Navigating regulatory risk
Top regulatory trends for 2015 in banking
A forward look at the challenges and opportunities banks will be facing
In 2014, banks were scrambling to comprehend a wave of new regulations triggered by Dodd-Frank and the residual effects of the economic downturn. As they enter 2015, the focus shifts to the even bigger task of implementation and compliance. Fewer new regulations are being introduced, with most designed to clarify or refine existing rules. In addition, the themes of ethics and culture are emerging frequently in the regulatory dialogue-taking place now as fines and penalties can lead to questions about the corporate cultures that led to them. This report takes a look at these trends and offers some possible steps that banking institutions can take as part of their continual efforts to meet heightened regulatory expectations.
Here’s a quick look at the key trends that banking institutions will likely need to focus on in 2015
- Governance and Risk Management
In order to meet formal expectations set by the Federal Reserve Board (FRB) and the Office of the Comptroller of the Currency (OCC), banks must elevate their standards for governance and enterprise risk management to meet increased and more formal expectations. A comprehensive assessment of risk-management frameworks will benchmark the bank’s current structure and processes against regulatory standards and provide for the development of a well-defined remediation plan.
- Consumer Protection
The Consumer Financial Protection Bureau (CFPB) is expanding its oversight into nonbank activities such as residential mortgage (nonbank mortgage servicing), private education and payday markets. Although regulated banks are familiar with Compliance Management Systems, aggregating and reporting of customer product-level data, including customer compliant data analytics is a significant challenge for many institutions. To better manage their CMS, firms should assess and consider enhancing their compliance infrastructure.
- Vendor Risk
Regulators continue to spotlight risks associated with bank oversight of third-party providers and cite weak vendor oversight when referencing violations of consumer-protection requirements. As a result, risk, compliance and audit programs at many banks may have to focus more attention on regulatory compliance when it comes to consumer protection rules and vendor information security requirements.
- Resolution Planning
Substantial work continues to strengthen the resiliency of global banks and various resiliency-related rules will soon reach final form (e.g., GLAC, TILAC).
- Volcker Rule
As the Volcker Rule is written, most banks will need to support the compliance requirements beginning July 21, 2015, but the timeline and the requirements themselves are subject to change. Effects of the Volcker Rule on banks varies by asset size, but the core intent of the new role will require firms to enhance compliance monitoring capabilities and well as sophisticated data analysis tools.
- Data Quality
Regulators will expect bank management to be able to aggregate and analyze data across the enterprise as effective enterprise-risk and performance data-reporting, aggregation capabilities, data collection, and management of risk/performance data are required under formalized guidance and final rules.
- Credit Quality Concerns
Banks have begun loosening underwriting standards under pressure to improve margins, enhance earnings, and increase returns on the higher level of capital they are now required to hold. As a result, regulators are pressuring banks to enhance their ability to aggregate credit exposures across the firm, and leveraged lending is receiving heightened focus. The accuracy and effectiveness of a firm’s credit-grading process is also under and regulators want banks to fully understand the impact of credit exposures to their balance sheets.
- Increased Cyber Threats
The volume and number of cyber-attacks in the financial services industry has increased exponentially, requiring firms to protect themselves by investing appropriately. Governance and accountability must be changed, what was historically an IT matter now extends horizontally across business, operations, technology, legal, communications, and other areas. The “KYC” (know your customer) ethic remains strong, but now “know your vendor”, “know your employee” and “know your data” are riding alongside KYC.
- Liquidity Reserve Requirements
The final version of the Liquidity Coverage Ratio (LCR) rule requires firms to maintain enough high-quality liquid assets (HQLAs) to cover fully net stressed cash outflows over a 30 day period, the rule is significant as it establishes a standard definition of liquidity by specifying what constitutes HQLAs. Many firms are finding the new daily liquid assets calculation to be operationally intense, and institutions may pursue upgrades to address the requirements.
- Anti-money laundering
The government continues to raise expectations on the industry’s ability to know its customers—and its own ability to find nefarious activity and impose sanctions. Complying with the law in both letter and spirit is a difficult task, and expectations continue to evolve.
Center for Regulatory Strategy