The market for monitoring personnel and technology solutions is clearly very strong right now and it would be hard to not deduce that this has been driven by a renewed interest in compliant recordkeeping off the back of a brutal two years of enforcement action from US regulators.
The mood at a packed venue was not negative despite this, but attendees were treated to a healthy dose of caution from regulators as the macroeconomic and geopolitical environment combine to create a precarious time ahead for finance and the world in general.
AI was, not surprisingly, on everyone’s lips; there was excitement at its potential but no real answers as to how to unlock that safely. Conjecture still persists on how to make the three lines of defense as effective and efficient as possible, with the usual conclusion that all are different (due to legacy, compliance culture, budget, data governance and risk assessment) and so a consistent, unified approach and model across the industry is never going to be a reality.
Three lines
Progress was evident in terms of collaboration between the three lines, the ability to capture and ingest more data types from the ever-growing communications channels, and more scrutiny of opaque asset classes from a trade perspective.
Regulators also signalled a fresh approach to connecting with the industry by listening more and revealing their priorities – the watchword was pragmatism. They were careful to warn against too much prescription and the sense was the firms still need to think about regulation, the risks and their own business rather than rely on a one-size-fits-all regulatory approach.
Sheree Howard, Executive Director, Risk & Compliance Oversight at the FCA, started the two days with a keynote, ‘Building firm foundations for healthy cultures’. The highlights of the speech were:
- Heightened financial pressures mean making careful judgements around risk but should not mean dropping standards.
- A firm’s three lines of defense should be separate but cohesive.
- Creating a culture of fearlessness, not fear, where employees can speak up and employers listen up is vital for healthy cultures.
- An organisation with a lack of diversity, equity and inclusion is at much greater risk of not having a healthy culture.
Concentration a key concern
One passage in particular from the speech bears serious consideration. “One of our key current concerns is how concentration kills – particularly when it is unintended. Often these things emerge in moments of market strain. In the last 18 months, for example, we have had issues where banks didn’t know that some of their counterparties were in fact related (concentration); or that their counterparties had huge exposure to other banks too (concentration); or where firms had underestimated the extent to which specific markets were made up of similar actors with similar incentives (concentration), so that when one stopped buying they might all stop.
“The examples of Archegos and the LDI pensions shock spring to mind. There is also an enormous risk when we concentrate only on our own firm and its culture and practice without realising what may be playing out or potentially waiting in the wings elsewhere.
“We have also seen how different types of risk can transform. What may start as conduct, operational, or reputational risk can swiftly transform into liquidity or solvency risk. And in the event of liquidity or solvency challenges … there are often new conduct, operational or reputational challenges to manage. Very simply, risk upon risk upon risk. And if you haven’t updated your stress assumptions in the last 18 months – it is time to do so!”
GRIP comment
Markets and behaviour do not stop evolving – the collapse of Silicon Valley Bank was another example of concentration risk and presented a new challenge as digital access can enable an instant reversal of fortune for institutions. Technology further complicates this through the advances in AI and the reliance on social media. A static and blinkered view of risk can be fatal when there is so much changing.