Amidst dramatic transformation, the financial services industry is innovating to build in greater agility and resiliency.
Every year brings a new set of challenges to the financial sector, and in 2019 financial services providers will face increasing market pressures fueled by rapidly emerging technologies, global interconnectedness, changing economic and jurisdictional factors, competition, and consumer demands. Regulators will assess how these companies adapt to these pressures and manage the associated regulatory risks, focusing on operational resilience, governance and controls, data security, consumer protections, and ethical and sound conduct. KPMG has identified ten key regulatory challenges that financial services providers face this year along with possible actions they can take to address them.
Challenge #1: Divergent regulation
As federal deregulation fosters recalibration and tailoring of existing regulations, financial services providers are facing an increasingly fragmented regulatory landscape. Regulatory activity will be driven by state actions, other federal regulator rulemakings, nonbank supervision, and jurisdictional developments.
Challenge #2: Risk governance and controls
According to the Federal Reserve Board, 40 percent of large financial institutions are rated “less-than-satisfactory” for risk governance and controls. Financial service providers must maintain governance and controls within their risk management frameworks for sustainability, resiliency, and efficiency. Key areas of focus include strengthening risk management practices; third party risk management; risk governance; change management; information technology and data governance.
Challenge #3: Data privacy
The proliferation in the sourcing, use, and sharing of consumer data via core business functions and through vendor and partner relationships necessitates strong consumer data privacy. High profile data breach and data sharing incidents have spotlighted the need for consumers’ understanding of and permissions for data usage. According to KPMG’s Growing Pains, 89 percent of CEOs prioritize protecting consumer data; however, without an overarching law or regulation governing data privacy, the debate continues on how data should be protected. Certain state-enacted laws are adding to the complexity of this legal and regulatory landscape.
Challenge #4: Compliance processes
Financial services providers are focused on bridging business and compliance objectives while avoiding regulatory, compliance, and ethical risks. At the same time, compliance leaders face an expanded mandate that increasingly includes culture/conduct, data privacy, and financial crimes in addition to cost-cutting pressures, expectations for operational resiliency, and a shift toward real-time risk management. Investments in artificial intelligence and automation can help meet these challenges, but companies must first reassess their core processes and controls.
Challenge #5: Credit management
Economic risks and rising interest rates are fueling speculation that the U.S. economy could shift in 2019, triggering credit-risk concerns. Both the Office of the Comptroller of the Currency and the Federal Reserve have identified credit risk among their top supervisory priorities. Changes to accounting standards (with the implementation of the new Current Expected Credit Losses (CECL)) and regulatory requirements, as well as trends in leveraged lending and securitization and the transition toward new benchmark interest rates, are among the drivers for this concern.
Challenge #6: Cyber security
Financial services providers are challenged to sustain a vigilant and focused defense against the ever-present and evolving threat that cyber activity poses to their proprietary data, consumer data, and operations. Federal regulators continue to list cyber security as a top priority, though the absence of an overarching national standard or law addressing cyber security risks introduces variability. Some individual states have published regulations and standards to protect their constituents, and standards are beginning to solidify at the federal level.
Challenge #7: Ethics and conduct
High-profile regulatory actions and high-dollar civil money penalties have highlighted nonfinancial risks related to misconduct, including reputational, strategic, and fraud risks, forcing companies to reassess their measurable conduct risk programs and ensure they are not inadvertently incentivizing improper behavior. This is particularly imperative in the areas of consumer data privacy, product suitability, sales/training practices, and general business ethics and conduct.
Challenge #8: Consumer protections
A heightened regulatory focus on consumer and retail investor protection will continue – led by challenges around the protection of consumers’ personal data as well as “personalizing” their access to financial products and services. Keenly aware of personal data privacy breakdowns, consumers now seek greater control over their data in addition to an integrated and personalized online experience. However, connecting with financial services providers on multiple platforms, heightens data security and privacy risks.
Challenge #9: Financial crimes
Digital transformation, which is changing how firms operate and deliver value to customers, is driving innovation across financial crimes compliance efforts. Today, greater agility, efficiency, effectiveness and resiliency are required and financial services providers are focused on automating and integrating their efforts to achieve these goals. In particular, they aim to develop data and predictive analytics, automate financial crime processes to identify misconduct and regulatory violations earlier, and improve agility to evaluate market conditions and cost containment.
Challenge #10: Capital and liquidity
Most banking organizations will face a shifting landscape of capital- and liquidity-related regulatory requirements brought about by efforts to tailor supervision and regulation to the size, systemic footprint, risk profile, and business model of banking entities. Despite this general trend, the very largest banking organizations will generally experience limited relief and must prepare for specific new rule requirements.