Navigating the New Regulatory Landscape: How European Banks and Risk Managers Must Adapt

The European banking sector is on the verge of a substantial transformation, with the impending deployment of Capital Requirements Regulation 3 (CRR3) and the European Union's Artificial Intelligence Act (EU AI Act).

The majority of the provisions of CRR3 are expected to take effect in January 2025, while the EU AI Act – which is expected to recalibrate the modeling landscape – will begin a phased implementation this year. These regulations herald a new era marked by (1) a departure from the advanced internal ratings-based (IRB) models; (2) a heightened focus on the standardized approach (SA); (3) a reinforcement of Pillar 2 requirements; and (4) the development of robust credit decision models (CDMs), which will be subject to restrictions and categorized as “high risk” under the AI Act.

Marco Folpmers

Let’s now unpack these complex developments, step by step.

The Shift in Credit Risk Modeling: SA and CDM Redeployment

CRR3’s input and output floors will significantly diminish the benefits that banks can reap from applying IRB models. For probability of default (PD), for example, the input floor will increase from three basis points (bp) to five for most financial instruments – and will rise all the way to 10 bp for certain qualifying revolving retail exposures (QRRE).

The output floor, meanwhile, restricts IRB models’ calculation of risk-weighted assets (RWA) from falling below 72.5% of the RWA computed by the SA. While this means that there will still be a potential for capital relief of 27.5% using IRB (under CRR3), the incentives for using the SA are clearly stronger.

What’s more, considering the scrutiny of EU supervisors (who want to prevent regulatory arbitrage), even financial institutions that merely want to toggle between the SA and IRB approaches will have to weigh all the pros and cons carefully. Ultimately, it is likely that after critically assessing all the potential risks and benefits, there will be a major shift toward the SA.

Interestingly, under CRR3, the SA will become more risk sensitive. Moreover, banks will be more incentivized to optimize their use of models. This applies not only to the portfolios that already employ the SA or will migrate toward it but also to a firm’s IRB portfolios (for which the 72.5% SA flooring will be effective).

The shift toward SA will therefore not be a mere downsizing of sophisticated modeling capabilities – but, rather, a strategic redeployment. Indeed, this transition will require credit risk professionals to recalibrate their skill sets, via, for example, beefing up their CRR3 regulatory knowledge and enhancing their data acquisition acumen.

Of course, it is also true that SA models will be less labor-intensive than IRB models. Furthermore, the productivity of modelers will be significantly enhanced by the use of Generative AI. This new tool is here to stay; it has huge potential, and its adoption in Europe is expected to increase exponentially during the upcoming years, as demonstrated in Figure 1.

Source: Statista, with analysis by Marco Folpmers

Considering the disruptive impact of Generative AI and the expected de-emphasis of IRB models, CDMs will be redeployed soon and credit risk modelers – as we have mentioned – will need different skills to survive and thrive. We will also likely see a downward shift in the size of risk modeling teams.

Enter the AI Act

Similar to the pending CRR3 regulation, the EU AI Act is casting a wide net on credit risk, with a broad definition of AI. Specifically, it classifies CDMs as high-risk AI systems, because of their immediate impact on individuals’ accessibility to financial products.

Article 58 of the EU AI Act states: “AI systems used to evaluate the credit score or creditworthiness of natural persons should be classified as high-risk AI systems.” Given this broad definition, the AI Act is probably applicable to both CDMs that employ advanced machine-learning algorithms (such as random forests) and those that use more basic statistical applications.

In short, any financial institution that employs AI-driven and/or advanced statistical credit risk models will need to comply with a host of AI Act requirements, and can expect rigorous regulatory scrutiny. For credit risk modeling staff, this translates to a heightened need for robust data management and for proficiency in explainable AI. A strong grasp of ethical AI practices – to ensure lawful, non-discriminatory and fair outcomes – will also be required.

Model validation will have a crucial role to play in monitoring compliance, not only with AI legislation but also with future regulatory standards for credit risk models.

Parting Thoughts

CRR3 and the EU AI Act present both challenges and opportunities.

When these regulations are implemented, credit risk modelers at European banks will find their roles expanding beyond traditional model development. There will be, for example, more of a focus on AI/model integration, and risk modelers will have to familiarize themselves with new types of data feeds. Moreover, they’ll need to make sure their firms’ CDMs are in full compliance with CRR3 and the AI Act.

While these regulations will present some new opportunities for European banks and their credit risk modelers, they will also likely result in an overall downsizing of banks’ modeling resources.

Dr. Marco Folpmers (FRM) is a partner for Financial Risk Management at Deloitte the Netherlands.