2020 Global Bank Regulatory Outlook - Ernst & Young
2020 Globalbank regulatoryoutlookFour major themes dominatingthe regulatory landscape in 2020
ContentsIntroduction 03Now: Disruption and fragmentationNext: In the lap of the (Brexit) expertsBeyond: A marathon, not a sprintOperational resilience 05What doesn’t kill you can still makeyou extremely vulnerableEnvironmental, social and governance(ESG), and other societal issues09No bank can do everything, but every bankcan do somethingData and emerging technology12Evolution not revolution: where do we gofrom here?Completion of remainingpost-crisis measures15Nearer the end than the beginning; butno time to relaxWhat’s next? 18Time to get better at the old stuff and getgood at the new stuffConclusion 202 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
IntroductionNow: Disruption and fragmentationNext: In the lap of the (Brexit) expertsBeyond: A marathon, not a sprintThe 2020 Global bank regulatory outlook is set against a period of rapid technological innovation andchange in the competitive landscape. The extant business and macro-economic environment, combinedwith the potential for new and more agile entrants to fragment traditional customer bases, presentschallenges to banks that threatens their revenue generation. Supervisors are cognizant of pressures inthe current market environment, with the need to maintain the improved capital base and to enhancethe profitability of systemically important institutions. In a recent interview, Andrea Enria, Chair ofthe Supervisory Board of the European Central Bank (ECB), reflected on structural issues and possibleconsolidation in the sector, stating: “For our part, we need to keep up the pressure through our businessmodel analysis. Healthy and profitable banks will be better able to withstand the next storm.”1Regulation itself is in a phase of adjustment, as the risk portfolio expands to include a set of less familiarchallenges, such as personal data privacy, use of the cloud and climate risk. Consequently, the postcrisis period, which was characterized by amending and tightening existing rules, is now being followedby re-scoping and evaluation, as regulators decide how to create a proportionate framework that canstrike a balance between allowing for change and innovation while preserving systemic stability andprotecting consumers. In turn, industry participants will want to exert positive influence on the policydebate, while taking the opportunity to review risk and compliance resources that have built up over thelast 10 years, to determine if greater efficiencies can be achieved. Looking ahead, the potential erosionof profitability, together with limited benefits for risk management (so far) from technology applications,means that cost control and rationalization may have the biggest influence on both future investmentsin risk and the sustainability of prior corrective actions.In the wider environment, the geopolitical landscape continues to be both demanding andunpredictable. Political instability across key markets is hampering more collaborative effortsbetween Asia, Europe and the Americas to develop standards and frameworks that can addressthe new non-financial risk agenda.As far as more orthodox market forces are concerned, after the earlier wave of FinTechs, anotherthreat to profitability for banks is the potential impact of big techs. In its 2019 Annual Economic Report,the Bank of International Settlement (BIS) highlighted the growth of big techs and their potential tobring a more seismic shift: “As yet, financial services are only a small part of their business globally.But given their size and customer reach, big techs' entry into finance has the potential to spark rapidchange in the industry.”21. Interview with Andrea Enria, ECB Supervision Newsletter, November 2019.2. “Annual Economic Report” BIS, June 2019.2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 3
As always, there will be calls for a level playing field in terms of market access and the proportionateapplication of rules for big techs and other new entrants, but the regulatory roadmap is not yet clear.In East Asia, there has been a spurt in the recognition of digital banking and granting of new licenses;however, supervisors have also been raising red flags. For example, authorities in Hong Kong areconcerned by virtual currency trading3 and the sale of crypto-related products to retail investors.By no means are such responses being coordinated globally or even regionally.The market fragmentation that we observed in last year’s regulatory outlook has continued andextended from prudential and structural requirements to other areas, including data privacy andfinancial crime. The common agenda with global priorities that was seen in the immediate post-crisisphase is no longer a guiding factor. As the chairperson of the International Organization of SecuritiesCommissions (IOSCO), stated recently: "There is and will continue to be significant differences betweenthe rules and regulations of different countries . and the reality is that incremental harmonizationefforts aimed at reducing those costs for large firms is simply not a major global priority."4Nevertheless, there are some major themes that will dominate the regulatory landscape in 2020.In this report, we look at resilience, ESG, data privacy and technology issues that are emerging as keythemes from the non-financial risk agenda that has grown in prominence since the last financial crisis.These topics are relevant to other sectors beyond financial services. As such, it will be interesting tosee the extent to which the policy responses in the banking sector, which could develop more quicklythan elsewhere due to more intense regulatory scrutiny, resonate with political leaders in terms ofdeveloping broader economic and social policy, and how those policy priorities could shift as economicconditions change.As yet, financial services are only a smallpart of their business globally. But giventheir size and customer reach, big techs'entry into finance has the potentialto spark rapid change in the industry.3.