As we enter 2015 financial institutions are confronted with an uncertain and shifting economic and political landscape. 2014 has seen slower than hoped for global economic expansion with stalling Chinese growth and the burgeoning Rouble crisis, while the current situation in Greece places the future of the Eurozone in the balance. Meanwhile, for UK financial institutions, political uncertainty abounds ahead of the next general election.
For risk and compliance practitioners, the picture is further complicated by the evolving regulatory environment and the changing business opportunities and threats that technologies, including mobile banking, present to those in the financial sector. Notably, Barclays’ CEO Antony Jenkins recently announced that “the universal banking model is dead” in part due to the rise of new technologies. Meanwhile, commentators suggest that the expected increase in mobile payments in 2015 will create new levels of fraud risk. According to Hitesh Patel of KPMG: “An increase in the volume of faceless transactions reduces the checks and balances that organisations have come to rely on, meaning that fraudsters will find it easier to get away with falsifying details and diverting cash to their own accounts, stealing identities and selling goods or services that are sub-standard at best or don’t exist, at worst.”
Managing risk within this dynamic context is as key as ever. Nevertheless, the experience of 2014 shows that the financial sector still has some way to go, particularly in the area of conduct risk. Indeed, the interplay between prudential and conduct of business risk has come to the fore through 2014, as the regulatory enforcement picture has been characterised by high profile conduct failings and correspondingly large regulatory fines issued against firms. Indeed, the European Banking Authority’s recent Risk Assessment of the European Banking System, stated that:
“The EU banks’ reputational and legal risks remain a concern due to potential prudential impact of conduct-related issues… In light of indications of insufficient and decreasing disclosure of conduct risks, auditors and supervisors should pay additional attention to monitoring if adequate provisioning for related risks has been made… Supervisors should assess whether prudential risks stemming from banks’ business practices are adequately reflected in an institution’s ICAAP. Likewise, an assessment of such risks should be increasingly reflected in the supervisory review and evaluation process (SREP).”
Of course, such concerns are hardly new. As HBOS whistleblower Paul Moore explained to me back in 2012: “Capital requirements should depend not only on how much risk you want to take, but also how well you’re actually managing risks… If you mis-sell a loan not only is that a mis-sell for the individual under the conduct of business side of things, but you also drive a coach and horses through the idea that you have a prudential approach to credit risk management” (inCOMPLIANCE, Autumn 2012).
Finally, alongside this greater emphasis on conduct risk there has emerged a growing appreciation of the apparent failure of increasing regulatory fines to improve behaviours, and the calls for criminal sanctions to be enforced against individual wrongdoers has grown accordingly. Indeed, the UK government recently announced an extension to the legislation around LIBOR to cover seven other financial benchmarks, meaning that traders who attempt to rig key foreign exchange, oil and gold benchmarks may be imprisoned for up to seven years.
The fallout from the Forex scandal is likely to cast its shadow into 2015 and the management of conduct risk (and the approach of the regulatory authorities to enforcement actions relating to conduct risk) should be a defining feature of the coming months.