An eye on future regulatory change and transformation
Tim Muzio, Consultant in our Financial Services and Payments Practice, discusses the recent changes to financial services regulation and the importance of operational resilience
Since the 2008 financial crisis, the financial services landscape has changed substantially. After we lived through and recovered from the recession, the sector has been up against regulatory change (and rightly so) and the emergence of new and continuous underlying threats: cyber-attacks become more and more sophisticated, tech disruption is a continuous battle and there has been a rise of third-party antagonists. As an example, even with well capitalised firms, a large-scale cyber-attack could be a major challenge and cause immense disruption to operations. This, however, has been responded to and accompanied by more regulatory change over the past few years with laser focus on particular threats to business and the consumer. As a result, the sector is far more financially secure and robust than ever before.
To ensure there is increased resilience of the sector, the Bank of England (BoE), Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) released a consultation paper outlining new requirements to strengthen operational resilience in the financial services sector in December 2019. At the time, the then chief executive the FCA Andrew Bailey, now the head of Bank of England said: “It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome”.
The key term behind these regulations is ‘operational resilience’. By this, the regulators are referring to how financial institutions respond to events and manage the resulting disruption whilst minimising harm to clients and the impact on markets. Operational resilience is not just about business continuity planning but the end to end thorough view of an FI’s customers within the market - in general looking at the landscape of the market and how to manage disruption.
In December of last year, when the regulatory changes were brought in, Covid-19 was a small outbreak in China, not anticipated to be the momentous global pandemic it has turned out to be. In the face of this sudden untold disruption, the BoE announced in May that the requirements originally planned for October 2020 are to be extended until the end of 2021. This was a calculated move to give FI’s more leniency in compliance and to increase their capacity to focus efforts solely on managing the significant health and economic crisis at hand.
Personally, I believe we have seen some institutions handle this pandemic very well. There has been clear communication externally to customers but also internally with the wellbeing of their own workforce, showing their response has been people-first. However, that won’t always be the case as we evolve out of this persistent pandemic. If we go by the old saying ‘history repeats itself,’ the focus will soon return to shareholder value and much of the progress that has been made over the past months could be lost. In order to see real, long-lasting change in the sector, here are a few ideas of how to bolster operational resilience and see the financial services sector turn a new leaf:
Get the basics right
Process and control failure is a major concern for leaders. We have seen in recent years a strong product-led approach to financial services with the aim of being tech-savvy to offer products with all the bells and whistles. However, this manner of conduct can be detrimental to the fundamental operations of a financial institution with core functions, such as risk and regulation, being possibly undercooked or overlooked. Although state of the art products and services are critical for customer acquisition and retention, they are insignificant without the institution having a robust foundation of regulatory compliance, sound financial governance, IT resilience, and risk management.
Financial institutions need to ensure they have an effective leadership team with strong management to support each other. Although not new, the designated senior manager regime (SMF24) has seen changes happen in this case. The relatively new position from the regulator has meant that FI’s work through all challenges thrown at them with more accountability as operational resilience failings fall at the feet of a given individual, or two as in some cases the role is split between the CIO and COO to help broaden the depth of experience required. The commitment to operational resilience is much harder than ever as internally FI’s are in turmoil and externally there are continuous challenges to contend making a collective responsibility more important than ever.
Not only do the FI’s senior executives have to be highly skilled and knowledgeable about their business function, but they have to be forward thinking and strategic in their approach, constantly absorbing and sharing new information. Although once frowned upon, leaders are now looking to learn from their counterparts across the competitive landscape in order to garner a more comprehensive perspective of the changing market outlook and keep up with the rapid market fluctuations. Changes in risk and regulation, for example, have to be identified, addressed, and adhered to quickly, all of which requires an understanding of the changes, the effects on the organisation and the market, as well as the people management skills to ensure the right team is carrying out the necessary change.
Taking this further, there is a need for collaboration amongst the senior leadership team in order to be aligned when challenges arise. Each member of the team needs to be highly aware of the work of their colleagues, and how they may be affected or in what ways they can offer support.
Preparation is paramount in building operational resilience. FI’s need to carry out regular judicious landscape mapping to be primed for impending disruption. Of course, as we have witnessed this year, not all events can be foreseen and with the likelihood of a second wave of Covid-19 coinciding with a highly probable no-deal Brexit this winter, planning for a worst-case scenario must now be on the agenda. Risk functions need to be constantly identifying potential and looming threats, scanning the horizon with a global outlook and thinking in both the short and long term. With each hazard flagged, a process of scenario planning must take place, testing the FI’s ability to respond effectively and with as little disruption to the market and its clients as possible. It is through this continuous process of identification and testing that FI’s will be able to ensure they can weather the imminent storms approaching.
The main point of concern for operational resilience is agility. FI’s must be able to pivot quickly in the face of sudden change. Many large players in financial services are organisations of thousands of people with siloed operations, making them cumbersome and inefficient with a reliance on bureaucracy. This internal structure makes adaption burdensome and slows the pace of change.
This is a great challenge to FI’s to overcome but it must be addressed. For true agility, there must be a redesign of internal structure and operations to facilitate a more connected approach. Critically for agility, however, is the need for shift in mindset. Adopting a culture of agile working will enable a “minimalised banking” environment that prioritises simplified processes, smaller teams, and shorter projects. A culture of agile transformation is no easy feat, it requires a highly thought-through long-term strategy with strong leadership. We expect the winners to be the ones who take a customer-centric view of operational risk and resilience as this will allow the board to make better investment and risk decisions.
For more information please contact Tim Muzio.