“Regulation of virtual asset trading platforms” Hong Kong Securities and Futures Commission (HKSFC) position paper, November 2019.4. Remarks by Ashley Alder, chief executive of the HKSFC and chairman of IOSCO, at the ASIFMA (Asia Securities Industry & Financial MarketsAssociation) annual conference in Tokyo, October 2019.4 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
1OperationalresilienceWhat doesn’t kill you can stillmake you extremely vulnerable2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 5
The traditional twin pillars of regulatory policy — prudentialand conduct — have been joined by operational risk toform a trio for supervisors and firms to focus on. Drivenby a renewed interest in issues such as cyber security,IT failures, business continuity and third-party riskmanagement (TPRM), operational resilience has becomea major area of concern for boards and risk officers (seetimeline in Figure 1).Figure 1: Operational resilience — the timeline to today 5Regulatory evolutionBank of England and PRAEnsuring operationalcontinuity in resolution(July 2016)Federal ReserveSR 03–09Sound practices tostrengthen resilienceof US financial system(May 2003)National Instituteof Standards andTechnology (NIST)Cybersecurity framework 1.1(April 2018)ISO 22301Internationalstandard onbusiness continuitymanagementOrigin of resiliencestandards(2001–2007)Cyber resilience testingframework for significantmarket participants(April 2019)Monetary Authorityof SingaporeFinancial SystemicAnalysis and ResilienceCentrer (FSARC)(May 2012)European Banking AuthorityGuidelines on businesscontinuity managementEstablished (Oct 2016)(March 2019)Focus on operational andtechnology resilience(2008–2016)(2016–Now)NYDFS 23 NYCRR 500Principles for financialmarket infrastructureCybersecurityrequirements for financialservices companies(April 2012)(March 2017)UK discussion paperBuilding the UKfinancial sector’soperational resilience(July 2018)on impact tolerances(December 2019)Post-crisisreformsCPMI/IOSCOUK jointconsultation paperAustralia Securities andInvestments CommisionMarket integrity rules topromote technologicaland operational resilience(June 2019)Federal Reserve165(d)Guidance onresolution planning(Oct 2011)FFIEC Appendix JGuidance tostrengthen resilienceof technologyservice providers(Feb 2015)EU: General Data ProtectionRegulation (GDPR)Implementation of ruleson data protection and privacy(May 2018)5. “Supervisory perspectives and regulatory approaches to enterprise resilience” EY, November 2019.6 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
Despite relatively little specific new policy on resiliency,with the notable exception of recent UK discussion andconsultative papers,6 regulators have been revisiting theirexisting policy and amending guidelines and supervisoryexamination manuals.7 We can expect further progress in2020, as policymakers move from discussion papers toissuing core principles and rule proposals.In the meantime, supervisors have increased theirexpectations of how firms should be dealing withoperational resilience. The key messages — and the likelyfoundation for forthcoming rules and guidelines — are thatfirms must: Take an enterprise-wide, business service view ofresilience that prioritizes the most critical businessservices instead of focusing on individual systemsand applications. Map assets beyond the firm’s internal ecosystem toencompass reliance on critical third-parties, includingoutsourced service providers. Establish impact tolerances, with clear metrics andspecific outcomes, for their most critical businessservices to quantify the amount of service disruptionthat could be tolerated. Develop a comprehensive suite of capabilitiesrequired to recover, resume and deliver businessservices during disruption, reflecting a transition fromthe traditional, siloed approach of managing distinctbusiness function capabilities to an overarchingenterprise-wide framework for service resilience. Demonstrate greater integration between incidentmanagement and crisis management protocolssupplemented by a crisis management structure that isresponsive to different types of disruptions. Test recovery and resumption of business servicesunder a range of severe yet plausible scenarios,using a comprehensive testing strategy that clearlyarticulates enterprise objectives, approach and scopefor resilience testing. Require board and senior management to take anactive role in setting up the firm’s resilience strategy inalignment with the enterprise strategy and risk appetite. Adopt a risk-management based approach thatclearly articulates roles and responsibilities across linesof defense.6. “Operational Resilience: Impact tolerances for important business services” Bank of England (BoE)/Prudential Regulation Authority (PRA)/Financial ConductAuthority (FCA) joint consultation, December 2019.7. EY, November 2019 provides an overview of comparative regulatory approaches.2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 7
