A look back at our regulatory outlook
At the end of 2016 Deloitte’s Centre for Regulatory Strategy provided its view of the major regulatory themes that would impact financial services firms in Asia Pacific during 2017: resilience, governance, supervision and technology (1). With half the year having already passed, the time is opportune to pause and reflect on how these themes have been unfolding across the region.
Hopes of finalising “Basel IV” by the end of 2016 have been dashed, with agreement on amendments to credit risk, operational risk and floors seeming to elude the Basel Committee on Banking Supervision (BCBS). The BCBS continues to stress the importance of finalization, but has been vague on when this is likely to occur. Although there appears to be a stalemate with regards Basel IV, the International Association of Insurance Supervisors (IAIS) continues to progress the development of the first global insurance capital standard (ICS) for internationally active insurance groups, with ICS Version 1.0 for Extended Field Testing having recently been released.2
On asset management, the Financial Stability Board (FSB) released 14 policy recommendations to address structural vulnerabilities within the industry, some of which the International Organisation of Securities Commissions (IOSCO) will operationalise by year end3. In our region, strengthening the asset management industry has been a goal of several regulators. For example, making Hong Kong “Asia’s leading asset management centre” is one the Securities and Futures Commission’s (SFC) priorities for the year and, as part of this initiative, in June the regulator launched a consultation on the legal and regulatory requirements for the new open-ended fund company4.
The FSB has recently commented on the sluggish implementation of the Key Attributes of Effective Resolution Regimes for Financial Institutions (Key Attributes), with progress slow in jurisdictions without global systemically important banks (GSIBs) and for the non-bank sector (e.g. insurance)5. Nonetheless, Asia Pacific is moving forward on recovery and resolution planning, for banks at least. Japan and Hong Kong have adopted regimes that broadly comply with the Key Attributes. In Indonesia, a regulation came into effect in April which sets the requirements for systemic banks to prepare and submit recovery plans to the Financial Services Authority (OJK). Australia, China, India, Indonesia and Korea also have reforms underway for all systemic banks. Beyond banking, the FSB plans to release key attributes assessment methodology for the insurance sector by the end of 2017 and has also recently issued guidance on central counterparty resolution, as well as on continuity of access to financial market infrastructures for a firm in resolution6.
Governance, culture and conduct continue to be front and centre of regulators minds. The significance of good governance has been highlighted by Nobuchika Mori, Commissioner of Japan’s Financial Services Agency (JFSA), who opined in May that “those financial institutions that have weathered the global financial crisis have done so not because of the size of their capital or liquidity buffers, but largely due to their solid risk governance, which allowed them to respond to early signs in the marketplace”7. Earlier in the year Ravi Menon, Managing Director of the Monetary Authority of Singapore (MAS), also identified fostering a culture of trust and risk governance in financial institutions and markets as a top area of regulatory focus going forward8.
Some significant steps to enhance senior manager accountabilityhave been made in Asia Pacific this year, most notably Hong Kong’s Manager-in-Charge (MIC) initiative that took effect in April. The MIC regime has required firms to, amongst other things, identify MICs for eight “core functions”, ensure MICs have appropriate authority and skills, have MICs acknowledge their appointment, and provide board approved management structure information and organisational charts to the SFC. Australia is following suit with a current consultation on the Banking Executive Accountability Regime (BEAR). BEAR proposals include registration of directors and senior executives with the Australian Prudential Regulation Authority (APRA), maps of roles and responsibilities to be provided to the regulator, new penalties for failing to appropriately monitor suitability of executives and giving APRA new powers to require adjustments to remuneration policies and to remove directors and senior executives9.
Other regulators have also been active in regards governance, conduct and culture this year. Malaysia introduced the Principles for a Fair and Effective Financial Market, as well as a Code of Conduct for Malaysian Wholesale Financial Markets. The JFSA released the Principles Concerning the Operation of Fiduciary Duty, which recommend seven overarching principles for performance of client-oriented services: (i) establish and announce a policy on fiduciary duties (ii) pursue professionalism, ethics and client’s best interests (iii) appropriate management of conflicts of interest (iv) clear information on fees and costs (v) providing important information in a manner that is easy for the client to understand (vi) providing services that are suitable for each client; and (vii) establishing a framework that motivates personnel to comply with fiduciary duties10. Meanwhile, the Chinese Banking Regulatory Commission (CBRC) introduced guidelines requiring banks to improve corporate governance, strengthen risk management, enhance systems of accountability, place importance on compliance risk management and implement whole-process management of environmental and social risks.
