Banking in Financial Services UK
- Select a blog category
In May-June 2018, the European Central Bank (ECB) and the Basel Committee on Banking Supervision (BCBS) published reports on the progress of the largest, internationally active banks towards compliance with the BCBS Principles for Effective Risk Data Aggregation and Reporting – known as BCBS 239.
Last Friday, 13 July, marked six months since the revised Payment Services Directive (PSD2) came into effect across the European Union (EU). With this in mind, we have been taking the pulse of the market to understand how Account Servicing Payment Service Providers (ASPSPs) are progressing with both their compliance programmes and strategic responses.
With few exceptions, ASPSPs seems to us to be broadly compliant with the PSD2 conduct requirements which became enforceable in January, and progressing well against those which will go live next year. However, determining what a successful open banking strategy looks like, and developing compelling use cases, continues to be more elusive.
The last few weeks have seen a flurry of activity on the resolvability front. Lest anyone think momentum was seeping out of the decade-long push to make banks resolvable – and thereby end “too big to fail” – these developments suggest a redoubling of regulatory efforts to demonstrate that the framework will work. Each of the initiatives is important in its own right, but taken together they amount to a raising of the bar in terms of resolution preparedness, particularly identifying and dealing with impediments to resolution. Major banks in the UK and the Banking Union can expect greater focus on resolution authorities’ assessment of their resolvability – and in the UK, the prospect of this assessment being made public. We have also had a very clear signal from the Bank of England (BoE) of what it expects of major UK banks' valuation capabilities for resolution purposes, and are approaching some key milestones for the Single Resolution Board (SRB)’s multi-year work programme. There continues to be progress on targets for MREL (the minimum requirement for own funds and eligible liabilities), albeit with some potential obstacles on the way there. We take the UK, Banking Union, and MREL developments in turn below.
The Bank of England (BoE) and the Financial Conduct Authority (FCA) have released a Discussion Paper (DP) on operational resilience, introducing enhanced expectations for Boards and senior management. The DP emphasises incident recovery – using the concept of "impact tolerance" – and highlights the regulators’ focus on the ability of firms and FMIs (collectively “firms”) to resume critical business services. The DP is of primary interest to CROs, COOs, CISOs, heads of operational resilience or cyber risk and Board members at financial services firms regulated by the BoE, FCA or Prudential Regulation Authority (PRA).
In 2010, Metro Bank was the first high street bank to be launched in the UK for over 100 years. Since then, the UK banking sector has continued to see an unprecedented number of new entrants, each challenging the traditional banking status quo with new and innovative business models, product offerings and technology.
The European Banking Authority (EBA)’s Opinion on preparations for the withdrawal of the UK from the EU
The EBA published on 25 June a second Opinion on preparations for Brexit, a follow-up to its Opinion of October 2017. This Opinion is relevant to UK financial institutions (banks, investment firms, payment service providers, electronic money institutions and creditors and credit intermediaries, collectively “firms”) that provide services to the EU27 (whether directly or by establishment) and also to EU27 firms with counterparties, clients or customers based in the UK (whether directly or by establishment).
A decade on since the start of the financial crisis, the Bank of England (BoE) has signalled a step up in efforts to make banks resolvable. The overall message is clear – despite the progress made so far, and the January 2019 deadline for UK retail ring-fencing being just around the corner, more work is needed. There is going to be no let-up for banks. It is not just more of the same; there are new requirements for banks to tackle, which may necessitate new skills and governance arrangements within their resolution teams, and with deadlines over the next four years already set.
“The prices of many cryptocurrencies have exhibited the classic hallmarks of bubbles including new paradigm justifications, broadening retail enthusiasm and extrapolative price expectations reliant in part on finding the greater fool.” Mark Carney, March 2018.
What new expectations for FMIs mean for the banking sector
The European Central Bank’s (ECB) recent consultation on its Cyber Resilience Oversight Expectations (CROE) for Financial Market Infrastructures (FMIs) and the release of its framework for an EU-wide Threat Intelligence-based Ethical Red Teaming exercise (TIBER-EU) follows a significant amount of work by the ECB in the last four years to scale-up its involvement in the supervision of cyber resilience for both FMIs and banks.
While these new expectations are of most immediate significance to FMIs, the ECB’s approach in the CROE should be read carefully by the banking sector as an indication of what might be coming its way from the ECB and other authorities.
New technologies and evolving business models have required regulators to review their capabilities and respond to new risks posed. And the UK Information Commissioner’s Office (ICO) is no exception. The new General Data Protection Regulation (GDPR) has vested considerable powers to the ICO to regulate and supervise data privacy risks. Increasing concerns about the wholesale use and processing of personal data by firms are reflected in the ICO's recently published Technology Strategy, which outlines its objectives and focus areas through eight technology goals.
The ICO strategy’s leitmotif is that technological advances “need not come at the expense of data protection and privacy rights” and that “privacy and innovation are not mutually exclusive”. Through the development of its technology strategy, the ICO’s overall aim is to remain relevant by ensuring that the monitoring and understanding of technological change, and its impact on information rights, are a core component of its work going forward.