9.2.3.3 Risk to Firm

428. Risk to Firm (RtF) aims to capture the risk for an investment firm of losses in its trading portfolios, losses stemming from the default of counterparties and the risks of significant concentrations in respect of “client” exposures. The K- factors relating to RtF are all based on “the transactions recorded in the trading book of an investment firm dealing on own account, whether for itself or on behalf of a client”,1 with K-DTF also being based on “the transactions that an investment firm enters into through the execution of orders on behalf of clients in its own name”.2 These K-factors are thus only applicable to those investment firms that should also calculate a market risk capital requirement under RtM.

429. The risk of a default of a counterparty, measured via the K-factor K-TCD, aims “to cover the sorts of exposure risks that might give rise to a firm suffering the potential for loss arising from counterparty defaults and market price movements on collateral received or posted”.3 This risk is calculated by “multiplying the value of the exposures, based on replacement cost and an add-on for potential future exposure, by risk factors based on [the CRR], accounting for the mitigating effects of effective netting and the exchange of collateral”.4 As this K-factor is only based on those positions in the trading book, it inherently does not capture all the counterparty default risk. For instance, the risk that a client, or any other creditor, is unable to fulfil its contractual obligations to the investment firm is not covered by K-TCD. These risks can also have a great effect on the financial solidity of an investment firm, especially if an investment firm relies on a few big clients for its income. If one of these clients, for whatever reason, is unable to pay the agreed fee to its investment firm, that investment firm will inevitably face financial difficulties (assuming that the investment firm is either not allowed or not able to take its fee from that client’s assets under management5).

430. The risk that K-TCD does capture is, in essence, the risk of an ineffective assessment of eligible counterparties. One would expect an investment firm that actively deals on own account in derivatives, long settlement transactions, repurchase transactions, securities lending or margin lending, will have an effective risk management procedure to assess which counterparties should be eligible for these types of transactions. It also ignores the requirements of EMIR and the CSD Regulation, as discussed in Chapters 2 and 4, which help safeguard the effective functioning of financial markets and help protect client’s rights with regard to their securities. It would, therefore, seem more reasonable to put in place qualitative requirements that mitigate the risk of a counterparty default instead of capitalizing the possibility of unexpected losses in a counterparty default. The difficulty is that the IFR does not adequately address the risk of expected losses in a counterparty default but assumes that this will be covered through normal P&L changes, whereas the CRR does require some provisioning for expected losses in the event of a counterparty default.6 The IFR regime, therefore, does not seem to fully address the risk of a counterparty default.

431. What also appears to be an omission in K-TCD is an investment firm’s granting of ‘investment credit’7 or the provision of margin loans. Investment firms are allowed to grant a loan or credit to their clients to enable them to conclude transactions in financial instruments. This investment credit or margin loan is usually secured by using the financial instruments in the portfolio of the investment firm’s client as collateral. The investment firm is then exposed to the credit risk of its client while simultaneously being exposed to the market risk of the underlying collateral. Furthermore, with margin loans, the investment firm is exposed to a credit risk towards its client for possible (future) margin calls that the client needs to comply with.

432. These lines of credit to clients and the subsequent credit and market risks, however, are not part of the K-TCD scope, as Article 25 of the IFR contains a fixed scope of transactions that are subject to K-TCD. The types of transactions included in Article 25 of the IFR are (mostly) derivatives,8 long settlement transactions, repurchase transactions, securities or commodities lending or borrowing transactions and margin lending transactions. These transactions are more specialized types of transactions and the expectation is that only the larger investment firms that deal on own account (such as market makers or ‘investment banks’) will deal in these types of transactions. That would mean that K-TCD only affects those larger investment firms and that most investment firms will not have to report a capital requirement under K- TCD.

