No rest for the weary
A decade on from the global financial crisis, are policymakers and regulators starting to tire of imposing a seemingly endless drip-feed of new rules on financial services firms? With his regular warnings on the dangers of “reform fatigue”, Financial Stability Board (FSB) chairman Mark Carney certainly appears to think so.
Most recently Mr Carney, who is also the governor of the Bank of England (BoE), used the term in an early July 2017 letter to the G20 leaders, ahead of their summit in Hamburg. Giving in to reform fatigue, he urged, could hamper international regulatory co-operation, create inefficiencies and friction, reduce competition and hinder investment flows. Ultimately, global growth would suffer if policymakers and regulators failed to complete their ambitious overhaul of the world’s financial markets.
Regardless of the views of those imposing regulatory reform, one thing is clear: the financial services companies they target certainly don’t anticipate any let-up in the introduction of new rules, nor the effort associated with implementing and complying with them.
The Cost of Compliance 2017 Report, an annual survey of almost 900 financial services compliance professionals worldwide conducted by information services provider Thomson Reuters, found that seven out of ten respondents expected the focus on managing regulatory risk to increase in 2017, while 20% expected the focus to be significantly greater. Likewise, just over half (53%) expected the total compliance budget to be slightly or significantly higher in 2017 than in the previous year.
At Deutsche Bank, global head of regulatory affairs Karin Dohm sees regulatory reform as a generally positive influence. The impact of reforms since 2008, she says, has been that banks have become more resilient, with larger capital and liquidity buffers and far more transparency. “It’s absolutely a positive outcome of the last ten years, resulting in a much more stable financial system. But that obviously doesn’t come for free. There have been significant costs involved. And regulators should take stock now before the next steps are taken.”
In other words, the post-crisis upturn in both regulatory requirements and supervisory scrutiny means that banks, insurers and asset management firms are spending more time and more money than ever on managing compliance risk. At many firms, compliance swallows up between 10% and 20% of their operational budgets and can result in smaller and medium-sized financial services firms disappearing as a result of heavy regulatory costs.
Furthermore, they are spending that money against a general backdrop of tepid economic growth and persistently low interest rates in major markets, which has put the squeeze on profitability.
A volatile macropolitical environment, meanwhile, is adding to the challenge and creating an atmosphere of great uncertainty. In the US the president, Donald Trump, has vowed to “dismantle” the post-crisis Dodd-Frank regulatory overhaul and has filled key government positions with Wall Street veterans who view the Act’s restraints as excessive. In the UK, the decision to leave the EU has already triggered an inquiry by the House of Lords Financial Affairs Committee into how UK-based financial services companies might retain the passporting rights that currently enable them to sell services across the EU.
Elsewhere, nationalist and populist movements are on the rise in some countries, while regional tensions and conflict plague others. Across the world, there is widespread concern that international consensus around regulatory reform could suffer and undermine hard-won gains in financial stability.
“For a number of years post-crisis we saw a higher level of convergence internationally in the direction of travel when it came to regulation. There were common themes, and they were true worldwide,” says Thomas Schindler, general counsel for Europe at Allianz Global Investors.
“Now we’re potentially looking at a multi-speed world. It’s far less predictable, and regulation seems set to diverge in quite different, unpredictable ways, depending on which country you look at. The impact of all this will need to be monitored quite closely as we go along.”
According to the Thomson Reuters Cost of Compliance 2017 Report, regulatory uncertainty and change triggered by political developments, most notably the Trump administration and Brexit, are seen as some of the greatest compliance challenges practitioners expect to be facing in 2017, with 62% expecting regulators to publish more information, and 22% expecting significantly more.
New rules, new efforts
Either way, any future changes are likely to come while regulators are still finalising previously outlined rules and financial services companies are still implementing them. In other words, disruption could strike even as financial services firms are racing to meet longstanding deadlines.
This is a particular challenge in Europe, rooted in the back-and-forth that goes on between regulatory bodies and individual member countries before new regulation comes into effect, notes Stéphane Janin, head of global regulatory development at AXA Investment Managers. “Systemic review in each country, arising from the basically good idea of ensuring that changes are appropriate for each market, means we are in a permanent state of revision in each of the activities in each of the European countries that we operate in.”
A few new sets of regulations stand out for their disruption potential and/or the uncertainty surrounding them. These include:
Basel III, or the Third Basel Accord, is an international regulatory accord, developed by the Basel Committee on Banking Supervision, which introduces a set of reforms designed to improve regulation, supervision and risk management in the banking sector. A big focus are capital and liquidity buffers, with a view to plugging what Mr Carney, the FSB chairman and BoE governor, has described as the “fault lines” that came to light during the global financial crisis. These have been the subject of much quibbling over the best way to model them. Progress, as a result, has been slow and dogged by frequent delays. Basel III was originally agreed on by the Committee, which comprises members from 27 jurisdictions worldwide, during 2010 and 2011. It was scheduled to be introduced between 2013 and 2015, but the deadline slipped, first to March 2018 and then to March 2019. At the G20 summit in Hamburg in early July 2017 world leaders reiterated their commitment to finalising the framework but failed to set a concrete deadline for doing so.
