Global foreword

First, firms must manage their own financial resilience in the face of declining credit quality. The work of the last 10 years to build capital buffers means that, globally, the banking sector enters 2023 in a generally resilient position, although emerging market banks appear more vulnerable to a downturn than their advanced economy counterparts.⁵ Many non-banks will also need to be on alert given the volumes of credit risk that have migrated outside the banking system in the last 10 years, including most recently to providers of buy-now-pay-later finance. Supervisors will focus on credit risk management (especially in relation to real estate and leveraged lending) across all regulated firms and will also scrutinise exposures to and connections with unregulated lenders.⁶

Second, firms will need to continue to support their customers through a period of economic hardship. Conduct supervisory expectations are now substantially higher than in previous downturns. In some countries, how lenders treat customers facing financial hardship will be a supervisory (and in some cases a political) priority, and industry will need to identify vulnerable customers proactively and take measures to support them. Insurers are likely to see rising numbers of customers struggling to cover their premiums, creating the possibility of protection gaps that will also draw supervisory attention.

Third, firms should be vigilant for sudden bouts of market volatility. Even the archetypically stable US Treasury market will need to be watched closely given recent observations of low liquidity and volatility, combined with the uncertain impact of the Securities and Exchange Commission’s (SEC) new dealer rule.⁷ Firms should be ready for regulatory and supervisory measures to address “unfinished business” around non-bank financial stability issues, with several recent episodes of market turbulence (such as the dislocation of the UK government bond market in autumn 2022) thrusting these issues back up the agenda.⁸ Open-ended funds are a particular focus, where market volatility has the potential to clash with market illiquidity to trigger asset fire sales. Although the Financial Stability Board’s (FSB) latest progress report on addressing the risks from non-bank financial intermediation indicates an ongoing program of work, it remains unclear how far and how fast national authorities will implement any resulting regulatory changes.⁹ We nevertheless expect central banks and regulators to be working hard to understand these vulnerabilities and other possible sources of market disturbance. This will likely manifest in a continued emphasis on stress testing for individual regulated firms and the system as a whole, revisions to fund liquidity rules, and a focus on firms’ and counterparties’ margining practices and ability to meet margin calls, including through data requests where gaps have been identified by supervisors.¹⁰

These are regulators’ near-term preoccupations. They demand strong Board engagement supported by robust management information, clarity around risk appetites, clear processes for escalation, and continuous internal communication between and across business lines and support functions to ensure consistency in messaging and decision-making. But they are by no means the only challenges facing industry or its regulators, and we now turn to three major sources of structural change with which firms must grapple: geopolitics, technological change, and sustainability.

Geopolitics

Rising geopolitical tensions are contributing to the fragmentation of markets, with nations and business leaders looking at how to build supply chain resilience and security through greater localisation of production and supply. Firms operating across what are, in some cases, tense political borders will be directly affected by these tensions.

The Russia-Ukraine conflict provides a stark reminder that firms should be vigilant and cautious of geopolitical risks that can manifest very rapidly through numerous channels, whether in terms of operational resilience, financial crime, cybersecurity, or reputational risks. Many of these issues are not amenable to statistics-based risk modeling and require the use of more qualitative information to develop sophisticated scenario analyses. Supervisors will expect firms to have carried out “lessons learned” exercises from their experiences this year – for instance around sanctions and geographic footprints – and to have reviewed and, in some cases strengthened, their “severe but plausible” scenarios for evaluating their ability to withstand and recover from operational shocks. They will also have to “think the unthinkable” through reverse stress testing and emerging risk assessments. Supervisors will also expect firms to examine their own supply chains, which may in turn lead to more requests for “localisation,” for example of data, IT infrastructure or people.

This is not only about weathering short-term shocks: it is also an issue of medium-term strategy, particularly around firms’ geographic footprints and shifting patterns of international trade. At a minimum, this means Boards reviewing risk appetites for operating in specific countries and with particular clients, as well as the reputational risks that will inevitably surround decisions to operate in or exit certain markets.

The financial system continues to undergo major technological transformations. New technologies enable both old and new firms to provide new and better products and services, develop better insights, and to do so ever more efficiently. But they have also complicated supply chains and service delivery models while creating new sources of competition.

In some areas, the regulatory regime has struggled to maintain pace with technological innovation, but so too have firms’ risk management and control frameworks. This has been clearest in relation to the complex relationships between regulated FS firms and third-, fourth-, and even fifth-party technology service providers, including Big Techs. The regulatory framework around operational resilience is pushing firms to address the resulting risks, although different countries and regions are adopting different approaches. Regulated firms will need to get their houses in order by untangling (and where possible simplifying) networks of technological service suppliers and ensuring their operational resilience. And where firms are pursuing shared delivery models, Boards need to have strong assurance around their reliance on third parties.

Big Techs are also increasingly active in FS in their own right as competitors to and partners of incumbent firms. In the near term, technology firms should accept the reality of “extra-territorial” FS regulation which will either bring them within the supervisory perimeter, subject them to other direct forms of oversight, or see regulated firms being used as conduits through which such oversight can be gained. Over time, we expect FS authorities will feel the need to develop a more integrated approach to the regulation of Big Techs, recognizing their multiple roles in FS. This will require them to work with data protection regulators and competition authorities. In the meantime, individual regulators are pursuing their own national approaches. In turn, regulated firms should factor in these different national requirements as they develop their global strategies for their overall relationships with Big Techs and other critical service providers, complicating the contracting process.

