• PRU 9.2 PRU 9.2 Liquidity Risk policy systems and controls

    • PRU 9.2.1 PRU 9.2.1

      (1) An Authorised Person must establish and maintain a Liquidity Risk policy which is in writing and is approved at least annually by its Governing Body.
      (2) The policy must set out the level of Liquidity Risk the Authorised Person is willing to tolerate and include the strategy for the daily and long-term management of Liquidity Risk appropriate to the nature, scale and complexity of the activities conducted and the strategy must include the matters referred to in (3), (4), and (5).
      (3) The strategy must include a system for identifying and assessing Liquidity Risk in accordance with Rule 9.2.4.
      (4) The strategy must include a process for the measurement and monitoring of Liquidity Risk using a robust and consistent method which enables the Authorised Person to implement the requirements set out in Rule 9.2.5.
      (5) The strategy must include a system for controlling Liquidity Risk which enables the Authorised Person to implement the requirements set out in Rule 9.2.6.
      (6) An Authorised Person must ensure that it has risk management systems to implement the policy.

      • Guidance

        1. The Regulator expects that an Authorised Person's Liquidity Risk strategy will set out the approach that the Authorised Person will take to Liquidity Risk management, including various quantitative and qualitative targets. It should be communicated to all relevant functions and staff within the organisation and be set out in the Authorised Person's Liquidity Risk policy.
        2. The Regulator expects that an Authorised Person's strategy for managing Liquidity Risk will take into account the need to:
        a. develop a liquidity management strategy, policies and processes in accordance with the Authorised Person's stated Liquidity Risk tolerance;
        b. ensure that the Authorised Person maintains sufficient liquidity at all times;
        c. determine the structure, responsibilities and controls for managing Liquidity Risk and for overseeing the liquidity positions of all branches and subsidiaries in the jurisdictions in which the Authorised Person is active, and outline these elements clearly in the Authorised Person's liquidity policies;
        d. have in place adequate internal controls to ensure the integrity of its Liquidity Risk management processes;
        e. ensure that stress tests, contingency funding plans and holdings of HQLA are effective and appropriate for the Authorised Person;
        f. establish a set of reporting criteria, specifying the scope, manner and frequency of reporting to various recipients (such as the Governing Body, senior management and the Asset and Liability Committee (ALCO)) and who is responsible for preparing the reports;
        g. establish the specific procedures and approvals necessary for exceptions to policies and limits, including the escalation procedures and follow-up actions to be taken for breaches of limits;
        h. monitor closely current trends and potential market developments that may present significant, unprecedented and complex challenges for managing Liquidity Risk so that appropriate and prompt changes to the liquidity management strategy can be made as needed; and
        i. continuously review information on the Authorised Person's liquidity developments and report regularly to the Governing Body.

    • PRU 9.2.2

      (1) An Authorised Person must ensure that its Governing Body is responsible for monitoring the nature and level of Liquidity Risk assumed by the Authorised Person and the process used to manage that risk.
      (2) Without limiting the operation of (1), the responsibilities of an Authorised Person's Governing Body in respect of Liquidity Risk include:
      (a) approving the statement of the Authorised Person's Liquidity Risk strategy;
      (b) establishing and maintaining a senior management structure with clearly defined responsibilities and roles for the management of Liquidity Risk and for ensuring compliance with the Authorised Person's Risk strategy;
      (c) ensuring the senior management in (b) and other relevant personnel have the necessary experience to manage Liquidity Risk;
      (d) monitoring the Authorised Person's overall Liquidity Risk profile on a regular basis and being aware of any material changes in the Authorised Person's current or prospective Liquidity Risk profile;
      (e) ensuring that Liquidity Risk is adequately identified, assessed, mitigated, controlled and monitored in accordance with the Authorised Person's Liquidity Risk tolerance and strategy;
      (f) ensuring that the Liquidity Risk tolerance and strategy is documented; and
      (g) ensuring that the Liquidity Risk tolerance and strategy is reviewed at least annually.

    • Requirements imposed on an Authorised Person in Category 2 or 3A

      (3) An Authorised Person in Category 2 or an Authorised Person that is a Domestic Firm in Category 3A must:
      (a) establish and maintain a senior management structure to manage Liquidity Risk;
      (b) identify, assess, mitigate, control and monitor Liquidity Risk; and
      (c) monitor the Authorised Person's overall Liquidity Risk profile on a regular basis.

