on trust to provide similar protection as direct customer
Conduct legal review of contracts at the time of onboarding a DA
Ongoing review of DA contracts and trust arrangements
DAs should be able to provide sufficient and accurate data to the FSCS for swift payout
Testing the ability of the DAs to provide information – at the time of onboarding and on an ongoing basis
Periodically obtain full Single Customer View (SCV) reports from the DAs
The underlying contract should have terms that the DA need to share information with the FSCS and a timeline also to be documented
Attestation to be obtained from the senior management of DAs mentioning that they have capabilities to produce relevant data in time and they regularly test their capabilities
Ongoing monitoring of testing performed by the DAs
Confirming customer checks are performed and evidenced
Review of DAs KYC and AML policies – at the time of onboarding and on an ongoing basis
Underlying contracts should outline what KYC and AML standards DA should maintain
Assess the difference in DAs’ KYC and AML policies and that of the bank
Requiring DAs to notify the bank in case of any changes to their KYC and AML policies
Encouraging DAs to use third-party services to check their own KYC and AML processes
Encouraging DAs to participate in the FSCS testing facilities
[4] CP10/23 – Solvent exit planning for non-systemic banks and building societies.
Outsourcing and third-party risk
Depending on an individual bank's business model, the relationships with DAs can be crucial, especially for small and medium-sized banks. These relationships are subject to third-party risks, similar to other service providers.
Mitigating actions:
Manage DA arrangements closely and prudently based on the PRA’s expectations as set out in ‘Outsourcing and third party risk Management’ – SS2/21.
In addition, the letter dated November 6, 2023, from the PRA regarding innovations in the use of deposits, e-money, and regulated stablecoins will also be relevant to deposit-takers utilising DAs.
Additional aspects
In addition to the risk mitigation measures proposed for specific risk areas mentioned above, banks can also benefit from the following overarching actions as outlined in the PRA/FCA letter:
Internally discuss the contents of the provided letters at the appropriate level (e.g., Board, risk committee etc.) and implement relevant actions accordingly.
Evaluate the degree of reliance on DAs and take necessary measures if deemed essential.
Implement actions to expedite the payout process by the FSCS in case of a need.
Ensure the capability to furnish pertinent information to the FSCS, FCA, or PRA. This includes information about DAs, the volume of deposits sourced through them, and whether these DAs use a 'direct' or 'trust' model.
Ensure that the bank possesses adequate information about the beneficial owners of deposits sourced through DAs.
How We Can Help
Banks may encounter a range of challenges in understanding and implementing recommended risk management techniques, which encompass evaluations of their impact on governance, systems, data sourcing, and training, among other aspects. At Katalysys, we have deep expertise in the areas of risk management and regulatory reporting.
Our team can offer guidance in the following areas regarding the use of DAs:
Evaluation of the impact on overall risk management, encompassing risk assessment and the establishment of appropriate limits and appetite.
Evaluation of the impact on regulatory reporting, including considerations for LCR, PRA110, and Net Stable Funding Ratio (NSFR).
Examination of the impact on liquidity stress testing, integrated into the Internal Liquidity Adequacy Assessment Process (ILAAP).
Documenting bank-specific assumptions and interpretations related to risk management and regulatory reporting.
Assessment of the effect on Pillar 3 disclosures, ensuring transparency and compliance with regulatory requirements.
Thorough reviews of regulatory returns to validate adherence to both regulatory rules and industry best practices.
Providing guidance on the implementation of industry best practices related to risk management and regulatory reporting.
Validation of systems and calculations to ensure accuracy and reliability in the risk management and regulatory reporting process.
For more information, please contact:
Josh Nowak
Managing Director, Risk & Regulatory Consulting
T: +44 (0)7587 720988
Manish Patidar
Director, Regulatory Consulting
T: +44 (0)7766 001643