“Bolstered by a strong economy and with regulatory challenges behind them, financial services companies thrived in 2014.” That would be a nice headline, wouldn’t it? But it’s probably not the one we will see. On the contrary, an uncertain economic climate coupled with persistent regulatory change will continue to test the financial services industry. Add to those issues some additional threats and challenges, such as regaining customer and market trust; enhancing risk management, governance and internal audit functions to keep pace with the complexities and velocity of changes in the industry; attracting, retaining and developing the talent needed for the future; addressing system and data issues; protecting against security and cyber risks; and finding new ways to make money,1 and you may be wistfully hoping that Lee Iacocca was right when he said, “We are continually faced by great opportunities brilliantly disguised as insoluble problems.”
More than six years after the beginning of the global financial crisis, the world economy is still dealing with economic uncertainty. The International Monetary Fund’s (IMF) most recent World Economic Outlook indicates that global growth is essentially stuck in “low gear,” with a small uptick expected in 2014 after a 2013 decline.2 The growth, such as it is, is expected to be driven by more advanced economies (e.g., United States, Canada, eurozone, United Kingdom and Japan) simply because of the size of their markets, although growth in emerging and developing markets is expected to remain strong on a percentage basis, notwithstanding continuing struggles due to difficult economic and political situations in the Middle East, North Africa, Afghanistan and Pakistan. The IMF cautions, however, that its forecast is subject to downside risks – both old and new. As examples, the U.S. projection is predicated on Congress addressing the debt ceiling issue without further market disruption; in Europe, unfinished financial sector reforms and corporate debt overhang threaten the eurozone; and in the developing world, decreased accommodation of U.S. monetary policy coupled with domestic vulnerabilities put the emerging markets at risk and require some significant structural reforms.
The current regulatory environment can only be described as daunting. The themes covered by new regulatory reforms are broad and varied and include consumer and investor protections, new capital and liquidity requirements, restructuring of the derivatives and mortgage markets, and enhanced prudential supervision of systemically important national and global financial institutions.
“The current regulatory environment in the U.S. is heavily focused on the protection of consumers at all costs and on BSA/AML responsibilities. I do not foresee the regulators easing up on these areas any time soon.”
Regulatory Practice, Protiviti
With close to 40 percent of the Dodd-Frank Wall Street Reform and Consumer Protection Act yet to be implemented and new financial reform regulations such as the European Market Infrastructure Regulation (EMIR), the Alternative Investment Fund Managers Directive (AIFMD) and the Markets in Financial Instruments Directive (MiFID) still being rolled out in Europe, along with a host of other regulations issued by other jurisdictions, interpreting and implementing new requirements continue to stretch the capacity of risk, compliance and technology personnel. While not always tied to new regulatory requirements, the focus on anti-money laundering, sanctions and anti-bribery compliance also remains at the top of regulators’ agendas.
In addition, certain markets are faced with the continuing challenge of adapting to different regulators. In Europe, for example, this requires dealing with national regulators, as well as the European Commission and Parliament and a host of European Supervisory Authorities. In the United States, depository institutions with US$10 billion or more in total assets and nonbank providers of consumer products and services are learning more about the expectations of the Consumer Financial Protection Bureau, and systemically important nonbank financial institutions are just beginning to understand what it means to be supervised by the Federal Reserve.
All of these added technical requirements and heightened regulatory expectations arrive against the post-financial crisis backdrop of a regulatory enforcement environment that is, by any measure, unforgiving. The result is a significant increase in enforcement actions and required remediation plans covering issues from anti-money laundering and fraud compliance programs to product suitability.
As a result of stepped-up regulatory activity, the industry has invested heavily in compliance, adding people, upgrading technology and revamping processes. In many instances, these investments were driven by remediation requirements and were undertaken without full consideration of how existing processes or tools could be leveraged. As time progresses, more and more attention is likely to be focused on the cost impact of these investments, which will lead to calls for process improvements to stabilize (and even decrease) costs – without appearing to the regulators to be abrogating compliance responsibilities.
Restoring Customer and Market Trust
Quite apart from the loss of customer and market trust resulting from the financial industry’s role in the global financial crisis, the industry continues to be plagued by issues – seemingly never-ending headlines (and staggeringly large fines) related to, among other things, LIBOR fixing; failure to maintain adequate anti-money laundering compliance programs; and market conduct lapses that adversely affect customers. These failures have resulted in a heightened focus on conduct, market integrity and culture. While the number of offenders is small given the size of the industry, the impact is broad and is forcing a re-examination of how culture drives the activities of an organization.
“As the regulators assess conduct issues and market integrity, they are expecting financial services companies to ask ‘Should we be doing this?’ rather than ‘Where do the rules say we can’t do this?’ This will require a sea change in the way some companies have operated.”
U.K. Financial Services, Protiviti
Enhancing Risk Management and Governance
While we were still in the throes of the financial crisis, the calls for better risk management and governance began. Although there is consensus that the industry has made progress, some areas of risk management still present challenges.3 These include the establishment and deployment of risk appetite frameworks; more timely recognition and action related to emerging risk; and, related to both of these, better, more forward-looking, actionable risk reporting.
