16 May 2017 by David Strachan and Scott Martin
An environment of political upheaval and innovative technology is creating challenges for financial services firms
Compared to their international peers, European financial services firms have faced a more challenging set of circumstances than most. A prolonged period of tepid economic growth and persistently low and volatile interest rates have squeezed profitability in some sectors and put significant pressure on long-standing business models.
Regulation has played a key role in shaping this challenging environment and 2017 will see firms and their boards continue to grapple with uncertainty over the final shape of post-crisis financial rules and how best to respond to them.
Despite talk of a regulatory scale-back, there remain a number of areas where the financial services regulatory and supervisory landscape is in a dynamic state of evolution. Heightened political risk in developed economies carries implications that challenge the certainty of the regulatory framework just as it was meant to start bedding down.
Regulation will also have to respond to the growing use of new financial technologies, and while European regulators will start to take a more active approach in supporting fintech entrants, they will also begin to consider the risks they pose and how they should respond. Similarly, supervisory expectations for cyber and IT resilience are also due to become much clearer as UK and EU authorities begin to articulate increasingly detailed guidance in this area.
Two strategies will be particularly well suited to help firms respond to these evolving regulatory trends: the use of technology solutions to improve the efficiency of regulatory controls – the so-called ‘regtech’; and developing more complete governance strategies designed to cope with enhanced supervisory scrutiny of complex and cross-border organisations. Well-considered strategies in these two areas will be crucial elements for how the most successful firms adapt in 2017.
Although most regulators are keen to preserve the hard-won reforms of recent years, rising political uncertainty in many developed economies has increased the volatility and hence the unpredictability of the macro-policy environment. In the UK, the next steps in, and eventual outcome of, the Brexit negotiations is the most immediate source of this uncertainty.
“The next steps in, and eventual outcome of, the Brexit negotiations are the most immediate source of uncertainty”
Although we do not expect any near-term UK regulatory policy changes in response to Brexit, supervisors will continue to have regular conversations with firms to understand their contingency plans, and UK-based firms should also expect EU supervisors to closely scrutinise their plans to retain access to the EU single market. The Bank of England has also signalled it will monitor how structural changes firms might make in response to Brexit could increase their complexity, and consequently, undermine their resolvability.
The eventual outcome of Brexit negotiations will set the terms of access UK firms have to the single market, and may also open the door to future divergences between rules set in the UK and the EU. For firms considering the strategic implications of this, however, the picture will remain unclear in 2017 as early progress in negotiations may hinge on the outcome of this year’s French and German elections.
In the absence of meaningful clarity about the UK’s future relationship with the rest of the EU, many firms will begin to implement their contingency plans sooner rather than later.
Many regulators have been keen to signal their strong support for innovative financial technologies and the competitive pressures they bring to the market. Although we expect this support to remain high, regulators will also step up their engagement with firms as certain technologies come closer to the point of potentially posing significant consumer protection risks.
They will not materialise in 2017, but the implications of a widespread adoption of new technologies will feature more prominently on the regulatory radar, and monitoring will intensify, both at the micro and macro level. This means that the boards and senior management of large fintech firms, or incumbent firms shifting their business models to rely on digital or app-based distribution platforms, need to prepare for this increased scrutiny.
These firms will have to prove to supervisors that they understand the risks inherent in their business model and technology, and that their culture, systems and controls take into account the interests of their customers and the integrity of the market. Fintech start-ups in particular will quickly have to learn how to determine, to their supervisors’ satisfaction, the right balance between risk and reward.
Perhaps more immediately, and more broadly, supervisors are showing a heightened interest in the ability of firms to cope with cyber risks arising from the adoption of new technologies and increases in the number and scale of attacks on established systems.
As supervisors begin to articulate more detailed expectations of firms in this area, they will look to see that firms have put a number of things in place. This includes effective threat detection systems, robust plans to respond to cyber breaches, third-party provider risk, internal threats, and technological failures. Supervisors will also look to ensure firms have designed a governance structure that creates appropriate degrees of responsibility and independence among senior management.
“We expect boards will be asked to demonstrate they have access to sufficient cyber and IT expertise to allow them to challenge management”
Besides the scrutiny of plans, routine testing and new internal governance structures that this will bring, firms – particularly banks and market infrastructures – will also feel increasing pressure to appoint someone with practical cyber and IT experience to their board.
At a minimum, we expect boards will be asked to demonstrate they have access to sufficient cyber and IT expertise to allow them to challenge management in this area. Deloitte recently conducted analysis of cyber disclosures of the FTSE 100 and found just 5% of boards have a member with specialist technology or cyber experience.
Almost 10 years since the beginning of the financial crisis, a top theme for 2017 must now be how firms are designing strategies for the medium-to-long term to respond to the commercial and compliance pressures that regulatory change has brought.
The imperative to reduce compliance costs will make it essential for firms to turn increasingly to new regtech solutions to achieve greater efficiency of controls and value for money.
“Regtech solutions will not be a panacea and their implementation will require upfront investment”
Regtech has the potential to gain significant momentum in 2017, but its adoption will be gradual. Robotics process automation, big data analytics, together with regulatory reporting solutions, are some of the regtech offerings which will see the greatest degree of adoption in the shorter term. In the longer term, cognitive and artificial intelligence solutions could revolutionise and automate much of a firm’s regulatory change management programmes.
Regtech solutions will not be a panacea, however, and their implementation will require upfront investment which, in an environment of low shareholder returns, could be harder to justify. For investment to be unlocked, these technologies will need to do more than ensure compliance. They will have to provide management and boards with strategic business insights and the control to make better and timelier choices for competitive advantage, as well as quantifiably reduce costs.
From a governance perspective, the breadth and complexity of some organisations are creating real impediments to compliance, and also in forming a complete understanding of the business impacts of regulatory change, or the potential cross-border regulatory divergence that may be triggered by political events.
A more interventionist supervisory environment, moreover, means there are new ways for inadequate governance arrangements to be exposed in the normal course of business. Boards and senior managers are already coming under heightened pressure to show supervisors they can effectively manage groups comprising a multitude of legal entities and activities, spanning numerous countries.
To do this well, firms need to respond by developing more complete governance strategies. This means group boards must evidence the necessary understanding of their wider group subsidiary operations to meet the nuances of local requirements, and for parent companies and their subsidiaries to join-up global and local perspectives.
Banks, in particular, have more to do to document their current structures clearly and comprehensively. They will need to join the pieces between structural change, supervisory priorities, and the needs of day-to-day group management. They will also need to bring transparency to intragroup relationships, especially on a cross-border basis.
At the core of our outlook for the remainder of 2017 is the belief that to succeed in this challenging regulatory environment, firms and their boards must accelerate strategic choices aimed at improving the way they integrate regulatory and commercial thinking, and how they engage with the risks and opportunities that new technologies pose.
This is crucial, not just for how firms approach their compliance activities, but also for how they design their future business models and strategies.
The financial services industry is being challenged by continuing uncertainty in regulation, the need to reduce rising costs, and a range of new technological and competitive pressures. Firms will need to find ways of making this new environment work for them, capitalising on their inherent resilience, agility and efficiency.