International regulators have released a large amount of material on financial services conduct. In March, the BCBS published updated guidance on Pillar 3 disclosure that includes provisions on compensation policies and on the use and application of compensation tools. The FX Global Code of Conduct was finalised in May11 and was endorsed by key Asia Pacific regulators. June saw the IOSCO release its report on misconduct in wholesale markets12. The FSB has issued its Stocktake of Efforts to Strengthen Governance Frameworks to Mitigate Misconduct Risks13, published a consultation with supplementary guidance to the Principles and Standards on the use of Compensation Tools to Address Misconduct Risk14 and released its fifth progress report on implementation of the Principles for Sound Compensation. The thinking and recommendations in this international material will start to percolate into Asia Pacific regulatory approaches over the coming months.
Several Asia Pacific regulators have been vocalizing their support for proactive, engaged and forward looking supervision this year, echoing the JFSA regulatory approach that we canvassed in our outlook. Wayne Byres, Chairman of APRA, recently said that the regulator “primarily seeks to fulfil its mandate using a supervision-led approach” and that such an approach “seemed to be a common feature of jurisdictions that emerged relatively unscathed from the financial crisis”15. Hong Kong’s SFC has outlined its adoption of “front loaded”, “real time” ”direct” and “pre-emptive” supervision, which involves proactive identification of risks, thematic reviews, early intervention, enhanced transparency and early signaling of regulatory priorities and intentions16. The Assistant Governor of Bank Negara Malaysia (BNM) said in May that the Bank’s focus will move “beyond balance sheet ratios”, with approaches to include interviews and questionnaires of employees17.
Detailed regulatory data requests and requirements continue across the region, and this is likely to escalate given the findings in the BCBS’ fourth progress report on adoption of the Principles for effective risk data aggregation and risk reporting (BCBS 239). The report, issued in March, reflects assessments carried out in July 2016 by G-SIB supervisors and concludes the results are “unsatisfactory”. Indeed, there was a lower level of compliance than reported in bank self-assessments carried out two years earlier. In particular, only one bank fully complied with all the principles, for no principle was full compliance reached by all assessed banks, and four banks are not expected to fully comply with all the principles until after 201818.
To some extent less favourable compliance assessments from supervisors are to be expected, however the results will likely mean a more intense focus on risk data and risk reporting capabilities going forward. The BCBS recommends supervisors closely follow up on weaknesses “with continued and intensified efforts” and make requests for detailed roadmaps and timelines for full BCBS 239 compliance, as well as frameworks of top-level oversight of implementation progress. The recommendations will likely be incorporated into local regulatory approaches, for both GSIBs and domestic systemically important banks (DSIBs). In Australia for example, APRA sent a letter to ADIs about improving capabilities in data, monitoring and portfolio controls after a thematic review found inadequacies in these areas19. Partly in response to the need for frequent data resubmissions by reporting intuitions, APRA also launched a consultation that proposes an increase in the amount of data collected from large institutions (although a decrease for small institutions)20 . The Reserve Bank of India (RBI) has been focusing on better data governance through the comprehensive RBS submissions, with enhanced scrutiny of the source and quality of the data points being submitted. In Southeast Asia (e.g. Singapore and Indonesia) it is anticipated that compliance with BCBS 239 will soon be expected of D-SIBs and some of the larger organisations in the region are already performing independent assessments of their level of adherence.
There continues to be a steady march of regulatory initiatives in Asia Pacific aimed at bolstering innovation in financial services. It seems that on a daily basis a new regulatory sandbox, financial technology (FinTech) bilateral cooperation agreement or FinTech advisory group is announced. Innovation is a stated priority for most regulators in the region this year, with it being widely viewed as having the potential to improve profitability for lagging financial intuitions, accessibility for underserved communities and competition within the industry. Indonesia’s OJK, for instance, called for papers on developing the non-bank financial industry, such as creative economy industries, micro, small and medium enterprises and start-ups21. Malaysia’s BNM has also sought ideas from the public on improving the financial services sector by harnessing innovation and technology22. The CBRC Vice Chairman was reported as saying that there should be “vigorous promotion” of financial innovation “to enhance the competitiveness of the economy, financial sector and banking industry”, while the People's Bank of China (PBOC) recently outlined its strategy for advancing technology use in the country's financial industry. In March, Singapore’s MAS announced the successful conclusion of a proof-of-concept project to conduct domestic inter-bank payments using distributed ledger technology (DLT)23.
