In a "Dear CEO" letter sent to the heads of international banks earlier this week, the UK Prudential Regulation Authority (PRA) outlines its supervisory priorities regarding those institutions for 2025, including a heightened focus on risk management, governance, and resilience.
Perhaps most notably, the letter makes clear that the PRA sees it as the board's responsibility to ensure a firm's culture is supportive of desired risk management outcomes. "Boards should ... consider where risk culture may be the root cause of material weaknesses in their firm's control environment," the PRA's Rebecca Jackson and Alison Scott write therein.
The PRA points to an increasingly complex risk environment, where firms' governance regimes are being tested by "the global interest rate environment, geo-political events and technological changes, including the increasing use of Artificial Intelligence." Its supervisory assessments have identified varied levels of efficacy in firms' abilities to proactively identify, monitor, and manage these emerging risks.
"In response to these demands, firms’ senior management and Boards need to ensure that their organisations have robust governance, risk management and controls frameworks in place that are adaptive and resilient, leveraging stress and scenario analyses to inform risk management, strategy and business planning," the letter reads. "We expect firms to have these frameworks in place across businesses, risk and internal audit functions, commensurate with the firm’s business model."
Join The Discussion