The year 2022 brings high levels of risk and regulatory supervision and enforcement. Regulatory “perimeters” continue to expand, and regulatory expectations are rapidly increasing. All financial services companies should expect high levels of supervision and enforcement activity across ten key challenge areas:
1. Fairness and inclusion
Investor demand, public awareness, social unrest, and the priorities and directives of the Administration have focused regulatory attention on supervision and enforcement of consumer and investor protection on a broad scale and expanded the parameters of “fairness” to include all consumer touchpoints.
2. Climate and sustainability
Pushed largely by significant and widespread investor demand and facilitated by myriad voluntary disclosure frameworks, financial services companies are working toward measuring, monitoring, and mitigating their climate-related financial risk. Regulatory expectations in this area have experienced sweeping changes that will continue, with rigor, into 2022 under existing and expanded jurisdictional authority. Federal financial agencies must develop, and execute on, a strategy to quantify, disclose, and mitigate the financial risk of climate change on both public and private assets. Public policy seeks to advance “consistent, clear, intelligible, comparable, and accurate disclosure of climaterelated financial risk,” and “to mitigate that risk and its drivers, while accounting for addressing disparate impacts on disadvantaged communities and communities of color.”
3. Crypto and digital assets
Regulatory activity around crypto and digital assets is intensifying as usage by investors, companies, and even some central banks, shows widespread interest and adoption at retail and institutional levels. The regulatory landscape in the U.S. is evolving alongside the market expansion with state and federal regulators and legislators all considering approaches to add clarity. Key issues include a focus on chartering, licensing, fraud and financial crimes risks, and consumer and investor protections.
4. Platforms and conduct
Rapid developments in technology, increases in digital banking activity, growing sophistication of data collection, and the increasing influence of social media is reshaping the financial services landscape in ways never before seen or anticipated. These unprecedented times, underscored by ongoing social and economic changes associated with COVID-19, have fostered and accelerated unique advancements in the consumer experience—and given rise to new risks related to data security, fraud, and conflicts of interest.
5. Cyber & Data
The financial services regulators have called cyber risk the foremost risk to financial stability—and the Administration has called it a persistent and increasingly sophisticated threat that weighs heavily on governments and financial services companies alike. Given the highly interconnected nature of the financial services sector and its dependencies on critical third-party service providers, all participants in the financial system must implement risk mitigation and resilience initiatives relative to both frequency and impact of cyber threats. Current or emerging threats include malware (e.g., ransomware), supply chain risk, and sophisticated DDOS.
6. Fraud & Financial Crimes
The adoption of innovative technologies to improve the effectiveness of fraud and financial crimes risks management is becoming an imperative as regulators emphasize innovative approaches (e.g., machine learning, enhanced data analytics) and the preponderance of threat risks, from cybersecurity to ransomware to cryptocurrency to identity theft, are technology-driven. The Administration has prioritized many of these concerns as issues of national security, embarking on a “whole-of-government” approach; new and emerging areas of focus are tied to transparency and ESG.
7. Valuation vulnerabilities
There is a large amount of debt and leverage in some sectors of the financial system, coupled with historically elevated valuations for almost all asset classes (from corporate equities to real estate to cryptocurrencies). These areas may be susceptible to correction if rising inflation sends interest rates sharply higher; even relatively small pullbacks could have outsized impacts on asset values in market segments with concentrated or leveraged exposure. Regulatory focus on principles of fairness and competition could separately impose impacts on valuations.
8. Third party & cloud
Driven to enhance competitiveness, expand operations, and accommodate customer needs, financial services companies are forming more numerous and complex relationships with third-party companies at significant speed and scale, including financial technology-focused entities such as cloud service providers. These relationships offer advantages but can also reduce management’s direct control of activities, which may introduce new risks or elevate existing risks for companies and their customers.
9. Tech & resiliency
Recent events, including technology-based failures, cyber incidents, pandemic outbreaks, and natural disasters, have made clear that significant disruptions are increasingly likely and can be interconnected (consider how a health crisis sparked a mobility crisis that spawned a financial crisis). Although advances in technology have improved firms’ ability to identify and recover from such disruptions, the frequency of events and potential for interconnectedness and/or interdependencies to amplify risks nonetheless underscore the need for operational resilience and are prompting leading companies to adopt a more holistic, multi-function approach.
10. Risk "complacency"
Regulators view “risk complacency” by financial service companies as a potential threat to both stakeholder trust and safety and soundness. Companies must deliberately ensure that they are guarding against overconfidence—particularly during times of business, M&A, and innovative growth—by raising risk and compliance investment and voice.