2020 was a memorable year for financial services firms around the globe. Of course, the head line event was the Covid-19 pandemic, which reconfigured the operational risk landscape overnight, and continues to shape it.
The novelty of the pandemic and its ramifications have captured the headlines. However, it could also be said that the pandemic really served to highlight lessons that both regulators and the financial services industry were already starting to take on board.
At Acin, we’ve weathered this storm side-by-side with the financial services firms who we work with in our Network, and with the national regulators, too. The result of those conversations, and our consideration of them, are five themes we feel have risen to the surface during the year we’ve all just been through, and will have a continuing impact in 2021 for us all.
- Operational resilience — The financial services industry recognized that operational resilience was not just about cybersecurity. The industry could also see that firms which had more operational resilience were more agile, too. The industry realized that the UK Financial Conduct Authority (FCA), in starting a consultation process on this topic back in 2018, had demonstrated considerable foresight. It’s clear that operational resilience is going to be a substantial topic of discussion in 2021 and beyond, as regulators around the globe move to implement their own frameworks, and boards discuss the topic from a strategic perspective.
- Data quality — As financial firms sought to understand and respond to the impact that COVID-19 was having on their business, it became clear how important good quality risk and control data is. Boards and senior managers who did not have high quality, timely risk and controls data found themselves struggling to make business decisions rapidly and with confidence. Regulators are keen for risk management teams to put data governance frameworks in place. The Basel Committee on Banking Supervision’s recent consultation paper on revisions to the Principles for the Sound Management of Operational Risk is a leading indicator here.
- Conduct risk and culture — This was already going to be a big theme in 2020, with the coming of the UK’s Senior Managers & Certification Regine (SMCR) for solo-regulated firms and a continuing focus by global regulators in this area. However, the pandemic raised new questions about how to manage conduct risk and build culture with increased levels of remote working both today and in the future. Approaches that risk teams may have used in the past – such as in-person training or signage around the office – no longer work in the same way. While it’s unlikely that offices will be abandoned completely, this is an important issue that risk teams will spend time discussing in 2021, as changes to working practices continue to unfold.
- Collaboration around non-financial risk — Perhaps it was the isolation that the pandemic inflicted that put a focus on the importance of relationships, and helped stir a longing in many for more collaboration. Certainly, regulators would like to see more collaboration both within and among financial services firms around non-financial risk measurement and management. For example, the BCBS Sound Practices for Operational Risk consultation calls out a need for benchmarking and other types of activities to develop in 2021 and beyond within the industry. There are other ways collaboration could be nurtured too – the data governance discipline tends to foster collaboration through the need to develop common understandings around data definitions, taxonomies, and processes.
- Proactive regulatory supervision — In 2020, the financial services industry learned that it is indeed possible for regulators to have better technology than the firms themselves. The US Securities and Exchange Commission (SEC) and the UK FCA are two regulators who are using technology in innovative ways. For example, the SEC now digests regulatory filings at speed, with a system that can flag up anomalies that might indicate potential risks. Both regulators are using technology to review trade data for signs of market abuse – often drawing incidents to the attention of firms, which the firms’ own technology missed. Firms are recognizing that they are entering into a new era of supervision by regulators, fuelled by SupTech, which could be particularly good at flagging certain types of operational risks.
We’ve watched these themes develop with interest, and have no doubt that 2021 will see them continue to evolve. With that will come significant change for the operational risk, as new ways of seeing, understanding and managing risk transform the discipline.