Banking in Financial Services UK
- Select a blog category
Important strides in cyber security are being made this year as financial authorities around the world are beginning to run increasingly sophisticated cyber attack simulations. The aim is to help them better understand how the financial sector might cope with a large and systemic disruption to its activities and what they can do to respond.
Accurately simulating how financial markets would react to a major cyber attack is enormously difficult. Regulators not only have to consider the complex interconnections between firms in the sector, but also how coordination with other public authorities such as central banks, finance ministries, the military and security agencies would practically function in such a scenario. On top of this, it is clear that cyber attacks are not confined to national borders or to the financial sector and can spread rapidly around the world both within and between affected firms. This gives the cyber resilience efforts of financial regulators an urgent international and cross-sectoral dimension that demands a high-level of cross-border and cross‑agency collaboration in countering the cyber threat.
Growing the public-private dimension of cross-border cyber exercises will also be an important way to ensure authorities and firms can act in concert when responding to a cyber disruption. As these exercises increasingly begin to include them, firms with cross-border business models will have an important opportunity to help shape the global regulatory environment they face for cyber risk into one that works more effectively in practice.
In recent years, the effects of climate change have become more apparent, attracting attention from financial regulators globally. In a recent speech Sabine Lautenschläger, Member of the Executive Board of the ECB, stated “climate change is not an issue for next century. It’s an issue for now, and it’s a topic not only for other sectors but also for the financial sector and for central bankers and supervisors”.1
The regulatory response to a transition to a greener economy is currently accelerating rapidly. A number of EU initiatives put climate change at the forefont of the financial regulatory agenda, and it is clear that the UK regulators will take an active lead.
Against a backdrop of institutional investor pressure and industry actions, central banks and regulators are placing a greater focus on the financial risks that arise from climate change. Banks and insurers incresingly need to think about how to adapt their business models and how the transition to a low-carbon economy may affect the business models and creditworthiness of the companies to which they are exposed.
The timeline below shows this regulatory response and the expected developments. We foresee regulators will continue to clarify their approach over the course of 2019.
Despite the uncertainty that still surrounds the final date and terms on which the UK will leave the EU, many firms are already looking ahead to how they might optimise their post-Brexit business. Future EU market access, and the associated equivalence regimes, will be a fundamental consideration in this.
The PRA’s consultation paper on liquidity risk management for insurers (CP4/19), released in March 2019, represents a significant enhancement to the regulator’s expectations around the ways in which insurers should assess and manage liquidity risk. The expectations apply to firms across the UK insurance industry, whatever their business model.
Liquidity risk is already an explicit consideration which firms should evidence in their compliance with the Prudent Person Principle (PPP) section of Solvency II (article 132) which requires firms “to ensure the security, quality, [and] liquidity…of the firm as a whole”. The PRA is placing more emphasis on the PPP when engaging with firms, and the degree of compliance with CP4/19 will be an important piece of evidence.
The FCA highlights the importance of firm culture and customer vulnerability as part of its debt management thematic review
The first review found that the quality of debt advice received by consumers was often “very poor” and that “firms were treating customers unfairly.” These poor practices led the FCA to include the debt management sector as a priority area as part of its 2017/18 Business Plan.
This blog explores the main findings from the most recent review and sets out the wider lessons that can be drawn both for debt management firms and the consumer credit sector more generally.
On 16 April, the European Parliament formally ratified the EU’s Risk Reduction Measures (RRM) package on bank capital and liquidity, clearing the way for the finalisation of one of the most significant pieces of EU-level banking regulation in years.
This has been more than two-and-a-half years in the making, with a long period of difficult political negotiations following the RRM’s proposal by the European Commission in November 2016. The RRM is a combination of the EU’s fifth Capital Requirements Directive (CRD5), the second Capital Requirements Regulation (CRR2), and the second Bank Recovery and Resolution Directive (BRRD2).
In March 2019, the Prudential Regulation Authority (PRA) published consultation paper (CP 5/19) to update the Pillar 2 capital framework and to reflect on-going enhancements in setting the PRA buffer (Pillar 2B).
As the CP states, its key objective is to “...bring greater clarity, consistency and transparency to the PRA’s capital setting approach. In promoting a greater level of transparency, the PRA seeks to promote financial stability, the safety and soundness of PRA-authorised firms, and facilitate more informed and effective capital planning for banks.”
This CP is relevant to PRA-authorised banks, building societies and PRA-designated investment firms (‘firms’). This CP is not relevant to credit unions, insurance and reinsurance firms. It is open for review, question or comment by 13 June 2019 and the PRA proposes to implement it from 1 October 2019.
Any prospective bank going through the authorisation process will need to deliver three core documents, the Regulatory Business Plan (RBP), the Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP). The key elements of the ICAAP and ILAAP are presented in the RBP, and while the ICAAP and ILAAP serve different purposes, the regulator will expect to see consistent underlying messages across all three documents.
Liquidity is the lifeblood of a bank and the margin between loans and deposits defines how a traditional bank makes money. It is therefore essential that this element is adequately addressed and presented to the PRA in a way that gives it confidence that the applicant firm understands its liquidity and funding risk profile.
Providing inadequate detail on deposits and liquidity risks is one of the reasons that applicant banks sometimes face delays in the process. A robust ILAAP is not a supplement to an application for authorisation, but a core component of it.
For the last decade, risk functions have spent considerable time and energy ensuring they are effective and compliant with regulatory change. Many have capitalised on the significant advances in technology to improve efficiency, but are still not yet realising a level of transformation that is possible. Mark Ward, Lead Partner for our Future of Risk and Compliance programme encourages Chief Risk Officers (CROs) to critically assess if they are fit for the future and consider:
- What does transformation mean to you?
- How can you deliver an effective transformation programme?