Hatstand’s Checklist for Banks and Financial Institutions in 2016
It’s a New Year and it looks set to be another busy one for the financial industry. Here at Hatstand we look at three key priorities that we believe banks and other financial institutions should be reviewing and factoring into their overall business strategies now and over the next 12 months.
1. Demonstrating cybersecurity readiness to regulators
Many industry experts predict that it is not a matter of if, but when a firm will experience a cybersecurity breach. With such a high threat, businesses must have sound governance practices in place and recognise that cybersecurity is more than just an IT-related issue.
We believe firms should be identifying their possible risks, assessing the likelihood of an event occurring and preparing their response(s). Once armed with this information, firms can then determine their risk tolerance and prioritise their cybersecurity counter-measures. This is an iterative process that will need to be continuously reviewed and updated as the cyber environment is constantly changing.
Furthermore, regulators around the globe are increasing their focus on the cybersecurity readiness of the firms they regulate, wanting to see a demonstration of preparedness through a risk assessment. By implementing the right tools, and working with the right strategic partner, businesses can perform a risk assessment and deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets current status, and gaps in its controls and processes. A baseline assessment can then be used to evolve a working plan to mitigate the gaps and demonstrate to the regulators and stakeholders that the firm is taking its cyber risk management responsibilities extremely seriously.
2. Delay or no delay – firms still need to know their state of compliance now ahead of MiFID II
Recent reports state that the EU Council is set to support MiFID II delay, but even with a delay, investment firms have a lot to do ahead of the regulation coming into force and regulators do not have time to slack off either. There are still details to clarify and technical standards to complete before transposition can start. A delay of 12 months would move the task from ‘next to impossible’ to ‘ambitious but doable’, although the regulators will not have the same flexible attitude towards delays that they would have had if the original timeline were still effective.
Unfortunately, we might have to wait a few months before we have any official statement on a new implementation deadline – although we may have some clarity towards the end of the first quarter of 2016. In any case, Level 1 Principles will not be changed; the European Parliament approved them in April 2014. It was a different parliament but any changes to Level 1 Principles would require another Act of the European Parliament that would take even longer than a vote on deferment. Every principle in Level 1 therefore stays, from the double caps to commodities position reporting, from unbundling to product governance, from best execution principles to the execution quality reports.
Whatever happens in the next few months, any financial institution that takes their foot off the gas pedal does so at its own risk. The only way financial institutions are going to attain a true risk position is to take control by using industry experts to build a comprehensive risk profile – of both new and existing risks - through detailed assessment.
When organisations are able to proactively approach the regulator with a clear, proven risk state and roadmap for achieving compliance, they will not only demonstrate a complete, 100% awareness of the state of compliance, but also demonstrate to the broader political landscape that financial institutions are committed to reducing risk and cooperating with regulators, a fact that could go some way to healing the huge trust gap that continues to hamper effective financial operation.
3. Cost savings through Blockchain
The financial industry continues to place their hopes on Blockchain, and it’s clear to see why. According to Santander InnoVentures, the disruptive technology – that underpins the Bitcoin system - has the potential to save the large investment banks $15bn-$20bn a year from banks’ costs for cross-border payments, smart contracts, AML/KYC verification, and post trade processing (like settlements), by 2022.
A consideration for Banks will be whether to join an open or closed Blockchain. Bitcoin currently operates on an open Blockchain whereby anyone can create a Bitcoin account and become part of that Blockchain, but closed Blockchains that are only open to members are being contemplated. Issues may arise from the existence of multiple closed Blockchains; the process could become inefficient because you have to find ways for the closed Blockchains to communicate and to transfer funds and securities.
We think it’s safe to say that any institution that thinks that Blockchain isn’t going to form some significant part of their operation going forward has got their head in the sand and risks being left behind their competition. At a minimum, firms should join one of the consortium groups that are out there to learn about the various use cases being discussed and analyse how it impacts their business. Firms should also look to limit the number of different solutions and try to gain consensus as an industry around the solution(s) that provide the most benefit.
Be part of the conversation
So there you have it, Cybersecurity, MiFID II and Blockchain – all three will have a substantial impact on the financial industry this year and are on the top of Hatstand's list as key 2016 initiatives.