Since the crisis, regulators have largely focused on thechallenges of financial and systemic risk. The resilienceagenda brings the added complication that a growingsource of risk is located beyond the regulatory perimeter.Firms are exposed to potential vulnerabilities and risks dueto their interconnectedness with critical third parties, suchas data providers, cloud service providers and technologyvendors. Many of these providers cater to several firmswithin the industry, resulting in high concentrationrisks, knock-on impacts due to interdependencies, andpotential systemic impacts from third-party outages.The UK Treasury Committee recently stated its concernover IT failures in the financial services sector and theconcentration risk that cloud services present.8The debate will continue over the degree to whichsupervision may have to be extended, but for now, itseems that the heightened expectations of supervisorson banks’ end-to end risk management will serve as a typeof indirect regulation of third parties. If in 2020, however,major incidents occur in the outsourcing or vendor space,we can expect to see renewed calls for re-assessment ofregulatory capture, possibly in parallel with the growingfocus on big techs.The resilience agenda brings the addedcomplication that a growing source of riskis located beyond the regulatory perimeter.8. “IT failures in the Financial Services Sector” House of Commons Treasury Committee, October 2019.8 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
2ESG and othersocietal issuesNo bank can do everything, butevery bank can do something2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 9
Geopolitical and climate-change risksboth feature in the list of 10 major risksto manage over the next decade.The ESG criteria used to measure the sustainability andethical impact of an investment in a business are now justone part of a wider agenda that encompasses climate risk,corporate behavior and social responsibility, inclusion,equality, diversity and an expanding range of othersocietal issues. Until recently, most banks would haveranked such an agenda toward the bottom of their prioritylist, and some individual components would not have beenincluded at all.However, as the latest EY/Institute of International Finance(IIF) risk survey shows,9 geopolitical and climate-changerisks both feature in the list of 10 major risks to manageover the next decade. The survey covered banks, notpolicymakers, which suggests that key decision-makers ingovernance and control functions across the industry arefully aware of the new agenda and the challenges that willcome with it.This wider set of issues places increased expectationson corporate risk management, including new boardresponsibilities and reporting to shareholders, alongwith enhanced internal governance and comprehensivemapping of rule requirements to bank processes andcontrols. The aim is for banks to evolve into more aware,more responsible corporate entities which, if they cansuccessfully incorporate the new agenda, deliver improvedconduct and ethical behavior and more desirable socialoutcomes. Initial steps have already been taken bysupervisors in recent years with changes to rules oncompensation that shift the emphasis from meeting shortterm objectives to recognizing the importance of longerterm, more holistic goals and rewarding ethical behavior.The trajectory is set to continue with the emergence ofsustainability and other societal issues.These changes will have a significant impact on riskmanagement frameworks. How will they need to evolveto encompass these emerging risks? How much more willthey need to change if regulators are asked to promotebroader social goals in the financial market space? Forexample, another area of focus may be issues in theworkplace environment, such as pressure, stress andmental health that are perceived as contributing factors topoor culture and misconduct.9. “Tenth annual EY/Institute of International Finance (IIF) global bank risk management survey — An endurance course: surviving and thrivingthrough 10 major risks over the next decade” EY/IIF, November 2019.10 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
Over the next 12 months and beyond, the climaterisk agenda will certainly evolve. A commitment hasbeen made by the United Nations and some leadinginternational banks10 to align with the goals of theParis Agreement on Climate Change and SustainableDevelopment. The next steps are to develop a frameworkto cover taxonomy, disclosure reporting, target-settingand full integration of climate risk management intocorporate governance and stewardship.Policymakers across Asia and Europe have madesustainability and climate risk a prominent feature oftheir work programs and, although ESG disclosureproposals in the US have only gained limited tractionso far, the issue is gaining prominence. Federal ReserveGovernor Lael Brainard said recently: “ the FederalReserve needs to analyze and adapt to importantchanges to the economy and financial system. This is noless true for climate change than it was for globalizationor the information technology revolution.”11 In 2020, wewill look more closely at sustainability and climate risk asthese policy proposals continue to develop.10. “Principles for Responsible Banking” United Nations Environment Programme Finance Initiative (UNEP FI), 2019.11. “Why Climate Change Matters for Monetary Policy and Financial Stability”; remarks made by Lael Brainard at "The Economics of Climate Change"conference, November 2019.2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 11
312Data and emergingtechnologyEvolution not revolution:where do we go from here? 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020
