PS5/25 – Identification and management of step-in risk

1: Overview

1.1 This Prudential Regulation Authority (PRA) policy statement (PS) provides feedback to responses the PRA received on step-in risk in relation to Chapter 2 of consultation paper (CP) 23/23 – Identification and management of step-in risk, shadow banking entities and groups of connected clients (GCCs). It also contains the PRA’s final policy on the identification and management of step-in risk, as follows:

• step-in Risk: introduction of a new Part of the PRA Rulebook (Appendix 1); and
• supervisory statement (SS) on ‘Step-in Risk’ (Appendix 2).

1.2 This PS is relevant to PRA-authorised UK banks, building societies, PRA-designated UK investment firms, PRA-approved parent holding companies and PRA-designated parent holding companies and other CRR consolidation entities. The policies regarding step-in risk are not relevant to small domestic deposit takers (SDDTs) and SDDT consolidation entities.

1.3 CP23/23 also contained proposals related to the large exposures framework - Chapter 3 on shadow banking entities (SBEs) and Chapter 4 on GCCs. The PRA has decided to take a phased approach to finalising policy on these chapters. The PRA expects to finalise its policy on GCC as part of its finalisation of proposals included in CP14/24 – Large Exposures Framework. The PRA then expects to finalise its policy on shadow banking entities in due course. In the meantime, firms are expected to make every effort to comply with the existing European Banking Authority (EBA) guidelines on limits on exposures to SBEs and the EBA guidelines on GCCs.

Background

1.4 In Chapter 2 of CP 23/23 the PRA proposed to:

• introduce new rules on step-in risk based on the relevant Basel Committee on Banking Supervision’s (BCBS) guidelines. Step-in risk is the risk that a bank provides financial support to an unconsolidated entity that is facing stress, in the absence of, or in excess of, any contractual obligations to provide such support. The new rules would require CRR firms and CRR consolidation entities to assess their step-in risk. Firms would report their assessment to the PRA alongside their Internal Capital Adequacy Assessment Process (ICAAP) assessment. SDDTs are not in the scope of application of these proposals; and
• introduce an accompanying SS, which is also based on the BCBS guidelines, detailing the factors that the PRA expects firms to consider when identifying potential step-in risk and in deciding, where necessary, on potential mitigating action.

1.5 In determining its policy, the PRA considers representations received in response to consultation, publishing an account of them and the PRA’s response (‘feedback’). Details of any significant changes are also published. In this PS, the ‘Feedback to responses’ chapter (Chapter 2) contains the PRA’s feedback.

1.6 In carrying out its policy making functions, the PRA is required to have regard to various matters. In CP23/23 the PRA explained how it had regard to the most relevant of these matters in relation to the proposed policy. The ‘Changes to draft policy’ section of this chapter refers to that explanation, taking into account consultation responses where relevant.

1.7 The PRA received two responses to the CP. The names of respondents to the CP who consented to their names being published are set out at Appendix 4. Respondents supported the PRA’s proposals on Step-in Risk and made a number of observations and requests for clarification. These are set out in Chapter 2.

Changes to draft policy

1.8 This PS takes account of how the policy advances the PRA objectives and of significant matters that the decision maker had regard to. These are as set out in CP 23/23. In addition, following the analysis of the responses received during the consultation phase, some amendments and clarifications were made to the proposed Step-in-Risk rules, SS, reporting templates and reporting instructions. These clarifications and amendments are detailed in Chapter 2.

1.9 Where the final rules differ from the draft in the CP in a way which is, in the opinion of the PRA, significant, the Financial Services and Markets Act 2000 (sections 138J(5) and 138K(4) of FSMA) requires the PRA to publish:

• details of the differences together with an updated cost benefit analysis;
• a statement setting out in the PRA’s opinion whether or not the impact of the final rules on mutuals is significantly different from: the impact that the draft rule would have had on mutuals; or the impact that the final rule will have on other PRA-authorised firms.

1.10 Having considered the responses to the step-in risk proposals in Chapter 2 of CP23/23, the PRA has included a new Rule 6.2. This rule will remove the requirement for a firm to consider its relationship with a third-party securitisation special purpose entity for step-in risk where its only relationship is an investment in its senior securitisation position. This amendment is discussed in more detail in Chapter 2. The PRA has also made a minor amendment to Rules 1.2 and 6.1 to rename the part-specific definition ‘sponsor’ to ‘step-in sponsor’ to avoid confusion with the PRA Glossary term ‘sponsor’. The PRA has also amended the externally-defined terms to improve clarity without changing the substance.

