A mid-year update to the Financial Markets Regulatory Outlook 2018
Following the release of our flagship annual Regulatory Outlook at the start of 2018, the EMEA Centre for Regulatory Strategy are pleased to provide this mid-year update, which details what has transpired in financial regulation over the first half of 2018 and what’s left to come.
This update discusses the major financial services regulatory developments we have seen in the first half of 2018, as well as our views on what to expect for the rest of the year. It looks back at the cross-industry and sector specific themes we explored in the 2018 Outlook to see how these have developed, and also identifies a number of emerging issues including climate change, FinTech, and culture in financial services firms.
The findings at a glance
In the six months following the publication of our Regulatory Outlook 2018, a lot has happened.
Meeting multiple regulatory deadlines
MIFID II, PRIIPs, BMR and GDPR are now live, with IDD still to come later in the year. Some firms have struggled with the multitude of different regulatory deadlines, and in some cases implementation programmes continue to run in order to optimise firms’ approaches. Concerns have been raised about some of the information firms must provide as part of PRIIPs, whilst certain aspects of MIFID II were delayed. With implementation deadlines now largely passed, supervisory attention will turn to more concerted oversight of compliance.
Preparing for Brexit
Despite progress in some areas, uncertainty remains over Brexit. Whilst a transition period was agreed at a political level, the fact that this is not yet legally binding means most firms have continued to execute their current contingency planning. Firms relocating to the EU27 are looking to either bulk up existing entities or establish new ones, and ensure they have the necessary infrastructure and personnel in place ahead of March 2019. The UK has also pushed for a system of “mutual recognition” for FS regulation but so far has been rebuffed by the EU. However, the UK government has agreed to provide a temporary permissions regime for firms’ passporting into the UK and to legislate for contract continuity, providing firms with some certainty on these issues on the UK side.
Supervisory spotlight on business models
Business models have continued to attract attention, with supervisory analysis increasingly incorporated into business as usual supervision and thematic review work. The ECB has completed its review of bank business models, but is not expected to publish its findings. The FCA’s work on business models continues, and its high-cost credit review led to a crack down upon aspects of firms’ business models it viewed as unfair. Supervisors are increasingly drawing attention to the importance of technology in shaping firms’ business models, and we expect to see increased interest from them in the interplay between the two in future.
Data protection, innovation and good customer outcomes
May’s GDPR deadline drew significant attention to firms’ data protection approaches. Whilst we are yet to see any enforcement action in this area, the increasing prominence of data protection and privacy issues will mean any serious breach of GDPR will be met with a strong response. We have also seen regulators increase their scrutiny over firms’ use of AI, with the FCA and PRA both having published papers outlining their expectations of firms’ governance and risk management of algorithmic trading. The European Commission also announced that it will develop its approach to AI by the end of 2018. Cryptocurrencies have rarely been out of the headlines and have begun to attract regulatory attention.
The FCA has moved to incorporate consumer vulnerability into its day-to-day regulatory approach. Its review of high-cost-credit saw it propose a price cap for rent to own products, citing a need to protect vulnerable consumers, and we expect to see a similar rationale inform the outcome of other work on overdrafts and access to travel insurance. IOSCO published a report on senior investors’ vulnerability, while EIOPA’s work plan expressed concern about vulnerable consumers’ access to insurance products. Other ESAs raised similar concerns as part of a joint ESA report on Big Data.
Cyber risk and resilience
The ECB published its TIBER framework, published a consultation on its CROE for FMIs, and launch its Euro Cyber Resilience Board. In the UK the PRA’s business plan highlighted the security risks posed by recent payment services and open banking reforms. The FCA listed “data security, resilience and outsourcing” as a cross-sector priority in its business plan and has said it will continue to look at firms’ operational resilience and outsourcing controls. Later in the year the SSM is expected to publish its cyber expectations for the banks it supervises, as are UK regulators.
Managing risks from internal models
We have seen a range of developments relating to firms’ internal models. EIOPA reaffirmed its plans to increase the scope of its work on model convergence, said it would evaluate firms’ model calibration through benchmarking exercises, and in May published its first study on market and credit risk modelling. In the UK, the PRA voiced concerns over insurers’ modelling of investments in illiquid assets. In the banking sector, the ECB has continued with its TRIM exercise, which we expect to continue into 2019. The PRA also finalised a set of principles for model risk management for bank stress testing models, and is now considering extending these principles to all models.