433. Furthermore, as K-TCD only targets those transactions that are included in the trading book of an investment firm,9 one of the activities of an investment firm that is exposed to significant counterparty default risk is not captured by K-TCD. Investment firms can engage in securities lending, but this can also be done through the assets of the investment firm’s clients. Securities borrowing or lending is covered by K-TCD, but only insofar as the underlying financial instrument is included in the trading book of the investment firm. If the securities lending transaction is conducted with assets of its clients, the counterparty default risk is not capitalized under K-TCD. The risk of securities lending with financial instruments owned by the investment firm is the same as the risk of securities lending with financial instruments owned by a client, albeit with potential greater impact from a consumer protection perspective. The only difference is the question of who bears the risk. With instruments owned by the investment firm, it is clear that the investment firm bears the risk. But with instruments owned by the client it becomes less clear. If the client authorised (or initiated) the securities lending transaction, it would appear that the client bears the risk. However, if the investment firm has made errors in its procedures in accepting a counterparty as an eligible counterparty for securities lending, the client can hold the investment firm liable. That would mean that the rationale for including securities lending of the investment firm’s securities included in the trading book in the K-TCD risk factor would similarly apply to those securities lending transactions conducted through the client’s assets. The latter, however, is not included in any capital requirement in the IFR, although it might be captured indirectly under the K-factor of COH. This will only be applicable, however, if the client of the investment firm initiated the securities lending transaction. If the transaction is initiated by the investment firm, and thus no client order for the transactions exists, the COH K-factor would appear not to apply.

434. Therefore, it appears that the EC has tried to keep a simplified CRR counterparty credit risk framework within the IFR but has not fully thought out in which instances and in which external relationships credit risk might materialize for an investment firm. This results in a new framework that will not cover all the credit risk of an investment firm and might even miss the more significant credit risks, such as providing investment credit, margin loans and engaging in securities lending with client assets.

435. The K-factor Daily Trading Flow (K-DTF) “captures the operational risks to an investment firm in large volumes of trades concluded for its own account or for clients in its own name in one day which could result from inadequate or failed internal processes, people and systems or from external events, based on the notional value of daily trades”.10 Article 4(1)(33) of the IFR defines K-DTF11 as the ‘daily value of transactions’. What risk exactly the EC is trying to mitigate is not entirely clear and the EBA report does not clarify this either. For an investment firm that processes large amounts of transactions on a daily basis there can indeed be an operational risk. This seems to be the rationale included in the recitals of the IFR.12 If we look at the actual wording of Article 33 of the IFR,13 however, the calculation method seems to address a somewhat different risk. The calculation method for K-DTF measures the total value of transactions concluded in a single day.14 That would mean that a single transaction with a value of €500 million will result in a larger capital requirement than 100 million transactions with a value of €1 each. Given that the EC states that this K-DTF aims to mitigate the risk in larger trading volumes, the actual measurement approach seems not to consider the differences in values of single transactions.

436. Added to this is the remarkable conclusion of the EC to measure derivative transactions based on the notional amount of the contract.15 Why the notional amount of a derivative contract is needed for this calculation is not clear. If the intention is to capture the operational risk of large numbers of transactions (and not large values of transactions) using the notional amount for a derivative contract will only increase the outcome of the calculations. The notional amount of a derivative contract is not an indicator of the operational risk to which engaging in that derivative contract will expose the investment firm.

437. If the intention, as stated explicitly by the EC in the recitals,16 was to capture operational risks of large volumes of transactions, then the measurement of this K-DTF should only have focused on the number of transactions entered into. If the EC also meant to capture the operational risk of single transactions with a large value, then simply adding total values (including the notional value of derivatives) of all transactions will not result in an outcome that directly relates to the operational risk of entering into those transactions. The resulting K-DTF K-factor, therefore, does not seem to correctly address the risk it was intended for, and the actual outcome does not seem to reflect any significant risk other than helping identify those firms that have a large (notional) value of transactions entered into in a single day.

438. The last requirement under RtF measures the concentration risk (K-CON) of the investment firm. This K-factor, as in the case of the other K-factors under RtF, is based on the transactions included in the trading book of the investment firm. K-CON “captures concentration risk in relation to individual or highly connected private sector counterparties with whom firms have exposures above 25% of their regulatory capital […]”.17The EC further states that “the large exposure rules of the [CRD 2013 and CRR] framework are also relevant when the trading exposures of […] investment firms to specific counterparties are particularly large and thereby generate an excessively concentrated source of risk for an investment firm from the default of the counterparty”.18 This last argument leads to the question of how this risk differs from K-TCD that also capitalizes the risk of a counterparty default. The main difference will be in the types of transactions included in the calculations as the list of included transactions for K-TCD in Article 25 of the IFR19 differs from the list of exclusions for K-CON in Article 41 of the IFR.20 However, there will inevitably be overlap where a transaction is subject to both K-TCD and K-CON, meaning that the risk of that counterparty default will result in a double capital requirement.

