5 minute read 14 Jan 2019
Manhattan night city lights

Four strategies for banks preparing for regulation in the digital age

By Marc Saidenberg

EY Financial Services Global Regulatory Network Co-Lead, Principal US Financial Services Advisory, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.

5 minute read 14 Jan 2019

The global regulatory outlook for 2019 has considerations for banks on their journey toward a 21st century risk and compliance framework.

This article is part of our Global Regulatory Outlook

Regulators globally are increasingly turning their attention from post-crisis reforms to a new set of emerging risks and prioritiesSupervisory and policy agendas are firmly in review mode in the face of a wide range of disruptive elements. Questions are arising about the use and ownership of data, boundaries of regulation, and geopolitical issues impacting market conditions for growth and investment.  

Firms are responding by introducing new talent, processes and technologies to strengthen risk management and compliance, while improving customer experience. Regulation is transforming too, as firms and regulators integrate new technologies and greater data usage into processes, business models, regulatory reporting and oversight.

Our outlook has four focus areas for banks and regulators on their journey toward a digitized, fit-for-purpose risk and compliance framework.

Fine-tuning legacy issues and emerging risks

The world’s largest banks have significantly improved their capital and liquidity positions post-financial crisis. The finalization of Basel III will continue, with a focus on assessing its impact rather than issuing further reforms on capital and liquidity. While progress has been made on the major systemic risk issues of resolution and derivative market transparency, there is still more distance to travel. Implementing the new risk agenda while fine-tuning the old will be a balancing act for banks, regulators and governments.

Four focus areas for banks in 2019:

1. Reform structures and develop new processes: Fundamental structural regulatory reform measures are largely in place. The ongoing challenge is to make Recovery and Resolution work in practice and make certain that financial institutions meet expectations for operational continuity. Legacy issues that were carried forward into the new landscape remaina focus. Many of these are linked to operational resilience and business continuity.

The shift from interbank offered rates (IBORs) to alternative reference rates (ARRs) is a material part of global benchmark reform. Although this is a very specific technical development, it will have an impact on all aspects of a bank’s operations: front-office, treasury, lending, accounting, finance, legal, compliance and more. The transition will be a significant effort for firms with extensive exposure to IBOR-linked products and contracts.

IBOR risk


of our annual bank risk survey participants see market adoption and liquidity in ARR derivatives as a key potential risk associated with the transition away from IBORs.

2. Enhance governance and operational resilience: The era of digital transformation has brought many issues into sharper focus, such as the increased threat of cyber-attacks, internal challenges of replacing legacy IT systems and supporting staff, inconsistent risk measures and an inability to aggregate data. New technologies and products are testing the effectiveness of existing processes. Firms need to turn their attention to strengthening operational resilience, improving stress-testing standards, reviewing impact tolerances (particularly as they relate to their customers) and refining performance metrics. Having a robust third-party risk management framework for outsourcing and vendor services is more essential than ever.

Resilience is the new stress test or resolution plan.
Risk executive, annual bank risk survey participant

Front-office staff must be fully trained on risk, with compliance officers advising and supporting the control function in the front line. Regulators will expect firms to position operational resilience squarely as a boardroom priority, alongside financial resilience. Boards will need to move to a mindset of: “This is likely to happen, so let’s be prepared.”

3. Manage and protect data: Banking is a data-reliant industry. Banks require timely, accurate and meaningful data and customers expect user-friendly communication tools. Investors and the wider market require greater access and transparency. Going forward, banks will have to better manage data and also contend with increasingly stringent demands for data privacy. Significant investment has been made in storage and accessibility, but banks need to focus more on data architecture, analytical capabilities, and development of an integrated data privacy framework with full risk management disciplines.

Risk priority


of banks surveyed in our annual bank risk survey said improving data quality is a top risk management priority over the next 3 years.

4. Address drivers of misconduct: Initiatives to improve industry culture and ethics can go so far but will have limited impact without a framework for accountability. The challenge for the conduct agenda is to move from setting the “tone from the top” to embedding positive culture and behavior throughout the organization.

The journey to better compliance

Banks need to manage and anticipate emerging risks. Digital transformation will help, but as our annual bank risk management survey highlights, risk managers must quicken the pace at which they embrace and deploy new technologies.

The demand for accountability is broadening in scope. Environmental, social and governance issues, and particularly the sustainable finance agenda, must become key elements in strategic planning and risk profiling. Change is essential, but it can, and should, be driven from the top.

At board level, greater diversity is becoming not just a regulatory expectation, but an operational necessity. Individuals whose knowledge extends beyond financial risks and regulation will be positioned to break down silos and inject deeper and broader corporate governance and risk oversight.

It’s time for management to deliver representative governance and risk frameworks that afford better alignment, improved data quality and new business models that enable sound market and customer outcomes. The aim is to get the right stakeholders to evaluate the risk implications on an end-to-end basis of operational, strategy and business decisions across the value chain, including the product life cycle, marketing, client segmentation, pricing and remuneration.

If boards and senior management become proactive about the future, build the right skills and develop new ways of working, they can deliver a more agile and efficient risk and compliance frameworks equipped with the latest technologies, enhanced governance frameworks and new roles with new skill sets.


While banks and regulators are still addressing unresolved legacy regulatory issues, technology continues to transform the industry in unforeseen ways. Firms need to respond to both legacy issues and emerging risks with technologies, enhanced governance and the right talent. 

About this article

By Marc Saidenberg

EY Financial Services Global Regulatory Network Co-Lead, Principal US Financial Services Advisory, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.