Cyber incident testing in financial services – the G7 takes a big step forward


Important strides in cyber security are being made this year as financial authorities around the world are beginning to run increasingly sophisticated cyber attack simulations. The aim is to help them better understand how the financial sector might cope with a large and systemic disruption to its activities and what they can do to respond.

Accurately simulating how financial markets would react to a major cyber attack is enormously difficult. Regulators not only have to consider the complex interconnections between firms in the sector, but also how coordination with other public authorities such as central banks, finance ministries, the military and security agencies would practically function in such a scenario. On top of this, it is clear that cyber attacks are not confined to national borders or to the financial sector and can spread rapidly around the world both within and between affected firms. This gives the cyber resilience efforts of financial regulators an urgent international and cross-sectoral dimension that demands a high-level of cross-border and cross‑agency collaboration in countering the cyber threat.

Growing the public-private dimension of cross-border cyber exercises will also be an important way to ensure authorities and firms can act in concert when responding to a cyber disruption. As these exercises increasingly begin to include them, firms with cross-border business models will have an important opportunity to help shape the global regulatory environment they face for cyber risk into one that works more effectively in practice. 

Continue reading

Posted on 23/05/2019 | 0 Comments

Avoiding the Impending Storm - Financial Risks from Climate Change

Banner Image

In recent years, the effects of climate change have become more apparent, attracting attention from financial regulators globally. In a recent speech Sabine Lautenschläger, Member of the Executive Board of the ECB,  stated “climate change is not an issue for next century. It’s an issue for now, and it’s a topic not only for other sectors but also for the financial sector and for central bankers and supervisors”.1

The regulatory response to a transition to a greener economy is currently accelerating rapidly. A number of EU initiatives put climate change at the forefont of the financial regulatory agenda, and it is clear that the UK regulators will take an active lead.

Against a backdrop of institutional investor pressure and industry actions, central banks and regulators are placing a greater focus on the financial risks that arise from climate change. Banks and insurers incresingly need to think about how to adapt their business models and how the transition to a low-carbon economy may affect the business models and creditworthiness of the companies to which they are exposed.

The timeline below shows this regulatory response and the expected developments. We foresee regulators will continue to clarify their approach over the course of 2019.

Continue reading

Posted on 20/05/2019 | 0 Comments

FCA Business Plan 2019/20: continuity prevails, but the FCA also looks to the future of regulation and its interaction with wider social policy

FCA business plan image
The FCA recently published its 2019/20 Business Plan, whose sector and cross sector priorities are summarised in the annex to this blog together with a timeline of key planned publications and pieces of work.

Continue reading

Posted on 09/05/2019 | 0 Comments

What lies in store for third-country firm access to the EU in a post-Brexit world?


Despite the uncertainty that still surrounds the final date and terms on which the UK will leave the EU, many firms are already looking ahead to how they might optimise their post-Brexit business. Future EU market access, and the associated equivalence regimes, will be a fundamental consideration in this.

Continue reading

Posted on 02/05/2019 | 0 Comments

Liquidity risk management for insurers – the challenge of CP4/19

The PRA’s consultation paper on liquidity risk management for insurers (CP4/19), released in March 2019, represents a significant enhancement to the regulator’s expectations around the ways in which insurers should assess and manage liquidity risk. The expectations apply to firms across the UK insurance industry, whatever their business model.

Liquidity risk is already an explicit consideration which firms should evidence in their compliance with the Prudent Person Principle (PPP) section of Solvency II (article 132) which requires firms “to ensure the security, quality, [and] liquidity…of the firm as a whole”. The PRA is placing more emphasis on the PPP when engaging with firms, and the degree of compliance with CP4/19 will be an important piece of evidence.

Continue reading

Posted on 25/04/2019 | 0 Comments

The FCA highlights the importance of firm culture and customer vulnerability as part of its debt management thematic review


The FCA recently published the findings of its thematic review of the debt management sector (TR19/01), following up on its first review of the sector in 2015.

The first review found that the quality of debt advice received by consumers was often “very poor” and that “firms were treating customers unfairly.” These poor practices led the FCA to include the debt management sector as a priority area as part of its 2017/18 Business Plan.

This blog explores the main findings from the most recent review and sets out the wider lessons that can be drawn both for debt management firms and the consumer credit sector more generally.

Continue reading

Posted on 24/04/2019 | 0 Comments

The EU ratifies its flagship bank capital package – but the story is far from over


On 16 April, the European Parliament formally ratified the EU’s Risk Reduction Measures (RRM) package on bank capital and liquidity, clearing the way for the finalisation of one of the most significant pieces of EU-level banking regulation in years.

This has been more than two-and-a-half years in the making, with a long period of difficult political negotiations following the RRM’s proposal by the European Commission in November 2016. The RRM is a combination of the EU’s fifth Capital Requirements Directive (CRD5), the second Capital Requirements Regulation (CRR2), and the second Bank Recovery and Resolution Directive (BRRD2).

Continue reading

Posted on 23/04/2019 | 0 Comments

Boosting Pillar Strength: PRA consults on enhancements to the Pillar 2 Framework

In March 2019, the Prudential Regulation Authority (PRA) published consultation paper (CP 5/19) to update the Pillar 2 capital framework and to reflect on-going enhancements in setting the PRA buffer (Pillar 2B).

As the CP states, its key objective is to “...bring greater clarity, consistency and transparency to the PRA’s capital setting approach. In promoting a greater level of transparency, the PRA seeks to promote financial stability, the safety and soundness of PRA-authorised firms, and facilitate more informed and effective capital planning for banks.”

This CP is relevant to PRA-authorised banks, building societies and PRA-designated investment firms (‘firms’). This CP is not relevant to credit unions, insurance and reinsurance firms. It is open for review, question or comment by 13 June 2019 and the PRA proposes to implement it from 1 October 2019.


Continue reading

Posted on 17/04/2019 | 0 Comments

Let it flow: liquidity management and ILAAPs for banking applicants


Any prospective bank going through the authorisation process will need to deliver three core documents, the Regulatory Business Plan (RBP), the Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP). The key elements of the ICAAP and ILAAP are presented in the RBP, and while the ICAAP and ILAAP serve different purposes, the regulator will expect to see consistent underlying messages across all three documents.

Liquidity is the lifeblood of a bank and the margin between loans and deposits defines how a traditional bank makes money. It is therefore essential that this element is adequately addressed and presented to the PRA in a way that gives it confidence that the applicant firm understands its liquidity and funding risk profile.

Providing inadequate detail on deposits and liquidity risks is one of the reasons that applicant banks sometimes face delays in the process. A robust ILAAP is not a supplement to an application for authorisation, but a core component of it.

Continue reading

Posted on 29/03/2019 | 0 Comments

Time for change: Elevating the role of the risk function

Risk Function

For the last decade, risk functions have spent considerable time and energy ensuring they are effective and compliant with regulatory change. Many have capitalised on the significant advances in technology to improve efficiency, but are still not yet realising a level of transformation that is possible. Mark Ward, Lead Partner for our Future of Risk and Compliance programme encourages Chief Risk Officers (CROs) to critically assess if they are fit for the future and consider:

  • What does transformation mean to you?
  • How can you deliver an effective transformation programme?

Continue reading

Posted on 01/03/2019 | 0 Comments