Financial sector regulation continues to evolve as regulators react both to current events, such as the on-going impacts of the COVID-19 pandemic and the UK leaving the EU, and to emerging concerns, such as climate change and diversity.
There are common themes in global regulators' workplans — see Global regulatory themes — while the European Commission is looking to improve EU-wide regulation and supervision.
The impact of the resurgence of the pandemic in the winter of 2020/21 features heavily in the first joint European Supervisory Authorities' (ESAs') risk assessment report of 2021. The report recognises that the financial sector has so far proved financially resilient to the pandemic, but notes that the longer it continues, the more likely it is that there will be spill-over effects from the real economy into the financial sector. Also, the ESAs remain concerned that macro-economic uncertainty is not reflected in asset valuations and market volatility. Therefore, they warn that:
- Financial institutions and supervisors should be prepared for an expected deterioration of asset quality
- Supervisors, policymakers and financial institutions should continue to develop further actions to accommodate a “low-for-long” interest rate environment and its risks
- Notwithstanding the importance of continued lending in the crisis, banks should ensure sound lending practices and adequate pricing of risks
- Financial institutions should continue to follow conservative policies on dividends and share buy-backs
- Investment funds should further enhance their preparedness in the face of potential increases in redemptions and valuation shocks
The report also notes that major economic disruption and negative impact to the financial markets was avoided at the end of the UK transition period out of the EU, in part due to the trade deal and also to the preparations undertaken by regulators and market participants. However, uncertainty persists as the relationship between the EU and the UK evolves — see The EU-UK relationship evolves.
Operational resilience remains high on the regulatory agenda. Negotiations continue on the proposed EU Digital Operational Resilience Regulation (DORA). Where supervisory responsibility falls is just one aspect under discussion. In March 2021, the UK regulators issued (PDF 873 KB) final policy and supervisory statements for (i) the operational resilience of regulated firms and financial market infrastructure providers (FMIs) and (ii) outsourcing and third-party risk management. Days later, the Basel Committee on Banking Supervision (BCBS) published its final principles for operational resilience.
The continuing money laundering and terrorist financing (ML/CTF) risks across the EU are highlighted in the EBA's biennial opinion. The report highlights that either the lack of a harmonised framework or the narrow scope of existing AML/CFT regulation is contributing to rising risks in virtual currencies, and in the provision of financial products and services through FinTech firms and crowdfunding service providers. Risks such as those associated with remote client on-boarding have surfaced during the pandemic and need to be managed correctly. Firms' attempts to de-risk their operations by terminating relationships with customers they associate with higher levels of ML/CFT risk may force these customers to use alternative, less well-monitored channels for payments leading to higher risk in the system overall.
The regulatory focus on climate change and wider sustainability issues continues to grow around the globe — see The growing pursuit of sustainability. The US has joined the regulatory debate. On 31 March 2021, US Treasury Secretary, Janet Yellen chaired her first meeting of the Financial Stability Oversight Council. The meeting's agenda included a public discussion on climate change, during which Yellen called climate change an existential threat and the biggest emerging risk to the health of the US financial system, pledging to marshal regulatory forces to guard against its harmful effects.
Within the wider panoply of sustainability issues, an increasing number of European regulators are focusing on the need for improvements in diversity and inclusion in regulated firms, with potential measures including increased transparency and minimum diversity thresholds — see Diversity: a social and regulatory concern.
UK operational resilience policy aims to ensure that firms and FMIs plan appropriately and deliver improvements to their operational resilience so that they can respond effectively to disruptions (including multiple concurrent disruptions) to their most important business services — those with the greatest potential to cause financial instability or customer detriment. The authorities expect best practice to develop over time but encourage firms and FMIs to view the current policy as a minimum standard and to develop an approach that is proportionate to their size, scale, and complexity. A three-year implementation period will start on 31 March 2022, by when firms and FMIs will be expected to have identified and mapped their important business services, defined impact tolerances and commenced a programme of scenario testing. They should also have a prioritised plan setting out how they intend to comply with the requirements. Outsourcing arrangements entered into on or after 31 March 2021 should meet supervisory expectations by 31 March 2022, and earlier agreements should be reviewed at the first appropriate contractual renewal or revision point.
UK policy implements the European Banking Authority (EBA) Guidelines on outsourcing, with added expectations around data security and business continuity and exit plans, and relevant sections of the EBA Guidelines on ICT Security and Risk Management. The European Insurance and Occupational Pensions Authority (EIOPA) Cloud and ICT Guidelines and the European Securities and Markets Authority (ESMA) Guidelines on outsourcing to cloud providers have not been formally implemented as they were not complete at the end of the transition period, but have been considered. The policy for FMIs builds on the requirements of the European Markets Infrastructure Regulation (EMIR) and associated regulatory technical standards. The UK regulators also note that the final policy statements are intended to be fully compatible with the BCBS principles.