How can regulation keep up as banking transformation races ahead?

Authors
Marc Saidenberg

EY Americas Financial Services Regulatory Lead, Principal US Financial Services Consulting, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.

Eugene Goyne

EY Asia-Pacific Financial Services Regulatory Lead

Regulatory compliance advisor. Public policy advocate. Fitness and arts fanatic.

6 minute read 14 Jan 2022

Our 2022 Global regulatory outlook has seven focus areas for regulators and banks as the scope and speed of transformation intensifies.

In brief
  • Banks face significant uncertainty in the operating environment, which is compounded by uncertainty about the regulatory regime in many jurisdictions.
  • Banks are transforming to address environmental and social issues, competition and evolving technologies, such as digital assets and cryptocurrency.
  • By assessing the future of regulation across seven core areas, banks can take proactive steps to prepare for what’s coming.

The defining characteristic of business right now is uncertainty. As transformation accelerates and the pandemic drags into its third year, financial services firms face a range of challenges, from increased operational complexity and a growing mandate to address environmental and social issues to new forms of competition and evolving technologies, such as digital assets and cryptocurrency. To compete in this environment, firms need to understand the direction of regulatory travel. This article explores how policies could change in seven core areas and identifies actions that banks may consider in response.

This article is part of the EY 2022 Global bank regulatory outlook (pdf).

COVID-19 recovery, social responsibility, and vulnerable groups

The COVID-19 pandemic — and the economic disruption it has caused — has had a huge impact on financial inclusion globally, reversing social and developmental gains over the previous decade and exacerbating the digital divide. The social contribution of businesses in all sectors is drawing greater attention from investors, customers and employees. As a result, regulators are focusing more on the social agenda of firms — and in fact, using them as a means to advance broader social agendas of government overall.

Currently, there are no uniform global standards stipulating how firms should report the social elements of their operations, but efforts are underway to provide them with some clarity. The EU Taxonomy Regulation — to be adopted at the end of 2021 — is being extended to cover social objectives. US regulators are evaluating how existing regulations should be amended to account for artificial intelligence (AI) in consumer finance to mitigate or avoid bias — for example, in lending decisions.

Integrate climate risk into the broader agenda

As the urgency of climate change grows, there is little global agreement on what sustainability and other nonfinancial information firms should disclose — both for their own operations and for their customers. Various sustainability frameworks, methodologies and metrics exist today from an array of institutional bodies, creating complexity for global firms and the products that they develop to be traded across multiple regions. Compounding the challenge is that non-profit organizations are also collecting, analyzing and reporting data on climate performance, which can create reputational risk in the financial sector.

One area in which regulatory standards are beginning to coalesce is product disclosures. Market demand for environmentally sustainable products is outpacing regulation, but regulators are sharpening their scrutiny of product disclosures to limit “greenwashing.” For example, the European Supervisory Authorities have developed draft regulatory technical standards on taxonomy-related product disclosures under the Sustainable Financial Disclosure Regulation (SFDR); these are expected to take effect in mid-2022. UK’s Financial Conduct Authority (FCA) is currently seeking views on new sustainability disclosure requirements for asset managers and FCA-regulated asset owners, as well as a new classification and labeling system for sustainable investment products.

Beyond product disclosure, the direction of travel for risk-management functions is toward integrating their climate-related, nonfinancial risk management and control frameworks with established structures for financial risk. More broadly, firms can expand their focus to include Scope 3 emissions (those from customers and suppliers). Finally, firms can build stronger capabilities in the modeling of climate impacts across various scenarios.  

Expand beyond the regulatory perimeter

The regulatory perimeter is expanding in several areas. Incumbent firms face competition from new entrants, often FinTechs and large technology players that offer financial activities, such as payments or buy-now-pay-later (BNPL) services, but do not carry a full banking license. In response, regulators are taking steps to oversee these new entrants. US regulators recently ordered large tech companies to turn over information on their payment system plans. The European Parliament is writing new rules that could limit major US and European tech companies in the way they do business and bring a wider range of companies into the scope of the Digital Markets Act. Similarly, new regulations covering BNPL services are coming up in the UK, Ireland, and Australia.