Adjustments to regulatory frameworks have also been implemented, proposed or investigated this year in response to innovation. For example, in April the OJK introduced regulations for IT governance and risk management for IT based lending services and in May Malaysia’s Securities Commission (SCM) introduced a framework for offering automated discretionary portfolio management services24. Australia, Singapore, Hong Kong and New Zealand have all issued consultations on proposed regulatory approaches to automated advice. In April, Japan’s cryptocurrency trading regulation came into effect, Korea looks set to follow suit and India’s Ministry of Finance set up a task force to investigate regulation of virtual currencies.
While local regulators are acting to support and manage FinTech, supranational regulators have also been thinking about the potential impacts and appropriate responses. IOSCO published a research report on platforms for financing, institutional bond trading, retail trading and retail investment25. The Committee on Payments and Markets Infrastructure (CPMI) also reported on DLTs efficiency and safety implications26, while the IAIS has looked at FinTech developments, challenges and opportunities in the insurance industry27, and the FSB on FinTech’s financial stability implications and areas for international cooperation28.
2017 has also seen regulatory technology (RegTech) as an increasing part of the regulatory lexicon. The Australian Securities and Investments Commission (ASIC) issued a consultation on proposals to establish a RegTech industry liaison network, technology trials and a ‘hackathon’ to identify and remediate regulatory problems faced by the financial services industry. In Hong Kong, the SFC has implemented a risk data strategy which involves benchmarking to global regulatory standards, analysing social media information, and adopting new technologies. MAS similarly announced the formation of a data analytics group that will interrogate both supervisory and financial sector data to help the regulator “unlock insights, enhance the supervision of financial institutions, make regulatory compliance more efficient for financial institutions, and improve work efficiency across the organisation”29. The PBOC meanwhile is reported to be considering developing its own RegTech capabilities to ascertain market risk30.
Across the globe, cyber risk has been evolving into one of the biggest financial services regulatory concerns for 2017. In April, MAS Managing Director Ravi Menon said “it is not inconceivable that a future financial crisis could be precipitated by a cyber attack” and he cited cyber risk management as “likely to emerge as the new frontier for global regulatory harmonisation and supervisory co-operation”31. China’s Cyber Security Law has come into effect, India’s Insurance Regulatory and Development Authority (IRDAI) released a new cyber security framework for insurers and Hong Kong’s SFC has consulted on new measures to reduce and mitigate hacking risks of brokers engaged in internet trading. In addition, the Securities and Exchange Board of India (SEBI) announced the set up a cybersecurity lab and the RBI advised that a “specialised cell (C-SITE)” was established to conduct IT examinations of banks (who the regulator has found to have “significant” gaps in cyber security preparedness).
We have paused and looked back at Asia Pacific regulatory developments vis-à-vis the four themes identified in our 2017 outlook. A lot has already happened in the region, as well at the supranational level. Above we have provided a small taste of some key regulatory events, but hopefully we have given the broad flavour of where things have been, and will be, heading.
Global regulatory bodies are also proposing to pause and reflect on the impact of the dizzying array of global standards issued in the wake of the 2007-8 financial crisis, the key initiative being the FSB’s post-implementation evaluation of the effects of G20 financial regulatory reforms. As noted in the foreword of our outlook, political developments have inspired a trend against international standard setting and global regulatory harmonisation, as well as a push for deregulation. Most regulators appear not to support these trends and have warned against “reform fatigue”’. Whilst the threat to international standards and harmonised regulation is real, it is clear that regulators have not been idle. Financial services firms will continue to face, at least in Asia Pacific and at least in the short term, complex and changing regulation.
6. http://www.fsb.org/wp-content/uploads/P060717-3.pdf ; http://www.fsb.org/2017/07/guidance-on-central-counterparty-resolution-and-resolution-planning-2/; http://www.fsb.org/2017/07/guidance-on-continuity-of-access-to-financial-market-infrastructures-fmis-for-a-firm-in-resolution-2/