The regulatory burden increases inexorably but promises of regulatory harmonization never seem to deliver. Perhaps that’s a good thing.
The more things change, the more they stay the same. With Brexit and Trump dominating global headlines last year, much of the resulting uncertainty persists in our Global Regulatory Outlook 2018 survey.
Both developments have yet to play out. On Brexit, negotiations continue with financial services regulation and access remaining among the many sticking points. In the US, we are beginning to get a sense of the priorities of new SEC Chairman Jay Clayton but it remains early days.
It is clear, though, that there will be little let up for financial services firms. In the EU, firms began the year with implementation of MiFID II and imminently face introduction of GDPR in May (where almost half in our survey are not confident they are on track to comply). Struggles with the Senior Managers and Certification Regime (SM&CR) in the UK also continue. In the US, meanwhile, it is fair to say that, whatever else, the campaign pledges of the Trump administration to dismantle Dodd Frank remain mostly unfulfilled.
At any rate, few expect the regulatory burden and impact to ease: 95% say regulations will increase their costs this year, with almost a quarter (24%) in our survey said they would be spending more than 5% of their annual revenue on compliance by 2023. In fact, a tenth (11%) felt they would spend more than 10% on it by that year.
As last year, the big regulatory growth area remains cybersecurity – only more so. About three in ten (29%) say this will be regulators’ primary focus in 2018, and more than half (54%) think it will be a top three priorities – leaving aside the 22% naming GDPR.
That now puts cybersecurity ahead of even anti money laundering (AML) and Know Your Customer (KYC) regulations as a perceived regulatory concern. The focus on cybersecurity is only likely to intensify, too; as we note frequently in this report, regulatory expectations in this area are still becoming clear.
It’s not just regulatory pressure, of course. The spate of cybersecurity breaches over the last year has also contributed to firm’s determination to address the issue. For both these reasons, 78% of respondents expect to spend more resources and time on it in 2018.
The key question is whether that spending, and the regulation prompting it, will prove effective.
The value of regulation
Past experience is only partly encouraging. On the one hand, compared to previous years, confidence in the effectiveness of regulation has grown. A slim majority (51%) now say they expect financial services regulation to increase market stability (up from 42% in 2017).
On the other hand, even now that still leaves 29% saying regulation has no effect on stability and 10% saying it makes it worse. Moreover, the proportion saying financial services regulation is likely to enhance investor confidence is down to about a third (35%), with 61% saying it has little impact (56%) or damages it (5%).
Certainly, the limits of regulation are well recognized: As in previous years of this report, few believe regulatory changes in recent years have adequately safeguarded against a future crash: only 13% say they have, while 28% say they haven’t. The majority (57%) say the risks have been only partly addressed.
Be careful what you wish for
Whatever they expect its impact to be, what firms say they want from regulation is greater harmonization. Almost one in five (19%) say it’s the single most important factor in maintaining an effective regulatory system (second only to principles-based regulation).
Most agree (52%) that regulators are improving their ability to coordinate across borders; but few think they have been effective in establishing consistent global regulatory standards (29%). This is largely the same as in previous years of the Global Regulatory Outlook survey. A more interesting issue, perhaps, is whether firms are right to yearn for those consistent standards.
Of course, it’s recognized that regulation can have some positive impacts: A third say it “expands market reach” and almost three quarters (73%) concede regulations encourage improvements in internal systems and control.
Regulatory harmonization might alleviate some of burden and complication of complying with different standards across jurisdictions. Given the tendency when it comes to regulatory alignment to level up to the highest standards in operation, and to harmonize without necessarily removing duplication, it’s unclear whether greater consistency across jurisdictions would reduce, or add to, the cost of compliance.
A Brexit bonus?
That’s particularly pertinent when it comes to Brexit.
About one in five (21%) in our survey said Brexit had had an immediate impact on their compliance programmes with changes already being made or planned for the next six months. Another quarter (26%) expect changes within 18 months.
As to how big those changes will be, much will depend on the final agreement reached, but UK Prime Minister Theresa May has recently ruled out passporting for financial services after the UK leaves the EU. This, she said, was “intrinsic to the single market of which we would no longer be a member”.1
The impact of Brexit remains to be seen. Yes, it is a risk – and not one that many of our survey respondents feel terribly confident about; while 53% currently say London is the current pre-eminent global financial centre, only 29% expect it to be so in five years’ time.
But it also presents opportunities. Many firms are considering their options in anticipation of Brexit to continue marketing in the EU, such as using management companies and revising their operating models. But Brexit may also open up opportunities in other jurisdictions through new trade agreements to distribute products. In any case, it remains a complex regulatory and market environment for the industry across the globe, and it will need to be managed dynamically. The success with which firms do so could prove a differentiator in next few years.
Grasping the technology challenge
Nor is Brexit the only opportunity for firms in the regulatory space. To finish where we began, the reason cyber risks are such a key regulatory focus is because of the increasing power and pervasiveness of technology in financial services. Just as firms are embracing this in their businesses, so too are regulators in their work in detecting and preventing market misconduct.
As their sophistication grows, so, too, do their expectation of firms’ own capabilities to automate compliance and market monitoring. On the one hand, that’s a significant threat for those firms that fail to take up the challenge, particularly in light of the continued drive towards individual accountability evident in the UK’s SM&CR and Hong Kong’s equivalent.
On the other, though, it could offer two benefits: First, the promise of more orderly markets, which should be good for the industry as a whole and prevent the unscrupulous and unfair gaining of advantage; and second the potential for solutions that, through automation, actually ease the regulatory burden, and perhaps halt the rise in compliance costs.