Back in 2010 the US passed what is arguably the most sweeping financial reform bill in the country’s history: the Dodd-Frank Wall Street Reform and Consumer Protection Act. Dodd-Frank was drawn up in the aftermath of the 2008 financial crisis, primarily to prevent (or lessen the impact of) the next financial crisis. The massive law, which stretches over 2,400 pages and modifies rules in vast areas of the financial system—including hedge funds, derivatives, credit default swaps, mortgage and insurance brokers, payday lenders and credit-rating agencies—also created new regulatory organisations, such as the Financial Stability Oversight Council (FSOC). Seven years on the Act’s future looks very uncertain, owing to Mr Trump’s opposition to what he sees as excessive regulation. According to law firm Davis Polk, which has been tracking its faltering progress since it was passed, 280 (or 72%) of the 390 rulemaking requirements laid out in the Act have been met with finalised rules adopted by the US Securities and Exchange Commission (SEC), and other rules have been proposed that would meet 20 (or 8%) more of the rulemaking requirements. As yet, no rules have been proposed to meet the remaining requirements.
In April 2017 Mr Trump issued a Memorandum for the secretary of the Treasury regarding the FSOC. In it, Mr Trump directed the secretary to conduct a thorough review of the FSOC’s determination and designation process and to provide a written report addressing the FSOC’s processes as well as potential improvements and recommendations for any legislative changes necessary to improve its processes. In June 2017 the US Department of the Treasury released a summary of its recommendations for regulatory reform, including changes to increase the thresholds for the designation of systemically important financial institutions (SIFIs) significantly.
In addition, in June 2017 the US House of Representatives voted to pass the Financial CHOICE (“Create Hope and Opportunity for Investors, Consumers, and Entrepreneurs”) Act, which proposes to roll back regulations created by Dodd-Frank. It is currently awaiting a vote in the US Senate. While most believe that the vote in the Senate will follow political party lines, it does not appear likely that the Financial CHOICE Act will have enough bipartisan support to be passed. However, “since President Trump’s election and his promise to ‘dismantle’ Dodd-Frank, implementation of the 2010 law has been put into ‘pause’ mode by all of the financial regulators except for the CFPB [the US Consumer Financial Protection Bureau]”, according to the authors of Davis Polk’s most recent report, published in late July 2017. “We are in an odd period of rulemaking stasis—perhaps the calm before the storm of a new regulatory environment.”
The European Market Infrastructure Regulation (EMIR), a body of European legislation for the regulation of over-the-counter derivatives (OTC), was adopted by the EU in July 2012, with full technical standards coming into effect in March 2013 in order to increase transparency, mitigate credit risks and reduce operational risk on the OTC market. However, this year the European Commission published proposals to amend certain EMIR provisions, reducing some requirements and broadening the scope of others. The new rules, which in the words of the Commission “aim to eliminate disproportionate costs and burdens on certain derivatives counterparties and to simplify rules without compromising the essence of the legislation”, will apply from November 1st 2017.
The second Markets in Financial Instruments Directive, or MiFID II, which comes into force on January 3rd 2018, incorporates a revised MiFID (the original dates back to 2007) and a new Markets in Financial Instruments Regulation (MiFIR). Its aims are to boost transparency in over-the-counter markets, particularly when it comes to the costs associated with investment and trading; to create a more level playing field for investment companies of all sizes; and to standardise levels of investor protection across the EU. Requirements are complex and wide-ranging, mandating that vast amounts of data are recorded and reported. In particular, banks and investment managers will have to divulge research fees to clients such as fund and asset managers, who will in turn need to disclose to investors the sums they spend on research and trading, instead of rolling them up into fees. That is prompting many banks and investment managers to reassess the cost and structure of their research teams. A study published in late June 2017 by JWG, a consultancy specialising in financial regulation, finds that nine out of ten institutional investors in Europe risk being non-compliant and are underprepared and overstretched in their efforts to comply with the roughly 1.4m paragraphs of rules.
Solvency II outlines capital risk requirements for insurers and reinsurers to reduce the risk of insolvency. It came into force in January 2016 but is currently in a bridging phase, which shields these firms from its more onerous capital buffer requirements. That said, they must already disclose information to the European Insurance and Occupational Pensions Authority (EIOPA) on everything—from key lines of business, underwriting and investment performance, systems of governance, risk exposures and remuneration—in the form of regular Solvency and Financial Condition Reports (SFCRs). The quality and content of these reports has so far been patchy.
