The Regulatory Landscape in Asia-Pacific
Three recurring themes in 2018
As 2018 marches on, and thoughts turn to 2019, we take an early look back at what has been another year of active regulatory activity in financial services. We focus on three recurring themes across Asia-Pacific: conduct, innovation, and data.
Culture and Conduct
Individual accountability in particular has been an active space. Hong Kong’s Managers In Charge (MIC) regulations are now well established, Australia has launched the Banking Executive Accountability Regime (BEAR), and Malaysia has proposed a Responsibility Mapping framework for individuals. In all cases, these regulations will continue to be refined and supplemented.
Looking beyond rules-based compliance has also been a priority in the region. In Japan, the JFSA published a discussion paper titled “Approach to Inspection and Supervision of Compliance Risk Management”. It represents the first supervision guideline from the JFSA on compliance or conduct risk and highlights the intention to promote effective and forward-looking compliance risk management, and transition from conventional backward looking “tick-box”.
Against an already active backdrop, the current Australian Financial Services Royal Commission has captured public, regulatory and industry attention, both inside and outside Australia. A highly detailed and well-resourced investigation into the industry combined with courtroom-style examination of witnesses has led to damaging revelations, including significant misconduct, unethical behavior, and lapses of governance. While specific to Australia, the findings will certainly lead to reviews of supervisory frameworks and institutional conduct by policy makers abroad.
This theme will remain a strong recurrent focus.
All regulators across the region have this topic as a top priority. A recent speech from the MAS succinctly captures the prevailing thinking:
"… a topic that is at the heart of the financial sector – culture and conduct. We will look beyond compliance frameworks to assess if the manager has embedded a sound “risk and ethics DNA” – one in which employees are aware of the risk boundaries, are being held accountable for their actions, and are empowered to speak up when they suspect or encounter malpractice"
Lim Cheng Khai, Monetary Authority of Singapore (MAS)
Innovation, digital disruption and cyber resilience
Innovation brings many benefits and will fundamentally transform financial services. However, it also brings risks, and a transformed industry requires a transformed approach to regulation. With Asia being the epicentre of much development and consumer adoption, our regulators have been particularly active in this space.
Cryptocurrencies and ICOs in particular saw a flurry of activity earlier this year. India formed a cryptocurrency committee, Indonesia’s central bank prohibited payment system and financial technology operators from processing virtual currency transactions, Korea set out new cryptocurrency trading measures for financial institutions, and Malaysia’s financial services regulators issued a joint warning on ICOs. The Deputy CEO of the Hong Kong SFC warned, “trading of cryptoassets and related products have earned a central place on the worry list of regulators around the world.” In Japan, the JFSA reinforced inspection and monitoring on cryptocurrency exchange dealers, and released an interim report where they noted the lack of internal control and corporate governance in many of the exchange dealers. Thailand announced government regulations that will require registration and KYC procedures for cryptocurrency operators, and revisions to taxation laws for cryptocurrencies and ICOs.
As our world becomes more digital, concerns over cyber security are rising. Wayne Byres of APRA identified cyber-attacks as “one of the most important risks the financial system faces”, while Thailand announced detailed IT risk management standards for financial institutions. This is very much a worldwide concern, and accordingly the Basel Committee is considering whether new global cyber risk standards are needed to enhance operational resilience.
While regulators in general are embracing innovation, they also remain cautious and focused on the risks involved.
Amid sustained pressure to have robust data protection and privacy programs, there is a parallel trend to be more open and sharing with data. Open Banking is now a reality in Australia and Japan. Korea has announced plans to open up government data sets and to establish a customer data portability right and a big data brokerage platform. Many others in the region are expected to follow suit.
Significant infrastructure changes are required, but one of the biggest challenges will be effective governance to balance both privacy and openness expectations. Ultimately, firms will need to be able to share appropriately the data they are expected to share while ensuring they keep private the information they need to keep private, while regulators will need to continually monitor and adjust.
The finalisation of Basel III at the end of 2017 saw a pause in major global capital and liquidity policy initiatives. However in Asia-Pacific (and globally), regulatory policy activity in 2018 has continued on a robust trajectory, dominated by topics of conduct, innovation and data. We expect little change to this pattern into 2019 and beyond.
The Deloitte Centre for Regulatory Strategy
The Centre for Regulatory Strategy is a source of critical insight and advice, designed to help clients to anticipate change and respond with confidence to the strategic and aggregate impact of national and international regulatory policy.
With regional hubs in the Americas, Asia Pacific and EMEA, the Centre combines the strength of Deloitte’s network of experienced risk, regulatory, and industry professionals—including a deep roster of former regulators, industry specialists, and business advisers—with a rich understanding of the impact of regulations on business models and strategy.