      • Guidance

        In respect of Rule 9.2.2(2)(b), senior management are expected to:

        a. oversee the development, establishment and maintenance of procedures and practices that translate the goals, objectives and risk tolerances approved by the Governing Body into operating standards that are consistent with the Governing Body's intent and which are understood by the relevant members of an Authorised Person's staff;
        b. adhere to the lines of authority and responsibility that the Governing Body has established for managing Liquidity Risk;
        c. oversee the establishment and maintenance of management information and other systems that identify, assess, control and monitor the Authorised Person's Liquidity Risk; and
        d. oversee the establishment of effective internal controls over the Liquidity Risk management process.

      • PRU 9.2.3 PRU 9.2.3

        (1) An Authorised Person may delegate the day-to-day management of its Liquidity Risk to another entity in the same Group for management on a Group basis only if:
        (a) the Governing Body of the Authorised Person:
        (i) has formally approved the delegation;
        (ii) keeps the delegation under review; and
        (b) the Authorised Person notifies the Regulator in writing of the delegation immediately upon its being made.
        (2) If an Authorised Person delegates the management of its Liquidity Risk in accordance with (1), the requirements in this Chapter continue to apply to the Authorised Person.

        • Guidance

          If Liquidity Risk management is delegated as set out in Rule 9.2.3, responsibility for its effectiveness remains with the Authorised Person's Governing Body.

    • Identifying Liquidity Risk

      • PRU 9.2.4 PRU 9.2.4

        (1) An Authorised Person must assess the repayment profiles of its assets under both normal market conditions and stressed conditions resulting from either general market turbulence or firm-specific difficulties.
        (2) An Authorised Person must assess the extent to which committed facilities can be relied upon under stressed conditions identified in accordance with Rule 9.2.9.
        (3) An Authorised Person must consider potential liability concentrations when determining the appropriate mix of liabilities.
        (4) An Authorised Person must consider how its off-balance sheet activities affect its cash flows and Liquidity Risk profile under both normal and stressed conditions.
        (5) If an Authorised Person has significant, unhedged liquidity mismatches in particular currencies, it must assess:
        (a) the volatilities of the exchange rates of the mismatched currencies;
        (b) likely access to the foreign exchange markets in normal and stressed conditions; and
        (c) the stability of Deposits in those currencies with the Authorised Person in stressed conditions.

        • Guidance

          1. As part of the assessment for the purposes of Rule 9.2.4(1), an Authorised Person should identify significant concentrations within its asset portfolio.
          2. For the purposes of Rule 9.2.4(3), an Authorised Person should consider factors including:
          a. the term structure of its liabilities;
          b. the credit-sensitivity of its liabilities;
          c. the mix of secured and unsecured funding;
          d. concentrations among its liability providers or related Groups of liability providers;
          e. reliance on particular instruments or products;
          f. the geographical location of liability providers; and
          g. reliance on intra-Group funding.
          3. As appropriate, an Authorised Person would be expected to consider the amount of funding required by:
          a. commitments given;
          b. standby facilities given;
          c. wholesale overdraft facilities given;
          d. proprietary Derivatives positions; and
          e. liquidity facilities given for securitisation transactions.

    • Measuring and monitoring Liquidity Risk

      • PRU 9.2.5 PRU 9.2.5

        (1) An Authorised Person must ensure that the method referred to in Rule 9.2.1(4) for measuring Liquidity Risk is capable of:
        (a) measuring the extent of the Liquidity Risk it is incurring and includes early warning indicators to aid its daily liquidity risk measurement and management processes;
        (b) dealing with the dynamic aspects of the Authorised Person's liquidity profile;
        (c) where appropriate, measuring the Authorised Person's Exposure to Foreign Currency Liquidity Risk;
        (d) where appropriate, measuring the Authorised Person's intra-day liquidity positions; and
        (e) where appropriate, measuring the Authorised Person's Exposure to PSIA and Islamic Contract Liquidity Risk.
        (2) An Authorised Person must establish and maintain a system of management reporting which provides relevant, accurate, comprehensive, timely and reliable Liquidity Risk reports to relevant functions within the Authorised Person.

