How can regulation keep up as banking transformation races ahead?

Our 2022 Global regulatory outlook has seven focus areas for regulators and banks as the scope and speed of transformation intensifies.

The defining characteristic of business right now is uncertainty. As transformation accelerates and the pandemic drags into its third year, financial services firms face a range of challenges, from increased operational complexity and a growing mandate to address environmental and social issues to new forms of competition and evolving technologies, such as digital assets and cryptocurrency. To compete in this environment, firms need to understand the direction of regulatory travel. This article explores how policies could change in seven core areas and identifies actions that banks may consider in response.

Expand beyond the regulatory perimeter

The regulatory perimeter is expanding in several areas. Incumbent firms face competition from new entrants, often FinTechs and large technology players that offer financial activities, such as payments or buy-now-pay-later (BNPL) services, but do not carry a full banking license. In response, regulators are taking steps to oversee these new entrants. US regulators recently ordered large tech companies to turn over information on their payment system plans. The European Parliament is writing new rules that could limit major US and European tech companies in the way they do business and bring a wider range of companies into the scope of the Digital Markets Act. Similarly, new regulations covering BNPL services are coming up in the UK, Ireland, and Australia.

A second area of regulatory expansion is to cover cryptocurrencies, digital assets, tokens and related products and services. The European regulation Markets in Crypto-Assets Regulation (MICA) aims to be fully operational by 2024; and the US is establishing a regulatory framework for stablecoins.

Tap the power of digitalization

Digitalization is reshaping the industry, as evolving consumer expectations and new technologies combine to change the delivery of services, the form of products, and even the assets themselves — all of which create fundamental issues for regulators. Some digital solutions hinge on AI and innovative analytics, where the internal control environment and the traditional model of risk management may need supplementing. Regulators are trying to find a balance between governance and stifling innovation or driving it abroad. The EU AI regulation puts consumer interests at the front and follows a risk-based approach with severe requirements on providers and users of high-risk AI systems, while the US has only set out voluntary guidelines.

Address geopolitical risks and regulatory fragmentation

Geopolitical risks and regulatory fragmentation are resulting in greater complexity for large global firms that operate across borders. Geopolitical risks, such as growing US-China tensions, the EU’s push for strategic autonomy and rising nationalism and protectionism in many markets, are driving regulatory fragmentation. Existing areas of regulatory fragmentation, such as climate-related regulation and disclosures and data privacy, as well as new areas — sustainable finance, data, and emerging technologies — will require global coordination. All firms will need a geostrategy: the cross-functional integration of political risk management into broader risk management, strategy and governance.

In particular, data is likely to create financial sector fragmentation. While data democratization helps combat inefficiencies, it raises some concerns regarding data ethics, misuse of data and compliance. A global governance framework for emerging technologies would be required to achieve global convergence.

Protect ecosystem industry infrastructure

Threats including cyber and physical disasters are increasing in scope, severity and frequency, putting a spotlight on operational resilience for firms — and drawing corresponding increases in supervisory scrutiny. The challenge is particularly acute given the rise of outsourcing and ecosystem business structures. Supervisors in the EU, UK and US have set expectations on outsourcing and risk management across third-party providers. Firms need to develop a more comprehensive approach to anticipating and mitigating the full range of threats that could disrupt operations in any way — not just within their organizational perimeter, but across their entire ecosystem of people, processes, data and third-party vendors that support the provision of critical services.

Build resiliency and organizational agility

Some banks have struggled to implement change, leading to recurring regulatory issues and challenges in competing with non-traditional players, such as FinTechs. In response, many banks need to become more agile, with strong governance and change management capabilities to enable real organizational, technological and cultural change, in a way that increases a firm’s competitiveness while still aligning with regulators’ expectations. Regulators in Hong Kong, Malaysia and Singapore are encouraging banks as they become more innovative by launching FinTech initiatives.

One approach is risk management by design (RMBD), which entails identifying risks and building in regulatory and compliance obligations as part of the development process for new products and services. Critically, RMBD also entails building in guardrails, ensuring that data governance is in place to capture the right information at the right time, and incorporating the ongoing testing and monitoring of controls, so that firms can assess compliance performance over time.

As we work through the pandemic, society has greater needs and greater expectations from the financial services industry. At the same time, firms must operate in a far more complex environment, due to evolving technology, global fragmentation, environmental challenges and other factors. Tech firms and other non-traditional players pose new forms competition. And the industry must become more resilient and agile, even as disruptive threats grow. Regulation will drive some of these changes but also respond to others.

In the current operating environment, banks need to find clarity in terms of policy and regulatory shifts, so they can effectively compete in the current environment while also planning for the future.