- Select a blog category
Our previous blog highlighted some of the key areas of regulatory focus and expectations when it comes to assessing and testing firms’ readiness to transition to the Cloud.
Regulators have made clear that, within the broader framework outlined in the EBA Guidelines, they will assess firms’ plans to outsource critical functions to the Cloud on a case-by-case basis. At the core of this assessment, regulators want assurance that firms have: (i) built a strong business case for their Cloud plans; (ii) understood the new or enhanced risks to themselves, the financial system and customers; and (iii) developed their capabilities to tackle these risks.
However, demonstrating this degree of assurance is challenging, particularly for systemically-important firms. Contrary to “Cloud natives” and FinTech start-ups which build their operations directly onto the Cloud from the outset, incumbents have been relying on a complex set of legacy systems and infrastructure for decades. Incumbents also offer more complex products and services, have a significantly larger customer base than their FinTech counterparts and are often integrated into the operation of payment, settlement and clearing systems. The difficulty for these larger players is therefore to design a Cloud strategy that enables them to migrate away from these legacy systems, and then operate on the Cloud securely, without affecting the continuity of services and products offered to customers, and without threatening the firm’s operational resilience.
However, the risk considerations should not eclipse the benefits that Cloud transformation can bring to firms. Given the precarious state of some FS firms’ legacy systems, moving to the Cloud can significantly improve firms’ efficiency and operational resilience1.
In this blog, we explore some of these challenges and the steps firms need to take to ensure that the business is ready to adopt the Cloud in a way that enables them to demonstrate their readiness to their Board and to regulators.
In the first blog of this series, we highlighted the regulators’ overarching approach to Cloud outsourcing and key areas of focus such as operational resilience, shared responsibility and concentration risk.
Guidance published by EU and national regulators clarifies regulatory expectations of firms using CSPs. However, firms have highlighted difficulties in applying these requirements in practice, and often cite them as significant barriers to further Cloud adoption1.
In this blog, we explore some of these barriers and assess them in the light of recent regulatory publications, and our own experience of supporting our clients in designing and implementing Cloud projects. We also highlight some of the key areas where firms appear to be lagging behind regulatory expectations. Our third and final blog will outline key considerations for firms looking to use the Cloud successfully for certain services, processes and functions.
Historically, EU regulators have been technology neutral, and Cloud outsourcing by FS firms was considered in the same way as outsourcing functions to more traditional third-party providers1.
However, the increasing concentration in the CSP market outside the FS regulatory perimeter, as well as the growing interest from systemically-important firms to migrate more critical functions to the Cloud (and the risks associated with such major IT projects), have pushed some regulators and supervisors to depart from their technology neutral stance.
The European Banking Authority’s (EBA) final Guidelines on outsourcing, which integrate the EBA Recommendations on Cloud outsourcing and come into force on 30 September 2019, aim to clarify regulatory expectations, including in relation to documentation, risk assessments, and governance and controls around Cloud outsourcing arrangements. In the insurance sector, the European Insurance and Occupation Pensions Authority (EIOPA) recently issued a Consultation on Guidelines, expected to come into force in July 2020.
Some national regulators in the EU have also clarified their position on CSP outsourcing – the UK’s Finalised Guidance 2, Luxembourg’s Circular, Germany’s Leaflet3 and France’s Recommendations on good practices are cases in point. In the UK, the Prudential Regulation Authority (PRA) has also committed to publishing a Supervisory Statement on outsourcing arrangements in the last quarter of 2019, with a specific focus on moving critical functions to the Cloud4.
Market Challenges Creating a New Focus
In the current, uncertain market environment, Investment Banks are facing tougher competition, reduced fees and margins and regulatory pressures whilst needing to reassess how to drive a differentiated client engagement with better banker productivity. An increased focus on the front office is due to four factors:
- Need for a differentiated client experience - Following a significant spend on regulatory requirements, Investment Banks are re-defining how to drive revenues through a better, more connected client experience. This includes refining how better, real-time access to client and third party data can drive more insightful conversations and connecting this insight to action within CRM. Consideration of how key client engagement tools, including pitch books can be both automated and transformed, moving from static PowerPoint to interactive decks and virtual labs to bring pitches to life is also topical.
- User experience - Current front office applications are, for the most part, not working for bankers. Technology has been developed by technology primarily for operations, resulting in important user features being missed (including simple features like task automation and search), whilst usability tends to be at the bottom of the list of “must haves”, resulting in poor user adoption. This low adoption results both in experienced bankers lacking proper tools to be effective in the market, but also means that bankers start to work “off grid” on Outlook or Excel, resulting in a loss of critical insight for the Banks to drive a more effective, targeted client focus.
- Employee experience - The largest impacted banker group of poor user experience tends to be the analysts and junior bankers who expect better and more collaborative tools to drive activity that can often be repetitive; specifically for projects task allocation and pitch book creation significantly impacting their productivity. A tech-savvy generation of Analysts and Associates look for digital enablement in their day-to-day jobs that matches their personal experiences outside of work. Faced with excessive administration from poorly connected and manual tools, this burden compounds churn at grades that are critical for longer term Investment Banking success.
