The Risk and Reg Edit: Winter 23/24 edition
You’re a risk professional presenting to the board risk committee of a major UK financial institution. What should be on the risk radar? PA recently led a session with UK Finance’s Chief Risk Officer Network to answer that question. Industry CROs heard from PA risk and regulatory experts, shared their own views, and discussed the threat horizon.
Here’s our brief take on the fast-moving, high-impact risks most likely to affect the financial industry this year and some of the risk and regulatory events to watch out for in the coming months.
Navigating the impact of geopolitics
The relative stability of the 2010s is receding into history. Fast-evolving sources of risk include cross-border fighting in the Middle East, attacks on Red Sea shipping, China-Taiwan rivalry, the war in Ukraine, and US politics. The macro-economic effects on financial institutions could include energy price shocks, persistent or renewed inflation, diverging interest rates and rapid yield shifts. Against this backdrop, a dynamic approach to managing interest rate risks including scenario planning will be critical.
Managing the risks and opportunities from AI
The use of AI, including Generative AI, is accelerating across financial services. AI can help firms to sharpen innovation, and improve customer decisioning and efficiency - but it is not without risks, requiring institutions to understand and validate the safe and responsible use of AI. Model Risk Management (MRM) frameworks (already mandated by the Bank of England in Banking, soon to be extended wider) provide a useful starting point for AI risk management. Fresh thinking and new processes will be required too though, and risk teams will need to keep an eye on secondary risks such as AI-enabled financial crime.
Fraud is on the rise, it is a £1bn+ problem for UK financial services. Incoming regulation of Authorised Push Payment (APP) fraud will introduce mandatory customer reimbursement, pushing financial institutions to fight this complex crime more effectively. Ongoing economic underperformance will increase the incidence of fraud and the new failure to prevent fraud offence places even higher responsibilities on financial institutions. Firms need to further bolster fraud detection methods. An increasingly tight insurance market e.g. in cyber insurance may further reduce the effective of this as a mitigation.
Increasing threats to resilience
Growing criminal interest in cybercrime, uncertainties over inflation and growth, and the potential for market volatility could see 2024 generate increasing threats to financial resilience. This year will be firms’ last chance to prepare for March 2025’s incoming operational resilience regulations. CROs could also be faced with growing operational risks from legacy systems, platform migration, and technology supply chain failures.
ESG coming of age
Regulators are becoming more thorough in their scrutiny of environmental disclosures and more stringent in their penalties for greenwashing. The Financial Reporting Council’s (FRC) January update to its Corporate Governance Code will also push the ‘G’ of ESG up CROs’ agenda. An increasingly tight and specific definition of Environmental impacts will require firms to develop increasingly sophisticated methods to support high quality disclosures. The S and the G of ESG should not be ignored, Corporate Governance changes from the FRC require further investment in governance matters and increasing expectations from stakeholders on commitment to social value means this should feature in firm plans for 2024.
Conduct vs. Competition
Conduct regulators are becoming more assertive in their demands for financial institutions to prove their products and services meet customer needs, and to demonstrate that they are delivering good outcomes at a reasonable price. As the last Consumer Duty deadlines pass in 2024, including implementation for firms with closed-books and the first annual reports for others, the growing competitive and profitability pressures (for example in the mortgage and retail investments market). This combined with a regulator actively enforcing these rules could contribute to increasing levels of conduct risk for financial firms during the year ahead.
Culture and DE&I
Regulators’ increasing focus on non-financial misconduct – illustrated by the Financial Conduct Authority’s (FCA) consultation on DE&I – is pushing the topic of culture higher up the risk agenda. Understanding how to define, apply, and measure principles such as equity will require CROs to work in collaboration with HR teams and senior management to develop specific and measurable dashboards to demonstrate ongoing focus on culture.
Future of the risk function
For 15 years, risk and compliance functions have typically attracted greater investment than many other functions. That trend is increasingly slowing with risk teams being asked to do more with the same resources and prioritising operational efficiencies such as automation. Organisational changes such as firms moving to agile ways of working are blurring the typical boundaries between first and second lines of defence requiring a more responsive risk function, better embedded in first line teams to support innovation and speed to market.
Risk functions will come under growing pressure to demonstrate they are delivering efficiencies wherever possible – this can be targeted at often manual tasks such as controls monitoring or risk reporting. As the three lines of defence becomes increasingly blurred (particularly in non-financial risks), CROs must revisit operating models for ownership, management and reporting of risks to deliver a responsive and robust risk framework.
People trust us because of our deep knowledge of the regulatory system. Our experience working with regulators, banks, insurers, building societies, and others means we’ll give you advice that works in the real world. If you’d like to discuss any of the below issues in depth with our experts, get in touch now.