Since joining EY in 2022, I have been focused on helping financial services firms respond more efficiently and effectively to the complex and evolving regulatory agenda. Many firms are struggling with the demands of regulatory change and supervisory challenges and, consequently, have a significantly reduced capacity for delivering business imperatives. This is frequently accompanied by a somewhat reactive and short-term approach to complying with regulation. In some cases, this is leading to expensive remediation, re-work and supervisory imposed restrictions on business activities.
In a highly dynamic industry, subject to significant technological disruption, changing customer demands and highly innovative competitive threats, enhancing the approach to regulatory compliance is increasingly a strategic imperative.
While, rightly, there is no immediate prospect of a significant reduction in regulatory requirements, the good news is that it is possible to meet these more effectively and to free up capacity for delivering strategic imperatives. This requires both a top-down (bird’s eye) and a bottom-up (worm’s eye) approach.
A starting point is to try and understand what is driving the regulatory agenda – the top-down.
Assessing the Outlook: Balancing prudence with progress
Central Banks are tasked to oversee a robust financial services system that sustainably serves the needs of businesses and consumers. They are, to some extent at least, comparable to lighthouses in potentially stormy seas. They have been specifically built to mitigate downside risks and help guide vulnerable cargos and passengers to safe harbour.
When looking at the world through this lens, it becomes easier to understand why Central Banks are focused on downside risks – particularly as, to stretch the analogy a little further, due to the pace of technological change, the ships are travelling faster and faster.
These downside risks arise from the high degree of uncertainty that we face at a macro level, particularly in relation to three, heavily interconnected and mutually reinforcing risks that will be relevant in 2025 and beyond:
- Geopolitical risk: heightened geopolitical tensions; wars; polarisation of electorates; and international divergence replacing, to some extent, international consensus; all contribute to regulatory and supervisory concerns. Practically, they are also causing issues for firms with cross border footprints, with regulatory divergence becoming more common place.
- Macro-economic challenges: the global economic outlook remains uncertain – inflationary pressures have eased but have not disappeared, growth is anaemic in many developed countries and the path for interest rate reductions uncertain. There are clear vulnerabilities to further economic shocks.
- Climate change: it is evident that at a global level we are not transitioning quickly enough to prevent significant warming of our climate. Moreover, this is not a linear risk, with extreme weather events more likely, particularly as we are approaching and passing various tipping points.
Technological change can be viewed much more positively, given the potential myriad benefits for businesses and consumers. However, due to the pace and scale of disruption, regulators will also be considering the downside risks for financial services firms, their customers and the wider economy. Regulators themselves recognise that it is impossible for legislation to keep pace with the velocity of technological change which creates specific challenges.
Implications for Financial Services firms’ strategic thinking
This is the context in which regulators and supervisors will continue to deliver their missions, seeking to ensure that regulated firms have sustainable business models; are financially secure and can withstand shocks; are operationally resilient; are well-run; and treat their customers well.
The good news is that while the language may differ, most financial services firms will have similar long-term objectives. In other words, there is more alignment between regulatory and firm objectives than there is misalignment, albeit there will be differences in articulation and in the approach to how risks are considered.
Specific Implications – connecting strategy with detailed compliance activities
A top-down view is important, but the detail matters at least as much. There are some common themes that if understood, can help firms meet current requirements and expectations and anticipate future ones. Specifically:
- Technological Change & Consumer Protection
As digital technologies reshape the sector, regulators are paying close attention to how these changes impact business models, operational resilience and customer outcomes. Advancements in artificial intelligence, sophisticated modelling, machine learning, and the growing dependency on a small number of suppliers from outside the financial services industry are all key areas of focus.
As noted above, regulations are not keeping pace with all this change, despite notable interventions such as DORA (Digital Operational Resilience Act) and MICA (Market in Crypto Assets)). This requires firms to consider risks, outcomes and principles as well as specific regulations – particularly where interactions with consumers are becoming increasingly driven by technology (e.g. using information asymmetries to target particular segments or model consumer behaviours).
The prospect of retrospective action for activity being undertaken today is high if this activity leads to poor consumer outcomes. It will also be important to anticipate further interventions – for example, the update to the Central Bank of Ireland’s (CBI) Consumer Protection Code.
Additionally, supervisors will continue to focus on operational resilience, including outsourcing, IT and cyber resilience, and contingency and recovery planning.
We can also anticipate, increased supervisory focus on non-traditional financial services firms as they become more impactful from a consumer and financial stability perspective.
- Environmental
As noted above, environmental factors – particularly climate but increasingly biodiversity – are already high on the agenda, considering both transitional and physical risks. These are pervasive topics, relevant to business strategies, disclosures, investor protection and financial and operational resilience.
In addition, as climate risk is crystallising in a non-linear way, it is also likely that regulators and supervisors will react to events and the growing risk in a non-linear way. Preparing for more intrusive supervision and urgent information requests will be important (to say nothing of mitigating the risk itself!). The starting point for this must be in understanding the risk – which is highly dependent on data capabilities, an area that requires significant investment in most firms.
- Governance & Risk Management
The introduction of the Senior Executive Accountability Regime (SEAR) and the Individual Accountability Framework (IAF) are very significant interventions by the CBI. They reflect a growing international trend to put more onus on executives and the first line of defence (i.e., business drivers) to manage risks and demonstrate they are meeting their regulatory obligations. This is, in part, a response to the complexity of the financial system and puts the onus firmly on boards and management to demonstrably understand how their businesses are run, that the associated risks are being managed and regulatory obligations are being met.
- Financial Resilience
This will always be the bread and butter of regulatory and supervisory scrutiny – considering capital, liquidity, credit, and asset quality. Notably, implementation of CRDVI & CRRIII will have material impacts for some and will need to be well-managed by many.
Concluding thoughts – connecting strategy with meeting regulatory obligations
Effectively and efficiently meeting regulatory and supervisory expectations is challenging and, increasingly, strategically important. Starting with understanding the direction and intent will help inform a longer-term perspective, potentially facilitating clearer alignment between business strategies and regulatory objectives, as well as better alignment in the delivery of regulatory change alongside and through business imperatives.
This requires both a strategic lens and a focus on delivering compliance through design and proactive execution. Strong regulatory competence that’s indented in the business -and not separate from it, particularly with respect to change capability and approach – is key.
Recognising the interconnections across risks and regulatory developments can help prevent future regulatory problems. For example, technology change, consumer and investor protection and individual accountability are all heavily linked. Specific rules-based regulation will not keep pace with the velocity of technology change, so the reliance on principles will be central to the approach taken. The explicit expectation of boards and executives to proactively take accountability for using technology to facilitate the delivery of positive consumer outcomes underpins these principles. Proactive consideration now of principles and outcomes is needed to prevent failures leading to retrospective supervisory interventions in the future.
Finally, as noted above, there is not only an avoidance benefit here, there are potentially strategic advantages too. Successfully taking a more forward-looking view of regulatory and supervisory agendas should free up capacity to deliver strategic imperatives.
Contact Us
For more information, contact our EY Regulatory team today.