Reporting and Governance

The fallout from the Covid-19 pandemic has disrupted regulatory initiatives and very likely ushers in greater supervisory scrutiny of financial firms on a range of issues from conduct through to operational risk. By Kuangyi Wei and Peter Beardshaw directors at Accenture’s risk practice.

The Covid-19 pandemic has put financial regulators in unchartered waters. While the immediate response has been to postpone timelines for two-thirds of regulatory initiatives to free up resources, managing the aftermath of the pandemic will likely call for more, not less, regulatory oversight. 

The immediate response to Covid-19 from financial regulators has been to channel government stimulus initiatives and sustain bank lending to businesses. In the UK, the Coronavirus Business Interruption Loan Scheme has seen more than 40 banks channel government support via the British Business Bank. In March this year, for example, banks’ net lending was 30 times higher than a year ago.

Such initiatives have placed the commercial lending market and commercial banking conduct under the spotlight. With only a small share of the commercial lending market currently falling under Financial Conduct Authority (FCA) rules, greater regulatory scrutiny should be expected. In particular, the regulators are concerned about the fair treatment of corporate customers when negotiating new or existing debt facilities. The FCA highlighted this in a recent correspondence about banks’ use of lending relationships for gaining unwanted roles on equity mandates.

The spread of Covid-19 has already heightened the need for commercial lending. Rather than increasing the debt pile, the message from the Bank of England governor is that greater use of equity financing will be required to recapitalise and restart the economy. But doing so puts the fair treatment of corporate customers and commercial banking conduct in even sharper focus.

For financial institutions, this may point to new regulatory initiatives in support of unleashing private capital while protecting customers, and indeed a greater supervisory role for the UK’s established Senior Managers & Certification Regime.

The Covid-19 shock

The scale and scope of Covid-19 exceeded regulators’ wildest stress test assumptions. From an economic perspective, regulatory stress testing scenarios now seem timid. The Bank of England projects that UK GDP could fall by 14% in 2020 – which is three times more severe than the assumed decline in its latest stress test scenarios. 

At the same time, with major repositioning in the financial markets, real-time, price-driven events (such as margin calls) have posed a greater threat to financial stability – though they do not lend well to conventional stress testing and risk models. Indeed, the pandemic lays bare the issue that risk models draw heavily upon empirical data and past incidents.

How economies will emerge from the pandemic remains uncertain, and more behaviour-driven data and predictive analytics may be required to gain a more timely and accurate view of financial resilience post-Covid-19. 

More importantly, regulatory stress testing has, to date, focused on economic swings, rather than operational disruptions. But as the pandemic shows, fraud concerns, disruptions to communication networks, and prolonged absence of critical staff have posed a greater material threat to the resilience and stability of our financial system. This highlights the need for scenarios to be considered both in terms of operational resilience and prudential stress testing. 

Remote working 

There are seismic shifts resulting from the crisis, including and how quickly home working is becoming commonplace in financial services. Remote working in the UK has proved more effective than previously envisaged, with firms’ IT systems remaining resilient. Such shifts should require regulators to take a more balanced view of technology risks versus people risks, and the FCA’s publication of its definition of key workers in financial services is a welcome first step. 

Should remote working be adopted more broadly and permanently in the industry, systems and controls required to ensure data protection and prevent internal fraud may come into sharper supervisory focus. At the same time, the assumptions behind having disaster recovery sites scattered across the country may be called into question as the pandemic can cause large-scale operational failures, hitting all markets simultaneously.

The regulatory view on the industry’s outsourcing and offshoring may evolve too. When a pandemic disrupts multiple services, previously outsourced services may become more critical to consumer protection and therefore be considered “important business services”. Similarly, when a pandemic affects multiple geographies, the balance between cost efficiency and concentration risk considerations may need to shift when it comes to the use of offshoring hubs. 

With the UK regulators currently consulting for the industry’s views on operational resilience, this should be an opportunity for firms to reflect on the new meanings of operational resilience and their global locational strategy. 

We expect regulatory and government positions to remain dynamic. For financial institutions, this may raise dilemmas between regulatory measures, interplays between risk types, and the need for more balanced consideration between cost efficiency and risk profile.

Notwithstanding the immediate pandemic challenge or seismic shifts, financial institutions need to prove to regulators that their operations, systems and processes conform to accepted risk practices.

To best address this, firms must step up regulatory engagement and response strategies, fine-tune investment budget allocation and reconsider model development and validation rules as some of the no-regret moves. 

This article is free to read, request a no obligation trial access to Global Risk Regulator.