We are at the dawn of a new regulatory regime triggered by multiple political and economic events with global ramifications. Changes in the US political administration, the UK’s exit from the EU, cybersecurity issues, the rise of fintech, and technological advancements like blockchain are keeping organizations worldwide on their toes as they struggle to keep pace with the ensuing regulatory changes. Compliance professionals, in particular, are under greater pressure than ever to ensure effective compliance with the new wave of regulations, while also maintaining meaningful relationships with regulators and customers.
Post-crisis financial regulations have been met with widespread criticism for their tough “asks,” which make it challenging for banks and financial services institutions to carry out their core business activities profitably. While the primary objective of regulations is to build a safer and more resilient financial system, critics point to the avalanche of compliance requirements in the last decade as having a detrimental effect on economic growth.
Deregulation was at the top of President Trump’s economic agenda right through the elections, and on February 3, 2017, his office took the first steps towards reigning in Dodd-Frank by issuing an executive order for a review of existing financial industry regulation. Recently, the President ordered another round of regulatory review, led by US Treasury Secretary, Steven Mnuchin.
Whether existing regulations will be reformed significantly, or relaxed in their enforcement remains to be seen. There are signs, however, that these regulations may not be eliminated entirely. For instance, among the various alternatives proposed to replace Dodd-Frank, is the Financial Choice Act which suggests repealing only certain provisions of DoddFrank, while keeping much of the original scheme in place.
Ultimately, however, the process of ushering in new regulations is a long-drawn one, and till the final law actually kicks in, organizations would need to continue abiding by existing rulebooks.
From a risk management perspective, the next set of proposals by the Basel committee is expected to be completed soon, leading to changes in how banks calculate their market, credit, and operational risk exposures (using standardized and internal risk-based approaches).
The consultation papers propose the elimination of internal model approaches to calculate both Risk Weighted Assets (RWAs) and regulatory capital buffers for operational risk. The complex Advanced Measurement Approach (AMA) and other similar methodologies are expected to be replaced by a single Standardized Measurement Approach (SMA), in which capital adequacy will be calculated based on a set of business indicators and bank specific loss data.
Banks with recent misconduct related issues are likely to face even more stringent capital requirements. Meanwhile, another proposal under deliberation seeks to raise the capital requirements for global systemically important banks. In addition to having a significant impact on capital requirements, the Basel proposals will also involve substantial compliance expenditures. Banks will need to prepare for these challenges by planning compliance budgets, resources, and timelines efficiently.
The fintech revolution is disrupting traditional business models, compelling banks and financial institutions to change their business strategies, while forcing regulators to take note. Meanwhile, blockchain, a distributed ledger technology, is transforming the way payments, clearing, and settlement functions are performed by banks.
However, the biggest challenge for regulatory bodies at the moment is to create new rules to regulate the fintech sector without stifling its innovation and growth. The Office of the Comptroller of the Currency (OCC) recently proposed a “special purpose banking charter” for fintech companies and firms engaged in payment services. The Securities and Exchange Commission (SEC) and Federal Reserve Board (FRB) have also conducted workshops to discuss how they can maintain the sanctity of the financial system, even as they encourage innovation.
While new technologies do present ample growth opportunities, they also give rise to various governance, legal, and structural issues that are yet to be resolved. The process of mapping regulatory regimes and their applicability to existing fintech products is a complicated one more so for global fintech firms where the differences in regulatory jurisdictions and approaches present a major hurdle. A distinct and clear assessment of regulatory risks in fintech will go a long way towards ensuring the sector’s success and profitability.
Consumer and retail payments: Mobile payments, e-wallets, invisible payments (Amazon Go store), P2P mobile payments, digital currencies
Insurance: Rise of “InsurTech,” blockchain, data analytics, IoT applications
Investment management: Arrival of the “robo-adviser” based on machine learning and artificial intelligence
Fundraising: Crowdfunding (equity and reward based)
Deposits and lending: P2P marketplace lending
On June 23, 2016, the UK voted to leave the EU. Nine months later, on March 29, 2017, Prime Minister Theresa May signed a letter invoking Article 50 which suggests that Britain will leave the EU by April 2019, unless this timeframe is extended by unanimous agreement from all member countries.
As the largest financial center in the EU, the UK has both EU and non-EU financial institutions using the country as a hub to access markets and customers across Europe. Since 1999, the EU has launched a number of regulatory measures to ensure consolidation of financial markets, and to remove any trade barriers hindering cross-border financial activities among member countries. These measures have led to the creation of a single market and “passporting rights,” which allow a firm present in one member nation to carry out its business activities in all other member countries without the need for special approvals.
Once the UK does finally leave the EU, the immediate impact on UK headquartered firms will be the potential loss of their “passporting rights.” If that comes to pass, most firms would look to shift their headquarters to some other country in the EU, possibly France or Germany. Additionally, post Brexit regulations in the UK may be very different and possibly more complex than the standards set by the EU, which will present a whole new set of hurdles for organizations dealing with two varied regulatory regimes. If a banking crisis were to arise, it may be met with different responses from EU and UK regulators which, in turn, may end up destabilizing the financial system. These risks should be a key element in Brexit negotiations, as “passporting rights” are critical for the overall financial stability of the EU.
Data is central to the success of any financial institution. By unlocking hidden trends in data, organizations can derive valuable business insights, maximize their profitability, and reduce risks. However, deep levels of data analysis require advanced computing capabilities and exponential processing power.
The benefits of a robust data governance framework are many - real-time and informed decision-making, improved customer service, enhanced operational effectiveness and profitability, effective risk management, a greater competitive edge, and more. A 2016 PwC survey of 45 banks in Europe found that the No. 1 reason for addressing data governance aspects is to comply with regulatory and/ or compliance requirements, as cited by 71% of the respondents.
Around the world, there are multiple regulatory guidelines and frameworks to ensure the quality and accuracy of data used to report risks. While the Basel committee issued the BCBS 239 framework in 2013 for effective risk data aggregation and reporting, the Office of the Superintendent of Financial Institutions (OSFI) in Canada has published data governance principles for institutions, following an International Ratings Based (IRB) approach.
Meanwhile, over time, cybersecurity threats have increased in both complexity and effectiveness, demanding more sophisticated defenses and vigilance. The recent SWIFT attacks are a case in point. The General Data Protection Regulation (GDPR) in Europe, which is to be implemented in 2018, will strengthen and unify data protection for individuals in the EU, and give them more control over their personal data. GDPR, combined with the European Payment Services Directive (PSD2), as well as the data sharing guidelines by the Monetary Authority of Singapore (MAS), are proof of the importance that regulators across the world are placing on data protection and privacy, especially in the financial services sector.
Frequent changes to regulatory regimes are here to stay given the current state of uncertainty in the global political and economic environment, coupled with disruptive new technology trends. Organizations across the world need to be prepared to respond to these changes, and to reinforce their compliance frameworks with strong teams and processes, as well as advanced technology platforms. A “wait and watch” approach will no longer suffice. Only when organizations are agile and responsive will they be able to stay ahead of the regulatory curve.
The MetricStream Regulatory Change Management App provides a centralized framework to aggregate content from various regulatory sources, tag key information, triage and route critical regulatory alerts to relevant stakeholders, and determine the impact of regulatory updates on the organization.