1.11 The PRA considers that changes to each of these rules and the additional amendments to the SS, reporting templates and reporting instructions will provide further clarity for firms, but involve only minor policy changes, and therefore the cost benefit and ‘have regards’ analysis for these proposals will remain the same. Similarly, the PRA also does not consider that these changes will have a significantly different impact on mutuals relative to the impact that the draft rules would have had on mutuals, or relative to the impact that the changes would have on other PRA-authorised firms.

1.12 The clarifications and amendments noted in paragraphs 1.8 and 1.10 are detailed in the ‘Feedback to responses’ in Chapter 2 of this PS. The changes that have been made to the SS will improve the accessibility and clarity of the proposed guidelines and make it easier for firms to follow.

1.13 When making rules, the PRA is required to comply with several legal obligations. In CP23/23, the PRA explained why the rules proposed in the CP were compatible with its objectives and with its duty to have regard to the regulatory principles.^{footnote [1]} The PRA has provided updated explanations below taking into account consultation responses. The considerations of the ‘have regards’ have not changed in light of responses to the CP. In addition, the PRA would note that none of the aspects of the Government’s economic policy set out in the HM Treasury (HMT) recommendation letter of 14 November 2024, and to which the PRA has had regard, were considered significant.

1.14 In addition, when making CRR rules or rules applying to certain holding companies, the PRA must also publish a summary of the purpose of the proposed rules.^{footnote [2]} This is set out in Chapter 2 of CP23/23.

Implementation

1.15 The implementation date for the new step-in risk rules and accompanying policy material is Thursday 1 January 2026.

2: Feedback to responses

2.1 This chapter provides feedback to responses to Chapter 2 of CP 23/23 – Identification and management of step-in risk, shadow banking entities and groups of connected clients.

2.2 Before making any proposed rules, the PRA is required by FSMA to have regard to any representations made to it in response to the consultation, and to publish an account, in general terms, of those representations and its feedback to them.^{footnote [3]}

2.3 The PRA has considered the responses received to Chapter 2 of CP23/23. This chapter sets out the PRA’s feedback to those responses, and its final decisions. It has been structured broadly along the same lines as the CP chapters, with some areas rearranged to better respond to related issues.

Step-In Risk

2.4 In CP23/23, the PRA proposed to introduce new rules that require firms to manage their step-in risk by:

• putting in place policies and processes to identify and evaluate their relationship with certain unconsolidated entities where they act as a sponsor, invest in their debt or equity, or have other contractual or non-contractual exposures that lead them to be exposed to the performance of the entity;
• considering whether there are any indicators of significant step-in risk in relation to those entities that have been assessed as being material;
• determining whether mitigating action is needed when significant step-in risk is identified; and
• reporting their assessment of step-in risk to the PRA at the same time as their ICAAP.

2.5 The PRA received two responses to its proposals. Both respondents supported the PRA’s approach to implementing a step-in risk framework as outlined in CP23/23. They also provided feedback on certain elements of the design of the proposed framework. Comments focused on the following areas:

• the scope and level of application;
• identification of the entities to be evaluated for step-in risk;
• assessment of material entities against indicators; and
• reporting issues.

2.6 Having considered feedback and evidence provided by the industry, the PRA has decided to make a small number of amendments to the rules and SS. This chapter describes the industry comments and the PRA’s feedback to them, including any amendments that the PRA has decided to make.

2.7 The final rules and final amendments to the SS and rules are consistent with those in CP23/23 and therefore the PRA considers its analysis of its objectives and ‘have regards’ in CP23/23 with respect to the areas mentioned in the paragraph above remains appropriate. The PRA would also note that none of the aspects of the Government’s economic policy set out in the HM Treasury (HMT) recommendation letter of 14 November 2024, and to which the PRA has had regard, were considered significant.

a. Scope and level of application

2.8 The PRA proposed in CP23/23 that a firm should apply the step-in risk requirements at a consolidated level and, where it must meet requirements at that level, at a sub-consolidated level. Firms that are not a member of a consolidation group would undertake the assessment on an individual basis. It also proposed that a firm would be expected, as part of describing its approach to identifying material step-in entities and immaterial step-in entities in its step-in risk policy, to set a threshold at those levels to determine whether a relevant step-in entity is material for the purposes of its step-in risk assessment. The PRA also noted that relevant entities may be material for the authorised firm within the group, but not for the consolidated group as a whole. So, it proposed that it would also expect a firm to set a materiality threshold relating to the authorised firm to reflect such circumstances.