“The pending ORSA regulation, which represents the most significant insurance regulatory reform since the 1990s, will transform the way U.S.-based insurance companies manage governance and ERM programs going forward. ORSA will affect the entire enterprise, from the board to all business groups/functions. 2014 will be the prep year for ORSA compliance.”
U.S. Insurance Practice, Protiviti
While many of the enhancements to risk management are rooted in industry and regulatory expectations rather than in specific laws and regulations, there are, of course, exceptions. One such exception is the Own Risk and Solvency Assessment (ORSA) that will be required of select U.S. insurers and insurance groups beginning in 2015. ORSA, which is a key precept of Solvency II and is already required in Europe and other jurisdictions, will require regular (at least annual) documented assessments of the adequacy of risk management frameworks and current and projected solvency positions and the submission of an ORSA report to insurance regulators.
Improving Internal Audit and the Control Environment
In addition to examining how risk management failed in the time leading up to the financial crisis, much has been written about whether internal audit did enough to raise the alarm about poor risk management practices. The consensus view is that internal audit should have, and can, do more. In the United States, the expectations of regulators, at least for the largest banking organizations, is that internal audit functions must “get to strong” (a term coined by the Office of the Comptroller of the Currency) and that simply carrying out responsibilities in an adequate manner no longer suffices. Getting to strong4 requires stature and independence; competence, experience and talent; accountability and evidence of effective challenge; and risk-based, forward-looking planning and scoping. While to some these requirements may not seem new, the key test of an internal audit function today is its willingness to exercise credible challenge (e.g., questioning a business strategy or the assumption of a certain risk, or criticizing the governance structure of a department or the organization) in the face of possible management disagreement.
Even as expectations for a stronger internal audit function grow, regulators in some jurisdictions, notably Europe, are requiring banks to review and redesign their internal control systems to improve efficiency. Similar to the discussion above of the cost of compliance, this is being prompted by the view that there is room to reduce the costs of control without sacrificing effectiveness.
“Compliance and controls are now finally being viewed within a competitive context. The organizations that can successfully leverage down costs will have a huge strategic advantage.”
European FSI Leader, Protiviti
Data and Technology Issues
Technology is the great enabler and, in some respects, one of the biggest threats faced by the financial services industry:
- Availability and access to data, always challenging to the industry because of operating models and the acquisition-fueled growth of many institutions, have taken on even more importance as financial institutions grapple with new regulatory requirements (such as “living wills”) and the desire of boards and management to improve the quality of internal reporting.
- The industry’s heavy reliance on systems and models for every aspect of its business means there must be a high premium on data integrity, as well as on system and model reliability. However, as we clearly learned during the financial crisis, models are only as useful as their assumptions.
- The industry’s conventional reliance on technology, coupled with the increased use of disruptive technologies by customers of financial services, raises concerns over privacy and security, including cyber risk. These are major issues for the industry, and they are becoming increasingly difficult to manage.
Attracting and Retaining Talent
The financial services industry faces many of the human resources challenges faced by other industries: balancing the needs and desires of a multigenerational workforce, predicting the skill sets that will be necessary to run the company of the future, and addressing the challenges of a highly diverse global workforce. Financial services companies, however, are currently confronted by an additional challenge tied directly to the regulatory environment: They are hiring compliance specialists and technologists experienced with compliance tools and technologies in record numbers, competing not only with each other, but also with consulting firms and law firms intent on attracting more compliance resources. The reality is that the number of resources required to fill vacant slots simply does not exist in the current workforce. This means financial services companies must be more creative in their hiring, and willing to take on the burden and risks of training and integrating a less-experienced workforce into the cultures of their organizations.
“The current regulatory environment adds a new dimension – and challenge – to the ‘war for talent’ in the financial services industry.”
Carol M. Beaumier
Global FSI Leader, Protiviti
Facing increased costs on a number of fronts, several of which are described above, in addition to lost revenue because of regulatory restrictions on business activities, the financial services industry is forced to look for new sources of revenue. Maximizing customer relationships may be one way of doing this, but there is little doubt that the industry will need to innovate further to improve its financial performance. In the near term, given the regulatory environment, it is not clear to what degree it will be able to do so.
* * * * *
What great opportunities we are facing!
For More Information…
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit.
Protiviti’s dedicated Financial Services practice includes professionals with deep industry experience in banking, insurance, brokerage and investment companies. These financial services professionals can work with you to find approaches to help improve and establish strategies for your business as changes in the industry and regulatory environment impact your organization. Their guidance on regulatory reform can be found at www.protiviti.com/regulatoryreform.
For additional information about the issues reviewed in FS Insights or about Protiviti’s services, please contact:
1 For an expanded view of the major risks facing the financial services industry, watch for the 2014 Risk Survey conducted by Protiviti and North Carolina State University’s ERM Initiative, which will be available at www.protiviti.com in January 2014.
2 Analysis in this paragraph is excerpted from “Global Growth Patterns Shifting, Says IMF WEO,” Duttagupta, Rupa and Helbling, Thomas, IMF Survey Magazine: In the News, October 8, 2013.
3 For additional information on risk management challenges, please see The Economist Intelligence Unit/Protiviti Survey and video titled, Restoring Confidence: Risk Management Capabilities in the Wake of the Financial Crisis: www.protiviti.com/EIUriskresearch.
4 For additional information on “getting to strong,” please see Protiviti’s Getting to Strong: What Banking Organizations Need to Know