439. The introduction of K-CON also seems to be a last minute addition to the EBA report.21 In its discussion paper22 the EBA linked a concentration risk for investment firms with the large exposure regime in the CRR. In the discussion paper, it was proposed that concentration risk for investment firms should be mitigated through a reporting requirement, but in the final report of the EBA in 2017 and in the IFR proposals concentration risk has morphed into this substantive set of requirements, without a clear history of the development of this regime and choices made by the EBA or the European legislator.

440. Article 37 of the IFR23 sets the limit on concentration risk at an exposure to “a client or group of connected clients of which exceeds 25% of its regulatory capital”.24 A client under the IFR is defined25 as a “client” under MiFID II, which subsequently defines a client as “any natural or legal person to whom an investment firm provides investment or ancillary services”.26 The definition of a “client” in the IFR, however, contains an important additional point specifically for concentration risk as “for the purposes of [K-CON], ‘client’ means any counterparty of the investment firm”27. This is an important addition to the definitions as a counterparty is not necessarily a person for whom the investment firm provides an investment service and which would probably not classify as a client under the MiFID II definition of a client. Without this specific inclusion of counterparties in the definition of client for the purposes of concentration risk, transactions with a counterparty would not be subject to K-CON.28 This ‘extension’ of what constitutes a client is similar to what is discussed in the Section 2.1.2 on dealing on own account in Paragraphs 59-61. While setting the scope for K-CON, the European legislator concluded that what constitutes as a client under MiFID II has to narrow a scope for investment firms solely dealing for own risk and account. The ‘counterparty’ clients, as discussed in Paragraphs 62-64, should therefore also be captured when determining counterparty concentration risks.

441. It would seem that the means by which the EC is trying to address concentration risk are not tailored to the actual business models used by most investment firms.29 One may further question whether concentration risk, as used within the CRD 2013 and CRR framework, does indeed materialize in a similar manner for investment firms. The IFR proposal would have benefited from an analysis by the EC of whether the 25% limit, which is the same limit as applied in the CRR for the large exposure framework which should be placed in the context of lending activities of banks, is an appropriate limit for investment firms. Given the usually larger capital requirements for credit institutions, a 25% limit would mean a larger nominal limit for specific clients and the possibility of servicing a lot of smaller clients without the 25% limit becoming a limitation in practice. An investment firm that has an overall lower capital requirement would, therefore, face the upper threshold of the concentration risk limit much sooner.

442. This might pose a problem for those investment firms that service a relatively small number of large clients or those market-making investment firms that use one or several clearing members (assuming that the EC intended that the exposures to or margins posted with those clearing members would be included in K-CON). These types of firms might easily have exposures to a single “client” far above the 25% limit and would thus have to radically change their business model, stop servicing existing clients or significantly increase capital or engage multiple clearing members. The justification for forcing investment firms to adopt one of these methods to comply with K-CON is not included in the IFR or the Staff Working Document.

443. This is especially relevant for investment firms solely dealing on own account that have no external clients according to the MiFID II definition of clients. These investment firms have only clients in the broader scope of clients, the ‘counterparty’ clients discussed above. Why these investment firms should hold capital for concentration risks in single large ‘counterparty’ clients is questionable. Similarly to the discussion on K-TCD in Paragraph 430, this K- CON capital requirement seems, for investment firms without external clients, to address the risk of an ineffective assessment of eligible counterparties. One would expect an investment firm whose sole business is dealing for own risk and account, to have a sufficiently robust system of assessing its counterparty risk when dealing with counterparties. Setting both a K-TCD and K-CON capital requirement seems superfluous.

444. It would have been beneficial for the investment firm sector in the European Union to understand which risks the EC is trying to mitigate, how the methodology chosen by the EC addresses these risk and whether the consequences of this methodology are justified by the mitigated risks. Unfortunately, this is not included in the IFR, nor is the reasoning comprehensively included in the reports and discussion papers of the EBA. As discussed, the introduction of the final concentration risk regime in the IFR seems to be based on the proposals made by the EBA in its final report. This was the first time, however, that the EBA has introduced this regime in its reports, suggesting that concentration risk was a contentious issue for the EBA and that its advice on this matter was not the purely technical advice it was supposed to be.