Those who believe that data is now the business world’smost valuable commodity will probably have welcomedrecent significant measures to regulate its ownership, useand processing, led by the European Union's General DataProtection Regulation (GDPR) and quickly gaining tractionin other jurisdictions (e.g., the Personal Data ProtectionAct (PDPA) in Singapore and the California ConsumerPrivacy Act (CCPA)). However, by its very nature data isnot easy to manage; it grows exponentially, travels fastand crosses borders easily. The case for an internationallycoordinated approach is compelling, but data localizationrules and differing views on the use of cloud storage, forexample, may cause further fragmentation.So, not for the first time in the post-crisis landscape,market participants need to navigate a complicated andinconsistent set of guidelines, laws and rules, trying tofind standards and working practices that anticipatewhere data protection regulation is likely to land. A goodfoundation will include: A data governance program which clearly definesappropriate sources, uses, access, maintenance andprotection across lines of defense. Clear allocationof responsibilities is necessary to ensure strongaccountability and demonstrate to both internal andexternal stakeholders that the program is workingas intended. An assessment of the range of laws and regulationsapplicable to data, including data managed bythird parties. Processes for responding to deletion or opt-outrequests, verifying and determining access rightsinternally and addressing access requests.Artificial intelligence (AI) and machine learning (ML) arenow key topics. As evidenced by the recent EY/IIF survey,regulators and financial institutions are focusing on howexisting risk management and governance practices needto be enhanced to capture the dynamic and inter-relatedrisks (e.g., model, legal, compliance and cyber) associatedwith AI and ML. Until recently, most applications havebeen in low-risk automation, but now deployment isincreasingly more decision-based (e.g., risk managementand product pricing).12 As technologies have impactedthe end customer, they have attracted more scrutiny,particularly in the areas of bias and discrimination.As with operational resilience and climate risk, a detailedregulatory framework has not yet been developed forAI and ML governance. As a result, there is an opportunityfor firms to define what “good looks like” to inform andinfluence regulatory expectations. Regulators can pointto existing guidance and risk management frameworks,but the public scrutiny of AI and ML may encou
8 2020 Global bank regulatory outlook Four major themes dominating the regulatory landscape in 2020 The resilience agenda brings the added complication that a growing source of risk is located beyond the regulatory perimeter. 8. “IT failures in the Financial Services Sector” House of Commons Treasury Committee, October 2019.
Northern Bank & Trust Co. Patriot Community Bank People's United Bank Pilgrim Bank Radius Bank RTN Federal Credit Union Santander StonehamBank TD Bank The Cooperative Bank The Savings Bank The Village Bank Walpole Cooperative Bank Wellesley Bank Winchester Co-operative Bank Abington Bank Bank of Canton Blue Hills Bank Boston Private Bank & Trust
Outlook 2013, Outlook 2016, or volume-licensed versions of Outlook 2019 Support for Outlook 2013, 2016, and volume-licensed versions of Outlook 2019 ends in December 2021. To continue using the Outlook integration after the end of 2021, make plans now to upgrade to the latest versions of Outlook and Windows. Outlook on the web
M/s G.M. Kapadia & Co., Chartered Accountants Bankers HDFC Bank Ltd. (Primary Banker) Axis Bank Ltd. Bank of Baroda Bandhan Bank Ltd. Citibank N.A. CSB Bank Ltd. DCB Bank Ltd. Deutsche Bank ESAF Small Finance Bank ICICI Bank Ltd. IDFC Bank Ltd. Indian Bank RBL Bank Ltd. Saraswat Co-op Bank Ltd. State Bank of India Suryoday Small Finance Bank Ltd.
10. HDFC Bank Limited 11. ICICI Bank Ltd 12. Indian Overseas Bank 13. ING Vysya Bank 14. Kotak Bank -Virtual card 15. Shivalik Bank 16. Standard Chartered Bank 17. State Bank of Bikaner and Jaipur 18. State Bank of India 19. State Bank of Mysore 20. State Bank of Travencore 21. Syndicate Bank 22. The Federal Bank Ltd 23. The Karur Vysya Bank Ltd
commerce bank eastern bank-east west bank everbank firstbank first hawaiian bank-first horizon bank firstmerit bank-first national of. nebraska first niagara flagstar bank f.n.b.corp. frost national bank fulton financial hancock bank iberiabank m b financial new york community banks old national, bank one west bank people's united bank raymond .
A formal Regulatory Management System [RMS] can help with: reduction of regulatory burden on citizens and firms improvement of regulatory quality identification of best choice of policy options Comprised of four elements: 1. regulatory quality tools 2. regulatory processes 3. regulatory institutions 4. regulatory policies 16
o Microsoft Outlook 2000 o Microsoft Outlook 2002 o Microsoft Outlook 2003 o Microsoft Outlook 2007 o Microsoft Outlook 2010 o Microsoft Outlook 2013 o Microsoft Outlook 98 o Microsoft PowerPoint 2000 o Microsoft PowerPoint 2002 – Normal User o Microsoft PowerPoint 2002 – Power User o Microsoft PowerPoint 2002 – Whole Test
Precedence between members of the Army and members of foreign military services serving with the Army † 1–8, page 5 Chapter 2 Command Policies, page 6 Chain of command † 2–1, page 6 Open door policies † 2–2, page 6 Performance counseling † 2–3, page 6 Staff or technical channels † 2–4, page 6 Command of installations, activities , and units † 2–5, page 6 Specialty .