- Move to “off the shelf” - Technology used in the front office tends to include a suite of legacy platforms built or acquired over the years with numerous, specific applications that are costly to maintain, difficult to understand and hard to sustain. It isn’t unusual for banks to have 30+ applications providing information for, and enabling workflows around contact, client and opportunity management and KYC. This legacy technology is increasingly problematic due to the poor employee experience it drives, but is also limiting banks’ ability to drive innovation quickly, due to the lack of APIs connecting into applications for automation, client life cycle management and analytics.
The EU’s second Capital Requirements Regulation (CRR2) entered into force on 27 June 2019, with many of its provisions taking effect in June 2021. It implements a sizeable portion of the international post-crisis regulatory framework, and is primarily designed to enhance the stability of the European banking sector. However it also takes a number of steps towards improving the state of competition in, and competitiveness of, the European banking sector.
The FCA recently published its Final Guidance on cryptoassets, reflecting the feedback it received on its Consultation Paper issued in January 2019.
The objective of the Guidance is to provide clarity to market participants on the types of cryptoassets and related activities that fall within the regulatory perimeter, the resulting obligations for firms, and the regulatory protections for consumers. It also provides more clarity around unregulated cryptoassets, and their implications for firms and consumers.
Below we highlight the key points and some of the considerations for firms already operating in, or considering entering, the cryptoassets market.
DAC6, the sixth version of the EU Directive on administrative cooperation, entered into force on 25 June 2018. This directive requires the mandatory reporting and automatic exchange of information with respect to certain cross-border arrangements of individuals, companies and other entities, with the aim of providing EU member states information to undertake risk assessments and react promptly against harmful tax practices.
DAC6 imposes new reporting obligations in respect of reportable cross-border arrangement on “intermediaries” and absent an intermediary, on “relevant taxpayers”. As such, all financial services organisations, including banks, brokers, investment managers and financial advisors with operations in the EU have to make an assessment as to whether they have participated (as intermediary or relevant taxpayer) in any reportable cross-border arrangements since 25 June 2018.
Where an organisation has participated in a reportable cross-border arrangement as an intermediary or a taxpayer, a legal obligation to report such arrangement to local tax authorities may result.
EU member states are required to implement the directive’s provisions into their domestic laws by 31 December 2019, and the relevant law must apply as from 1 July 2020.
On 22 July 2019, HM Revenue & Customs (HMRC) published a draft of The International Tax Enforcement (Disclosable Arrangements) Regulations 2019 (draft regulations) that would implement Council Directive (EU) 2018/822, or DAC6, in the UK. A consultation document also has been published seeking input from stakeholders and setting out HMRC’s current views on how the key concepts of DAC6 should be interpreted for UK purposes. Comments are due by 11 October 2019.
A consultation document, the “ConDoc”, was also published setting out HMRC’s current views on various elements of DAC6 and seeking input from various stakeholders on how certain concepts of DAC6 should be interpreted for UK purposes. The consultation responses are due by 11 October 2019.
On 13 June 2019, the FCA addressed a Dear CEO letter to Wealth Management and Stockbroking firms setting out its view of the key risks of harm that firms could pose to their customers or the markets in which they operate.
The FCA outlined four key ways in which customer harm could occur in this sector:
- By having reduced levels of savings and investments due to fraud, investment scams and inadequate client money, or assets controls;
- By losing confidence in the industry’s ability to deliver their financial objectives due to mismanagement of conflicts of interest and market abuse;
- Through reduced levels of savings and investments due to order handling procedures and execution processes that do not deliver best outcomes; and
- By being unable to understand the costs of services provided by firms, due to insufficient or inaccurate disclosure of costs and charges.
The FCA will expect all firms to consider how their activities could crystallise these risks and how best to mitigate them.
In response to these risks, the FCA set out its Wealth Management and Stockbroking supervision strategy. This is built upon the FCA’s approach to supervision strategy publication, which highlights how it will identify, prevent, reduce or correct potential and actual harm.
In this blog, we explore the key considerations for firms under each area of the FCA’s supervision strategy.
Following finalisation of the Bank of England’s (BoE) Resolvability Assessment Framework (RAF), in-scope firms will need to consider how they implement the framework. In the first blog in this series on the RAF, we consider the benefits of robust implementation and taking a long-term, rather than ad-hoc, approach. In this blog, we look at master playbooks. While the RAF is silent on the topic, we believe that master playbooks can be a useful tool both for demonstrating resolvability and for determining an overall strategy and work programme for implementing the RAF.
Last week, the Bank of England (BoE) published its final Policy Statement on the Resolvability Assessment Framework (RAF). In our previous blog we outlined details of the original Consultation Paper, which remain largely unchanged in the final policy. This blog sets out our views about how to deliver a structured approach that creates long lasting enhancements to resolvability, tailored to your business model and the importance of a top down strategic assessment and prioritisation.
The FCA is increasingly scrutinising whether the pricing practices used by individual firms, or present across particular financial markets, are fair to consumers. We have written previously about the FCA’s increasing scrutiny of cross-subsidisation and price discrimination, both pricing practices that the FCA has concluded can cause harm to consumers. The FCA has now published its Feedback Statement on Fair Pricing (FS19/04), following on from a Discussion Paper it published on the same topic last year.