Are we in control?
Without a healthier return on equity, many global banks are still at risk of failing
By Pierre Pourquery, EMEIA Financial Services Risk Solutions, EY
For many, the global financial crisis has never ended. Safe-haven markets like the US and UK may be contemplating a tightening cycle, but others remain firmly in the doldrums. When we think of those currently hit hardest by the crisis, we usually think of southern Europe – Greece in particular. But there is another vulnerable group, if perhaps not the most sympathetic one for the public: banks.
Spending on compliance has increased globally since the financial crisis. Some firms have to find up to $10 billion a year for this purpose – up from around $8 billion seven years ago. Added to this is the associated cost of fines from the authorities when banks get things wrong. These are always exemplary, and firms facing that scrutiny can expect charges starting at half a billion dollars, rising to tens of billions of dollars.
The pace of regulatory change in this direction shows little sign of slowing. Banks now have to contend with regulations encompassing everything from unauthorized trading to the policing of interaction with customers and the diligent setting of benchmarks.
We can track the increased burden these produce. Five years ago, banks had to report on 12 metrics for operational risk, and none for unauthorized trading and conduct. They now must report between 50 and 100 for operational risk, between 40 and 60 for trading, and 200 for conduct. These reporting and control obligations are likely to increase further.
In addition, banks must contend with the increased costs of funding associated with issuing debt in the new era of loss-absorbing capital instruments. A further burden is the increased requirement for banks to hold sufficient liquid assets to withstand a run on the institution – an important protection, but one that comes at a cost.
While operational risk and control functions are increasing in scope, so far they have not been the protection they were designed to be. Despite investments in operational risk frameworks, we have seen a proliferation of costly unauthorized trading activities and frauds, which should have been caught by the new generation of technology, such as trading surveillance solutions.
Sustainable profitability is only possible with a fundamental transformation of control and compliance.
EMEIA Financial Services Risk Solutions
Are the regulations working?
In general, risk and control culture has been too weak, and the false sense of security conferred by having more controls in place has made the situation worse. The costly investment in staff across the three lines of defense can have a deleterious effect when institutions allow silos to develop, with each responsible person expecting their colleagues with a similar job in a different business area to be vigilant instead of them. This creates duplications and gaps and militates against a single line of accountability.
With the new Senior Manager Regime implemented by March 2016, the “senior managers” (the members of the executive committee of the bank) must now demonstrate that they are in full control; not doing so could lead them to heavy fines or even jail terms.
Streamlining control and compliance
The essential dilemma faced by the banks is how to meet the requirements of the new era of regulation – inevitably, an expensive endeavor – at a time when they are implementing drastic cost-reduction programs to make their operations more profitable and sustainable on the long run.
We believe that sustainable profitability is only possible with a fundamental transformation of control and compliance. This means a streamlining approach, involving the integration of different functions such as risk, finance and compliance, as well as the integration of risk and control management processes. For example, risks and controls should also be assessed on a centralized basis, with a common process adopted for all.
Critical to this transformation is the integration not just of technology but also of people – the architecture that fosters accountability. Silos should be eradicated, and the “first line” of defense – the day-to-day business functions – cannot be allowed to delegate compliance oversight to colleagues in the compliance and audit functions.
A simpler governance approach is also needed. First, banks should be prepared to exit businesses for which control- and compliance-related activities would be too expensive. Second, the “change” governance, focusing on the implementation of new rules, and “business as usual” governance cannot be permitted to exist separately; they need to operate side by side. Only with this approach can banks hope to make themselves safer while also protecting profitability.
Pierre Pourquery is currently a Partner at EY in charge of the Control and Compliance solutions for Europe. His current focus is on supporting Investment Banks in complying with regulations and improving their control environment. Before that, Pierre was a Partner at the Boston Consulting Group where he was advising banks on their strategy and transformation agenda. Pierre was also a trader for a French bank and the global lead of Risk and Compliance solutions for IBM.
- What are the top five compliance issues facing banks? Data structure and validation; risk and financial reconciliation; capital calculation updates, risk reporting; and auditability. In this paper, we discuss those issues and how banks are handling them.