2.9 One respondent asked the PRA not to request that firms assess step in risks for positions that are material for individual firms or sub-consolidated groups (ie suggesting that firms need not consider positions that might be material for solo firms, but not the consolidated group). Similarly, another respondent asked the PRA to exclude positions that might be material only for solo firms, but not at the consolidated level in their step-in risk assessment. Having considered these responses, the PRA has decided not to change its approach proposed in the CP. Firms should assess potential step-in risk in relation to individual PRA-authorised firms and on a sub-consolidated basis. This is to ensure that they are identifying step-in risk entities that might have a material impact on the firm or sub-consolidated group, but which may not be picked up in the consolidated assessment. The PRA has added a new column (0075) in the reporting template SI1 to allow firms to indicate whether the determination of a material step-in entity is on a consolidated/sub-consolidated or an individual basis. This reporting change is designed to allow firms to provide clarity on why an entity is being reported.

2.10 One respondent queried whether ring-fenced banks, who must meet requirements on a sub-consolidated basis, should perform a step-in risk assessment at that level. Having considered this query, the PRA has decided to maintain its approach of requiring firms to undertake a step-in risk assessment on a sub-consolidated basis. Ring-fenced banks are already required to meet prudential requirements and to submit ICAAPs on that basis. The PRA therefore considers that those banks should also perform a step-in risk assessment at that level to ensure that any risks are appropriately captured. 

b. Identification of entities to be evaluated for step-in risk

2.11 In CP 23/23, the PRA proposed that, in undertaking their step-in risk assessment, firms should first identify all relevant entities that are outside of their scope of consolidation. These entities could be a sponsor, a debt or equity investor or have other contractual involvement with the firm. In the CP, an illustrative list of entities was set out in the Annex to the draft SS. The draft rules also set out a non-exhaustive list of the type of unconsolidated entities that firms would have to consider in their assessment. These included ancillary services undertakings (ASUs) and securitisation special purpose entities (SSPEs). The proposals also clarified that commercial entities could be excluded from the assessment if not included within the types of entities set out in either the rules or the SS.

2.12 One respondent queried whether the PRA could specify that the only commercial entities that are likely to be in scope are those that are either defined as ASUs or suppliers under material outsourcing arrangements. Having considered this response, the PRA has decided not to make changes to provide a precise commentary on which entities would be considered as ‘commercial entities’. However, the PRA agrees that ASUs and material outsourcing entities would be types of commercial entities. Firms have discretion to consider whether other entities should be included in their assessment, which the PRA would note need not include commercial entities. A firm should document any other types of entity that it includes in its assessment in its policies and procedures.

2.13 One respondent suggested that the PRA should provide guidance on the definition of an ASU, which is currently in Article 4 of the Capital Requirements Regulation (CRR),^{footnote [4]} by introducing a new rule defining this term. Having considered this response, the PRA has decided not to introduce a new rule defining an ASU, as it does not consider it appropriate to broaden the CRR definition. The respondent also suggested that an ASU should also explicitly include operational leasing and factoring entities. Having considered this suggestion, the PRA has updated the SS to note that firms may wish to include operational leasing entities within their assessment as an additional entity type. The PRA would note that a factoring entity should already be assessed as a ‘financial institution’. The purpose of the step-in risk framework is for firms themselves to consider whether there are types of entities beyond those set out in the rules and SS that should also be included in the assessment. So, where a firm considers that it should evaluate an additional entity type such as an operational leasing entity, they should include it in their assessment and note it in their policies and procedures.

2.14 As noted above, in CP 23/23, the PRA proposed that, as part of its step-in risk assessment, a firm should identify all unconsolidated entities with which it has a relationship as a ‘debt or equity investor’. This would exclude investments that arise from firms’ market-making activities.