A second area of regulatory expansion is to cover cryptocurrencies, digital assets, tokens and related products and services. The European regulation Markets in Crypto-Assets Regulation (MICA) aims to be fully operational by 2024; and the US is establishing a regulatory framework for stablecoins.

Tap the power of digitalization

Digitalization is reshaping the industry, as evolving consumer expectations and new technologies combine to change the delivery of services, the form of products, and even the assets themselves — all of which create fundamental issues for regulators. Some digital solutions hinge on AI and innovative analytics, where the internal control environment and the traditional model of risk management may need supplementing. Regulators are trying to find a balance between governance and stifling innovation or driving it abroad. The EU AI regulation puts consumer interests at the front and follows a risk-based approach with severe requirements on providers and users of high-risk AI systems, while the US has only set out voluntary guidelines.

Address geopolitical risks and regulatory fragmentation

Geopolitical risks and regulatory fragmentation are resulting in greater complexity for large global firms that operate across borders. Geopolitical risks, such as growing US-China tensions, the EU’s push for strategic autonomy and rising nationalism and protectionism in many markets, are driving regulatory fragmentation. Existing areas of regulatory fragmentation, such as climate-related regulation and disclosures and data privacy, as well as new areas — sustainable finance, data, and emerging technologies — will require global coordination. All firms will need a geostrategy: the cross-functional integration of political risk management into broader risk management, strategy and governance.

In particular, data is likely to create financial sector fragmentation. While data democratization helps combat inefficiencies, it raises some concerns regarding data ethics, misuse of data and compliance. A global governance framework for emerging technologies would be required to achieve global convergence.

Protect ecosystem industry infrastructure

Threats including cyber and physical disasters are increasing in scope, severity and frequency, putting a spotlight on operational resilience for firms — and drawing corresponding increases in supervisory scrutiny. The challenge is particularly acute given the rise of outsourcing and ecosystem business structures. Supervisors in the EU, UK and US have set expectations on outsourcing and risk management across third-party providers. Firms need to develop a more comprehensive approach to anticipating and mitigating the full range of threats that could disrupt operations in any way — not just within their organizational perimeter, but across their entire ecosystem of people, processes, data and third-party vendors that support the provision of critical services.

Build resiliency and organizational agility

Some banks have struggled to implement change, leading to recurring regulatory issues and challenges in competing with non-traditional players, such as FinTechs. In response, many banks need to become more agile, with strong governance and change management capabilities to enable real organizational, technological and cultural change, in a way that increases a firm’s competitiveness while still aligning with regulators’ expectations. Regulators in Hong Kong, Malaysia and Singapore are encouraging banks as they become more innovative by launching FinTech initiatives.

One approach is risk management by design (RMBD), which entails identifying risks and building in regulatory and compliance obligations as part of the development process for new products and services. Critically, RMBD also entails building in guardrails, ensuring that data governance is in place to capture the right information at the right time, and incorporating the ongoing testing and monitoring of controls, so that firms can assess compliance performance over time.

As we work through the pandemic, society has greater needs and greater expectations from the financial services industry. At the same time, firms must operate in a far more complex environment, due to evolving technology, global fragmentation, environmental challenges and other factors. Tech firms and other non-traditional players pose new forms competition. And the industry must become more resilient and agile, even as disruptive threats grow. Regulation will drive some of these changes but also respond to others.

In the current operating environment, banks need to find clarity in terms of policy and regulatory shifts, so they can effectively compete in the current environment while also planning for the future.

Our 2022 global regulatory outlook

Global Regulatory Network panelists discuss what to expect and prepare for in the coming year and beyond.

Americas/EMEIA webcast    Asia-Pacific webcast

Summary

Amid accelerating transformation, regulatory certainty — and even regulatory clarity — may not be possible. But by understanding the broad direction of travel for regulators, banks can take proactive steps to prepare for what’s coming.

About this article

Authors
Marc Saidenberg

EY Americas Financial Services Regulatory Lead, Principal US Financial Services Consulting, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.

Eugene Goyne

EY Asia-Pacific Financial Services Regulatory Lead

Regulatory compliance advisor. Public policy advocate. Fitness and arts fanatic.