        • Guidance

          1. Management information should include the following:
          a. a cash-flow or funding gap report;
          b. a funding maturity schedule;
          c. a list of large providers of funding;
          d. where appropriate, a schedule of Islamic funding sources;
          e. a limit monitoring and exception report;
          f. asset quality and trends;
          g. earnings projections; and
          h. the Authorised Person's reputation in the market and the condition of the market itself.
          2. Where an Authorised Person is a member of a Group, it should be able to assess the potential impact on it of Liquidity Risk arising in other parts of the Group.

    • Controlling Liquidity Risk

      • PRU 9.2.6

        An Authorised Person must ensure that the system referred to in Rule 9.2.1(5):

        (a) enables the Authorised Person's Governing Body and senior management to review compliance with limits set in accordance with Rule 9.2.7 and operating procedures; and
        (b) has appropriate approval processes, limits and other mechanisms designed to provide reasonable assurance that the Authorised Person's Liquidity Risk management processes are adhered to.

      • PRU 9.2.7

        (1) An Authorised Person must ensure that its Governing Body sets appropriate liquidity limits covering Liquidity Risk management in both day-to-day and stressed conditions.
        (2) An Authorised Person must periodically review and, where appropriate, adjust the limits referred to in (1) when its Liquidity Risk policy changes.
        (3) An Authorised Person must promptly resolve any policy or limit exceptions according to the processes described in its Liquidity Risk policy.

      • PRU 9.2.8

        An Authorised Person must assess market access under a variety of normal and stressed conditions.

      • PRU 9.2.9 PRU 9.2.9

        (1) An Authorised Person must use stress and scenario testing to assess the Liquidity Risk it would face in different circumstances.
        (2) When using stress and scenario testing in accordance with (1), an Authorised Person must:
        (a) use scenarios based on varying degrees of stress and both Authorised Person-specific and market-wide difficulties; and
        (b) include a cash-flow projection for each scenario tested, based on reasonable estimates of the impact (both on and off-balance sheet) of that scenario on the Authorised Person's funding needs and sources.
        (3) An Authorised Person must frequently review the assumptions used in stress testing scenarios to ensure they remain appropriate.

        • Guidance

          1. The identification of the possible balance sheet and off-balance sheet impact referred to in Rule 9.2.9(2)(b) should take into account:
          a. possible changes in the market's perception of the Authorised Person and the effects that this might have on the Authorised Person's access to the markets, including:
          i. where the Authorised Person funds its holdings of assets in one currency with liabilities in another, access to foreign exchange markets, particularly in less frequently traded currencies;
          ii. access to secured funding, including by way of repurchase agreement transactions; and
          iii. the extent to which the Authorised Person may rely on committed facilities made available to it;
          b. whenever applicable the possible effect of each scenario tested on currencies whose exchange rates are currently pegged or fixed; and
          c. that:
          i. general market turbulence may trigger a substantial increase in the extent to which Persons exercise rights against the Authorised Person under off-balance sheet instruments to which the Authorised Person is party;
          ii. access to OTC Derivative and foreign exchange markets is sensitive to credit-ratings;
          iii. Early Amortisation in asset securitisation transactions with which the Authorised Person has a connection may be triggered; and
          iv. its ability to securitise assets may be reduced.

      • PRU 9.2.10

        (1) An Authorised Person must have a documented contingency funding plan to ensure that, for each of the tested scenarios, the Authorised Person has sufficient liquid financial resources to meet its liabilities as they fall due.
        (2) The contingency funding plan referred to in (1) must:
        (a) list the events or circumstances that will lead the Authorised Person to put any part of the plan into action;
        (b) set out the extent to which the plan relies upon:
        (i) asset sales, using assets as Collateral on secured funding (including repurchase agreements), securitising its assets or otherwise reducing its assets;
        (ii) modifying the structure of, or increasing, its liabilities; and
        (iii) the use of committed facilities; and
        (c) contain administrative policies and procedures that will enable the Authorised Person to manage the implementation of the plan, including:
        (i) the responsibilities of senior management;
        (ii) the names, location and contact details of members of the team responsible for implementing the plan;
        (iii) the details of who is responsible for contact with the Authorised Person's head office (if appropriate), analysts, investors, external Auditors, media, significant customers, regulators and others; and
        (iv) the mechanisms that enable senior management and the Governing Body to receive relevant, accurate, comprehensive, timely and reliable management information.