2.15 One respondent asked the PRA to amend the definition of ‘debt or equity investor’ to adopt the wording set out in the BCBS guidelines which would exclude ‘regular commercial lending activity’. Having considered this response, the PRA notes that it is not intended that firms should assess regular commercial lending activity for step-in risk as part of the definition of a ‘debt or equity investor’. It has therefore decided to amend the SS to clarify that such activity is not expected to be considered as part of a firm’s assessment in that regard. In making this clarification, the PRA has not amended the ‘debt and equity investor’ definition within its proposed rules.

2.16 In the CP23/23 proposals, SSPEs are in scope for step-in risk evaluation as they are explicitly included in the definition of unconsolidated entity. One respondent argued that the purchase of AAA bonds in a third-party SSPE could be described as being akin to a lending relationship and so could be excluded from the step-in risk assessment. Having considered this response, the PRA has decided to amend the rules to clarify that a firm need not consider its relationship with a third-party SSPE for step-in risk where its only relationship is as an investor in its senior securitisation position. In addition, one respondent argued that step-in risk for securitisations was already considered in the securitisation due diligence, retention and no implicit support requirements. They therefore suggested that entities listed as ‘related undertakings’ in firms’ annual accounts should be excluded from the step-in risk assessment. Having considered this response, the PRA does not agree that SSPEs should be excluded from the step-in risk assessment for this reason. The PRA acknowledges that, whilst some features of the securitisation regime may disincentivise step-in to some extent, step-in risk may still exist. Firms should therefore continue to include unconsolidated SSPEs within their step-in risk assessment except for those noted above.

2.17 In CP 23/23, the PRA proposed that market-making activity would be excluded from its definition of a debt or equity investor, therefore not in scope for step-in risk evaluation. One respondent noted that the BCBS guidelines specifically excluded a ‘negligible investment’ in relation to the debt or equity investor relationship. They therefore asked whether the PRA could provide clarification, including potential illustrative examples, as to what would constitute ‘negligible’ in relation to a non-trading investment. They also suggested that, if the PRA were to define ‘negligible’, it could apply the same definition when assessing a proposed exemption from the prudential consolidation requirement under CRR Article 19(2)(b), which refers to the undertaking concerned being ‘of negligible interest only with respect to the objectives of monitoring institutions’.

2.18 Having considered this response, the PRA would note that the reference to ‘negligible investment’ in the BCBS guidelines relates to market-making activity. The PRA has already excluded market-making activity from the definition of a debt or equity investment. The PRA has therefore decided not to define ‘negligible investment’. Furthermore, the PRA notes that as a result of market-making, firms may find themselves with debt or equity positions in an unconsolidated entity, and these positions may remain on their books for longer than they had intended. This may call into question whether they are market-making positions or ones that should be considered for step-in risk purposes. The PRA has therefore updated its SS to set the expectation that a firm should detail in its step-risk assessment policies and procedures the principles by which it would determine whether such positions remain part of its market-making activity.

2.19 The PRA noted in CP23/23 that in identifying the entities to be evaluated for step-in risk, it did not consider that an entity should be excluded where national legislation or regulation prohibits a firm from stepping in with respect to a particular entity. This is referred to as a ‘collective rebuttal’ in the BCBS guidelines. It did state that, where firms considered that such prohibitions were in place, they may wish to include the details within their assessment in considering whether step-in risk is significant. One respondent queried whether it was possible to exclude ‘collective rebuttals’ as per the BCBS guidelines from the assessment and reporting of step-in risk. Having considered this response, the PRA does not consider that this is a ground for excluding an entity from a firm’s analysis of step-in risk. In carrying out its assessment, a firm should consider the details of any such prohibitions and explain how these would mitigate step-in risk. The PRA has updated the SS to clarify this point.

c. Assessment of material entities against indicators

2.20 In CP 23/23, the PRA proposed that, once any immaterial entities have been excluded from the step-in risk assessment, the remaining material entities should be assessed against the indicators of step-in risk. The draft SS set out expectations as to what firms should consider in relation to the indicators and included illustrative examples. One illustrative example of a strong indicator in relation to the reputational risk from branding or cross-selling would be where ‘firms aggressively and successfully cross-sell both on and off-balance sheet products to their key clients’. One respondent suggested that the PRA should use of the term ‘actively’ rather than ‘aggressively’ in describing that indicator. Having considered this point, the PRA has amended paragraph 2.28a of the SS to reflect this feedback, as it does not change the intended meaning of the example.