Could regtech be the answer?
Against such a volatile backdrop, it comes as no surprise that many financial services companies are seeking new ways to address risk and compliance challenges more proficiently and more cost-effectively. This has led to the emergence of a new breed of technology suppliers to the financial services industry that promise to push down costs, rein in compliance risk and improve controls.
These companies, some start-ups and some more established firms, are collectively referred to as “regtech”— or regulatory technology—suppliers and can broadly be seen as a subsector of the wider fintech movement. They apply technologies such as cloud computing, blockchain, big data analytics and artificial intelligence to the regulatory challenges faced by prospective financial services clients.
In many cases, the key selling point for such technologies is their ability to plug the gaps left by today’s legacy IT systems and manual processes. London-based ComplyAdvantage, for example, uses artificial intelligence and machine learning to help financial services companies meet complex anti-money-laundering and counter-terrorist financing (AML/CTF) requirements.
“I saw an urgent need to help banks rethink how this is done,” says ComplyAdvantage CEO Charles Delingpole. “If you look at the age of AML systems in many firms, they date back to the period immediately following the 9/11 terrorist attacks in New York. This is vintage technology, no longer fit for purpose—and that’s evidenced in recent fines,” he adds.
While some regtechs, such as ComplyAdvantage, are quite specific in their focus, others take a more general approach to financial services regulation. Zurich-based Qumram, for example, provides a way for financial services companies of all kinds to monitor, record and retrieve interactions between employees and clients on digital channels, including mobile apps, website-based chatbots, social media and messaging apps such as WhatsApp. Customers include Swiss bank UBS and US-based asset management company Russell Investments.
“Digitalisation isn’t going to go away, it’s only going to increase,” says Patrick Barnert, CEO of Qumram. “The channels are shifting, but many companies are struggling to manage the log files on customer interactions made via these new channels, in the same way as they do with a customer call to a call centre or to their broker. The regulations regarding the documentation of customer interactions aren’t new, but the channels are changing, and so are customer behaviours.”
What regtech providers have in common, however, is that they seek to automate the compliance processes that financial services companies are typically paying well-remunerated specialists to perform, says Subas Roy, global chairman at the newly formed International Regtech Association (IRTA).
“In this way, they can free up the time and expertise of these people, who are often relied upon to perform routine checks and scan through large volumes of data, to focus on tasks that really demand their skills. It’s just more efficient to leave the routine work to technology and put humans to work on exploring the alerts and exceptions that this routine work brings to light, but which require further analysis and investigation.”
At Deutsche Bank, Ms Dohm emphasises the need to balance the upside that new technologies offer for all angles of the business while taking into account that they introduce new risk parameters. “Cyber risk is—as for other industries—a huge topic, and we are keen to avoid regulatory fragmentation on that.”
The costs of non-compliance
While financial services firms may feel hard-pressed to introduce new technologies at a time of regulatory uncertainty and squeezed profit margins, they may have little choice but to explore their options.
The costs of non-compliance, after all, are steep. As Mr Carney pointed out in a speech at the Institute of International Finance in Washington, DC back in April, the price tag for global bank misconduct linked to the financial crisis has now reached over US$320bn for banks worldwide. He suggested that this might otherwise have been used to support up to US$5trn in lending to households and businesses.
Then there is the issue of personal liability that should be serving to keep bankers up at night. The UK, the US, Canada, Hong Kong and Australia have all recently made policy moves to drive personal accountability and the need for better behaviour by senior individuals, compliance officers included.
And as we have seen, digitalisation—first witnessed in retail banking but now leaving its mark on the corporate banking sector—will bring with it a whole raft of new opportunities, but also challenges and new rules. “Digitalisation will increasingly drive fundamental regulatory change as customers increasingly demand new ways to get their financial services delivered, and therefore the production chain of the banking industry and its players changes dramatically,” says Ms Dohm.
Nor will the regulators themselves hold back from exploring the potential of new technologies where they prove to be helpful in identifying misconduct, Mr Schindler at Allianz Global Investors points out.
“We’ve already seen massive changes over the last 10-15 years, and I have no reason to believe that the next 10-20 years will be any different,” he says. “As far as I can see, there’ll be no fallback in the levels of regulatory burden—quite the opposite. Compliance is the price we pay for doing business, and the faster we have our IT systems ready to help us address those costs the better, because this isn’t going to go away.”
So despite the uncertainty that characterises the 2017 regulatory reform environment, it seems unlikely that companies will be able to sit out this period and wait for more clarity before taking action. In fact, many will need to revisit how they respond to regulation, whether regimes are materially softened or not in the years ahead—and that will require decisive action, clear resolve and a great deal of agility.