The end of the big benchmark manipulation cases, which were somewhat thrust upon regulators, and the freeing up of enforcement resources has allowed regulators to pursue more of their own priorities (at least until the next unexpected issue arises and demands their attention).
For firms, the good news is that these areas of focus are no secret. The trend is towards transparency, with many regulators now openly publishing their priorities, for instance: The FCA its business plan6; SEC7 and FINRA8 their examination priorities; the AMF in France its priorities; the Monetary Authority of Singapore (MAS) its regulatory agenda; and the China Banking and Insurance Regulatory Commission (CBIRC) its supervisory and regulatory objectives.
Firms can also look to regulators’ reporting of enforcement actions, which indicate the extent and focus of their activity and sends strong messages to the market and consumers. What we see in this year’s Global Enforcement Review research is that the same areas of focus keep recurring: corporate governance, disclosure to clients and fraud have all been top areas of enforcement activity in each of the last five years.
Unlicensed activity, too, remains a key source of cases. In addition to fraud, financial crime related activities such as AML, bribery and customer due diligence are areas with significant enforcement activity across most jurisdictions in recent years.
A mix of old and new
Looking at regulators’ published priorities, meanwhile, we see these old favorites joined by new areas such as cybersecurity (FCA, SEC and MAS) and risks around crypto currencies (FINRA, MAS, FCA).
Unsurprisingly, the protection of retirement savings is most pronounced in those countries with significant and well-developed private sector pensions, and it is an explicitly stated priority for the SEC and the FCA. The UK regulator in particular has had a task in protecting older savers from ill-advised transfers out of defined benefit pension schemes and other challenges relating to “pensions freedoms” introduced in recent years.
Nevertheless, aging populations and an increasing emphasis on private provision for financing retirement are global trends. Retirement savings and investment are therefore likely to be an increasing area of focus for many financial regulators in the years ahead.
As important as what the regulators focus on is how they do so, and it is clear that the emphasis is now on holding individuals to account.
Again, the number of enforcement cases provides only part of the story. Within the scope of this research, the number of enforcement actions against individuals globally increased by 7% from 2015 to 2016, only to decline slightly by 13% last year.
However, in their public pronouncements regulators are clear that they intend to hold individuals responsible wherever possible. And they have not only the intention, but the tools to do so: The SMCR in the UK, the MIC initiative from Hong Kong’s SFC and, most recently, the proposed Guidelines on Individual Accountability and Conduct from Singapore’s MAS are all making it easier for regulators to identify and take action against individuals responsible for regulatory breaches.
The regulatory framework increasingly presumes responsibility where failures occur on an individual’s watch. As the new regimes bed in, this is likely to be reflected by an increase in the number of cases against individuals in the future.
Beware black swans
Finally, however, it is worth remembering that regulators are only partly masters of their own destiny. Just as discovery of Libor and FX benchmark manipulation absorbed significant regulatory resources in recent years, unexpected issues demanding their attention could well disrupt regulators’ plans.
It is difficult to say what these may be, but it would not be surprising if they involved fast changing technology. The increasing emphasis given to cybersecurity is already as much necessity as choice; already the impact on savers and investors has made it clear financial regulators cannot ignore the issue. We are likely to see increasing action for failures in both protecting confidential information and in ensuring resilience of financial services.
New risks continue to emerge, though, and precise priorities around developments such as big data and crypto currencies remain somewhat vague. While regulators are still monitoring and assessing the impact and risks around these technologies, there is little focus on future risks with new developments regularly occurring. As always, regulators in these emerging areas, like generals, are destined to fight the last war, not the coming one. There is also a significant focus on protecting retirement savings.