d. Reporting Issues

2.21 In CP23/23, the PRA proposed that firms should report quantitative assessments of the impact of material step-in entities on firms’ capital and liquidity ratios in template SI2. One respondent noted that this proposal would require firms to report this information regardless of whether they considered such step-in risk to be significant. They noted that producing such assessments would be an onerous exercise that could, in some cases, require complex modelling. They therefore suggested two options. Option one was that firms should only report material step-in entities in template SI2 where step-in risk is deemed significant. Option two was that firms continue to report on all material step-in entities in template SI2 but should only be required to report capital and liquidity estimates (columns 0090 to 0120) where step-in risk is deemed significant. They also suggested that the step-in risk assessment should form part of a firm’s ICAAP to allow firms flexibility in how the assessment is presented and how materiality and significance judgements are made.

2.22 Having considered this response, the PRA accepts that asking firms to calculate the potential capital and liquidity impact of non-significant step-in risk may be disproportionate. Consequently, the PRA has decided to amend the reporting instructions to specify that firms do not have to report capital and liquidity estimates in template SI2 where step-in risk is not considered significant. This information will only be required where step-in risk is considered significant. Firms will have the option of including this information for material step-in risk entities where step-in risk is not deemed to be significant if they consider it appropriate. The PRA has also decided to maintain its proposed approach for firms to submit their step-in risk assessment on standardised templates (SI0, SI1 and SI2) alongside their ICAAP. This is consistent with the BCBS guidelines. That approach is flexible, as firms will describe their approach to identifying material and immaterial step-in risk in their own policies and procedures before undertaking an assessment of whether there is significant step-in risk in relation to ‘material’ entities. It should also ensure that firms’ assessments are presented consistently against the indicators of step-in risk. The PRA would note that, although the step-in risk framework is designed to be a tool for risk management rather than for assessing capital adequacy, a firm may wish to include details of instances of step-in risk within its ICAAP where it considers that those risks would affect its capital adequacy.

2.23 One respondent argued that the requirement to report the total assets of a step-in entity in SI2 may be misleading. They explained that such disclosures (eg in IFRS 12) commonly arise from a firm's regular business activities such as lending relationships with, or investments in other entities, and could overestimate the impact of step-in risk. Having considered this response, the PRA would clarify that total assets is a measure of size rather than risk. If a firm identifies a step-in entity as ‘material’ based on its size, it will then need to consider whether such step-in risk is significant.

e. Other issues

2.24 One respondent queried whether the PRA’s proposals in CP23/23 overlapped with the PRA Rulebook Part on Related Party Transactions. The respondent suggested that the proposals could cover the same risks and asked whether this potential duplication was justified. The PRA would note that its step-in risk and related parties’ transactions rules and policies cover separate risks. Step-in risk requires firms to consider the risk of a firm providing financial support to a step-in entity in stressed conditions, in the absence of, or in excess of any contractual obligation to do so. Step-in risk relates to unconsolidated entities. The related party rules, by contrast, require that a firm should only transact with its ‘related parties’ (ie firms within its group, certain key employees of those firms and their close relations) on terms no more favourable than would be agreed if the transaction was not with a related party. Based on the above, the PRA considers that the question of duplication does not arise.

2.25 One respondent asked whether the PRA’s proposed approach to step-in risk is seeking ‘zero step-in risk’. They also noted that their understanding of the BCBS’s objective was to ensure that there is no risk to financial stability arising from firms stepping-in. The PRA notes that a key objective of the BCBS in producing its step-in risk proposals was to apply ‘lessons about risk related to banks’ connections with unconsolidated entities and, as such, to identify situations where step-in risk exists and needs to be anticipated’. Having considered this response, the PRA confirms that its approach is designed to ensure the safety and soundness of firms by reducing the likelihood of step-in risk events from crystalising, which includes firms anticipating step-in risk via a step-in risk assessment. As set out in CP23/23, the step-in risk assessment should be a risk management tool for firms to identify and manage any potential step-in risk. The PRA would expect a firm to determine its own response to step-in risk based on the circumstances of each case. This would include considering what mitigating action it could take and whether any mitigation is already in place. There is no default presumption as to how a firm might respond in any particular case.