The regulatory framework also continues to evolve in attempts to keep pace with innovation around digital (particularly crypto) assets. While issues have persisted concerning unregulated players seeking to organize themselves around developing regulatory regimes, regulated firms have increasingly been engaging with a developing ecosystem of digital asset technology providers to develop more credible and mature client offerings.¹¹ However, recent turmoil has changed the outlook, creating a potential crisis of legitimacy and trust around the fledgling industry. A further regulatory response seems inevitable, although we see little prospect of international convergence where rules are being put in place, with jurisdictions differing along all manner of issues, from regulatory classifications (as securities, currencies, and so on), through to the intersection with financial crime frameworks, further complicating industry efforts to grow the sector.

Cyber risks are ever-present for FS firms, but the increasing digitisation and use of third-party providers for services and support functions, combined with the geopolitical tensions referred to above, means that the threat perimeter is becoming more complex. These risks cut across all sectors of FS, and regulators are pushing firms to continue to invest in their capabilities. Insurers are doubly exposed, as potential targets of cyberattacks but also as providers of cyber risk insurance, in relation to which regulators continue to probe around the ambiguity of policy coverage and the risk of so-called “silent cyber”.¹² Reporting of cyber incidents remains a key pillar of the regulatory framework, with some regulators moving to tighten reporting windows, and the FSB currently looking at the possibility of delivering more consistency in reporting.¹³

The politics of sustainability have become more difficult with the ongoing debate, especially in Europe, about how to reconcile environmental goals with renewed energy security concerns, along with the emergence of an “anti-ESG” faction, and the spilling over of disagreements over the binding nature of some climate targets within the Glasgow Financial Alliance for Net Zero (GFANZ).^14,15

But 2022 also provided ample evidence of how disruptive sudden swings in food and energy prices can be, as well as the impacts of increasingly frequent and intense natural disasters. These risks will only become more pronounced as the climate transition unfolds, and they will increasingly shape the FS operating environment. Insurers face particular challenges given the twin tasks of managing the solvency implications of exposures to physical risks while continuing to protect policyholders, many of whom may face escalating costs for coverage, creating the risk that protection gaps emerge or widen.

Regulation and supervision will be key determinants of how firms must respond to these risks. In some areas, there appears to be a degree of supervisory convergence, most notably around prudential risk management and risk governance. Climate-related stress tests and/or scenario analysis exercises are becoming features of supervisory frameworks in many major jurisdictions, being well established in the EU and UK, Japan and Hong Kong, and emerging onto the agenda in the US. Elsewhere, however, despite shared ambitions to address issues such as greenwashing (with investment funds in particular in the crosshairs around fund names, labelling, disclosure practices, and the green credentials of their underlying assets), firms are finding themselves contending with differing national requirements, particularly in terms of sustainability taxonomies. Even where supra-national attempts have been made, such as with the Association of Southeast Asian Nations (ASEAN) taxonomy, national variants will persist.

There have been more ambitious attempts to develop international standards around disclosure, most notably the ongoing work of the International Sustainability Standards Board (ISSB), which is driving toward the development of a global baseline with the support of international regulators such as the FSB. Some countries are continuing to develop their own frameworks, and while such frameworks may converge over time, in the near term firms will need to be able to store and manipulate data flexibly so that it can be moulded to meet the needs of different jurisdictions. Indeed, sustainability data quality and coverage remain significant challenges for firms and with the use of proxy data still widespread, regulators are expected to push industry to address this in 2023.

There is divergence in the technical detail of regulatory frameworks to address sustainability, for instance in terms of how risks are captured in prudential rules, how funds are labelled, how insurance products are underwritten or offered, and what firms must disclose to the market. But the issue is fundamentally one of risk management, and to fulfil their risk management obligations, Boards need confidence that they understand their business footprint and risk exposures. This confidence will not be delivered through mere compliance with regulation, but through the development of better data, sophisticated modelling capabilities, plausible scenario analyses, and engagement with scientific expertise and judgement. The absence of harmonised rules should not be a barrier to action, and the onus will very much remain with firms to be able to meet multiple sets of expectations and reconcile them across their operations where necessary.

The need for risk management has its complement in the development of new opportunities for innovation and market development. The reallocations of capital required for the climate and nature transition are enormous, with trillions of dollars needing to be intermediated, invested, insured, and risk managed worldwide across virtually all areas of economic activity. And, put simply, the better grasp firms have of the risk environment, the better placed they will be to identify and exploit the corresponding opportunities in the years ahead.

Firms face many headwinds as we enter the new year. Our view for the last several years has been that global firms face increasing difficulties in maintaining common systems or controls across their geographic footprints as regulatory frameworks diverge. Last year confirmed our view further and, as we have suggested above, the deteriorating geopolitical situation compounds the problem. The obligation will be squarely on firms to accommodate local factors when designing and implementing processes, controls, reporting, and all manner of other requirements, with limited prospects for regulatory harmonisation.

The major challenge for the industry in the year ahead is to navigate the choppy near-term economic waters – including by engaging with supervisors in their efforts to monitor and address financial stability risks – without losing sight of the importance of the longer-term processes of change we have highlighted here, all of which demand ongoing investment. Regulation continues to be a major force that influences these trends, and a strategic view of the regulatory environment, as well as an ability to connect such a view with the review and challenge of business strategy decisions, remains an imperative for firms looking to stay at the forefront of the industry.

As ever, this global assessment provides a broad setting for our more detailed regional Regulatory Outlooks. In what follows, you will find our analysis for EMEA, but readers with an interest in understanding the landscape in APAC and the Americas can find them in the corresponding reports from our teams in those regions.